Difference between revisions of "Secure User Identification"
|  (=What is Secure User Identification (SUI) ?=) | m (=What is Secure User Identification (SUI) ?=) | ||
| Line 1: | Line 1: | ||
| == What is Secure User Identification (SUI) ? == | == What is Secure User Identification (SUI) ? == | ||
| − | [[Client|Clients]] in the network are identified by a unique value called [Userhash|user hash]. This user hash is stored in the ''preferences.dat'' file and is used to grant earned [[FAQ_eD2k-Kademlia#What_is_all_that_credits,_rate_and_score_stuff_about?|credits]] with other users. | + | [[Client|Clients]] in the network are identified by a unique value called [[Userhash|user hash]]. This user hash is stored in the ''preferences.dat'' file and is used to grant earned [[FAQ_eD2k-Kademlia#What_is_all_that_credits,_rate_and_score_stuff_about?|credits]] with other users. | 
| [[aMule]] (like [[eMule]]) can use an asymmetric encryption to avoid exploiting or manipulating other user hash values. The method uses a private and a public key to ensure a correct and unique identification on other clients. | [[aMule]] (like [[eMule]]) can use an asymmetric encryption to avoid exploiting or manipulating other user hash values. The method uses a private and a public key to ensure a correct and unique identification on other clients. | ||
Revision as of 02:00, 11 June 2005
Contents
What is Secure User Identification (SUI) ?
Clients in the network are identified by a unique value called user hash. This user hash is stored in the preferences.dat file and is used to grant earned credits with other users. aMule (like eMule) can use an asymmetric encryption to avoid exploiting or manipulating other user hash values. The method uses a private and a public key to ensure a correct and unique identification on other clients.
Secure User Identification can be turned on in Preferences -> Connection (since aMule 2.x). It is recommended to use it.
The identification process
The following describes how two clients supporting SUI identify each other. If the identification fails, the client which detects the failure should ban the other client.
First aMule start
When you start aMule for the first time, it will create a 384-bit RSA private key (which will be stored in cryptkey.dat). This file should be kept forever, since loosing it will make you loose all your credits.
First meeting
When aMule connects to a client supporting SUI, it expects this client to send it's public key (it's user hash) along with a random number, while aMule will do right the same. If the public key it gets is unknown, it will stored it in clients.met (only the public key, not the random number) so that it will be possible to identify that client next time it meets it.
Identificating
When a client wants to identify in another client, it will send to this latter client a digital signature created from it's own private key, the public key of the other client and the random value the other client sent.
The other client will do the same.
Validating an identification
When the remote client get's this signature, it will check if it is created from the your public key and the random value it sent, and then check if it suits it's own private key. If both checks succeed, your client will be successfully identified on that client.
Of course, your client will do exactly the same with the digital signature it gets fromthe remote client.
