6 Using PGP
Ensemble supports the use of PGP for authenticating members of
groups. This work is complete, and several papers have been
pusblished with our results. We do not guarantee bullet proof
security, however, we do not know of any remaining security bugs.
All the Ensemble demo
applications support the use of PGP, including mtalk,
wbml, and ensemble.
These are the instructions for using PGP. Note that PGP is
supported for all platforms.
-
The pgp binary must be in your path. Ensemble executes PGP
as a subprocess for authenticating remote members. If you do not yet
have a PGP keyring, read the PGP documentation on how to set all this
up.
-
You must set the PGPPASS environment variable to contain your
secret key pass phrase. See the PGP documentation for more
information.
-
-pgp user : command line argument. This tells Ensemble what
this user's name is for PGP other processes will use this name to
select the public key to use for authenticating you.
-
-key sharedkey: command line argument. This sets the shared
key conversation key that Ensemble will use initially. It should
be at least 32 characters long.
-
-add_prop Auth: command line argument. This adds the
Auth property to the default Ensemble properties. This then
causes the EXCHANGE protocol to be used in the protocol stack
for exchanging shared keys.
Now when you run an application only members that start with the same
shared key or who can authenticate each other through PGP will
merge into the same group.
If you run into problems, you can access PGP's debugging output
through the additional command-line arguments, -trace PGP.