README
1This is release 2.3 of the KeyNote trust management library reference
2implementation (in case you are wondering, there was never an official 1.0
3release).
4
5For details on the KeyNote spec, read RFC 2704, included in this distribution
6(in the doc/ directory).
7
8To build the distribution, just type "./configure" and then "make" or
9"make crypt". To test the distribution, type "make test". The query should
10evaluate to "true" (look at the last line of output). To build without
11crypto support, use "make nocrypto" instead (you still need to run
12"configure"). If you have built crypto support, "make test-sig" will run
13some more tests on the cryptographic algorithms.
14
15A sample application is provided in sample-app.c. To build it, use
16"make test-sample".
17
18Compile tips:
19- You need the SSLeay/OpenSSL library if you compile with crypto
20 (default), version 0.8.1b or later. OpenSSL can be found at:
21 http://www.openssl.org/
22
23The Makefile creates the libkeynote.a library and the keynote program.
24*** Notice that the 4 programs of previous releases have been folded into one
25
26There is a man page for the library calls (keynote.3) and one for the command
27line tool (keynote.1), in the man/ directory. There is also a man page
28about KeyNote itself (keynote.4) and one about assertion syntax
29(keynote.5) which contain some text from the spec.
30
31To view them, use:
32
33 nroff -mandoc keynote.1 | more
34 nroff -mandoc keynote.3 | more
35 nroff -mandoc keynote.4 | more
36 nroff -mandoc keynote.5 | more
37
38Alternatively, you can just install them in your manpath. If your
39nroff does not support the -mandoc flag, use -man instead. For those
40systems that do not have nroff, the text version of the man pages are
41provided as well (the files with .cat? suffixes in the same directory).
42
43The "keynote verify" function can be used to verify a request, given a
44set of assertions and an environment file. The directory testsuite/
45has some examples assertions. The "keynote keygen" function can
46be used to generate keys. The "keynote sign" and "keynote sigver" can be
47used to sign assertions, and verify signed assertions respectively.
48
49The file base64.c was taken from the OpenBSD libc and was slightly
50modified.
51
52Read the TODO file to see what's missing (and eventually coming).
53
54When in doubt on how to use a library call (despite the man pages),
55consult the implementation of the various utilities.
56
57For any questions, comments, bug reports, praise, or anything else,
58contact us at keynote@research.att.com
59
60There is also a users mailing list at keynote-users@nsa.research.att.com
61To subscribe, send a message to majordomo@nsa.research.att.com with the word
62"subscribe keynote-users" (without the quotes) in the message body.
63
64Finally, there is a web page for KeyNote at
65 http://www.cis.upenn.edu/~keynote
66
67Angelos D. Keromytis
68