Difference between revisions of "Secure User Identification"

From AMule Project FAQ
Jump to: navigation, search
m (Adjusted Links, Added Version-Tag)
m (Adjusted Links)
Line 3: Line 3:
 
== What is Secure User Identification (SUI) ? ==
 
== What is Secure User Identification (SUI) ? ==
 
[[Client|Clients]] in the network are identified by a unique value called [[Userhash|user hash]]. This user hash is stored in the ''preferences.dat'' file and is used to grant earned [[FAQ_eD2k-Kademlia#What_is_all_that_credits,_rate_and_score_stuff_about?|credits]] with other users.
 
[[Client|Clients]] in the network are identified by a unique value called [[Userhash|user hash]]. This user hash is stored in the ''preferences.dat'' file and is used to grant earned [[FAQ_eD2k-Kademlia#What_is_all_that_credits,_rate_and_score_stuff_about?|credits]] with other users.
[[AMule Project FAQ:About|aMule]] (like [[eMule]]) can use an asymmetric encryption to avoid exploiting or manipulating other user hash values. The method uses a private and a public key to ensure a correct and unique identification on other clients.
+
[[aMule]] (like [[eMule]]) can use an asymmetric encryption to avoid exploiting or manipulating other user hash values. The method uses a private and a public key to ensure a correct and unique identification on other clients.
  
Secure User Identification can be turned on in Preferences -> Connection (since [[AMule Project FAQ:About|aMule]] 2.x, version 2.0.3 has it under Preferences -> Security). It is recommended to use it.
+
Secure User Identification can be turned on in Preferences -> Connection (since [[aMule]] 2.x, version 2.0.3 has it under Preferences -> Security). It is recommended to use it.
  
 
== The identification process ==
 
== The identification process ==
 
The following describes how two [[client]]s supporting SUI identify each other. If the identification fails, the [[client]] which detects the failure should ban the other [[client]].
 
The following describes how two [[client]]s supporting SUI identify each other. If the identification fails, the [[client]] which detects the failure should ban the other [[client]].
  
== First [[AMule Project FAQ:About|aMule]] start ==
+
== First [[aMule]] start ==
When you start [[AMule Project FAQ:About|aMule]] for the first time, it will create a 384-bit [http://en.wikipedia.org/wiki/RSA RSA] private key (which will be stored in ''cryptkey.dat''). This file should be kept forever, since losing it will make you lose all your credits.
+
When you start [[aMule]] for the first time, it will create a 384-bit [http://en.wikipedia.org/wiki/RSA RSA] private key (which will be stored in ''cryptkey.dat''). This file should be kept forever, since losing it will make you lose all your credits.
  
 
== First meeting ==
 
== First meeting ==
When [[AMule Project FAQ:About|aMule]] connects to a client supporting SUI, it expects this client to send it's public key (it's user hash) along with a random number, while [[AMule Project FAQ:About|aMule]] will do right the same. If the public key it gets is unknown, it will stored it in ''clients.met'' (only the public key, not the random number) so that it will be possible to identify that [[client]] next time it meets it.
+
When [[aMule]] connects to a client supporting SUI, it expects this client to send it's public key (it's user hash) along with a random number, while [[aMule]] will do right the same. If the public key it gets is unknown, it will stored it in ''clients.met'' (only the public key, not the random number) so that it will be possible to identify that [[client]] next time it meets it.
  
 
== Identificating ==
 
== Identificating ==
Line 28: Line 28:
 
== Version ==
 
== Version ==
 
Created by "Unknown User" on 03.05.04 at 18:10<br>
 
Created by "Unknown User" on 03.05.04 at 18:10<br>
Updated by Vollstrecker on 22.01.08 | at 10:00
+
Updated by Vollstrecker on 22.01.08 | at 12:07

Revision as of 12:07, 22 January 2008

English | German

What is Secure User Identification (SUI) ?

Clients in the network are identified by a unique value called user hash. This user hash is stored in the preferences.dat file and is used to grant earned credits with other users. aMule (like eMule) can use an asymmetric encryption to avoid exploiting or manipulating other user hash values. The method uses a private and a public key to ensure a correct and unique identification on other clients.

Secure User Identification can be turned on in Preferences -> Connection (since aMule 2.x, version 2.0.3 has it under Preferences -> Security). It is recommended to use it.

The identification process

The following describes how two clients supporting SUI identify each other. If the identification fails, the client which detects the failure should ban the other client.

First aMule start

When you start aMule for the first time, it will create a 384-bit RSA private key (which will be stored in cryptkey.dat). This file should be kept forever, since losing it will make you lose all your credits.

First meeting

When aMule connects to a client supporting SUI, it expects this client to send it's public key (it's user hash) along with a random number, while aMule will do right the same. If the public key it gets is unknown, it will stored it in clients.met (only the public key, not the random number) so that it will be possible to identify that client next time it meets it.

Identificating

When a client wants to identify in another client, it will send to this latter client a digital signature created from it's own private key, the public key of the other client and the random value the other client sent.

The other client will do the same.

Validating an identification

When the remote client get's this signature, it will check if it is created from the your public key and the random value it sent, and then check if it suits it's own private key. If both checks succeed, your client will be successfully identified on that client.

Of course, your client will do exactly the same with the digital signature it gets from the remote client.

Version

Created by "Unknown User" on 03.05.04 at 18:10
Updated by Vollstrecker on 22.01.08 | at 12:07