Next: , Up: PSK authentication   [Contents][Index]


4.3.1.1 Authentication using PSK

Authentication using Pre-shared keys is a method to authenticate using usernames and binary keys. This protocol avoids making use of public key infrastructure and expensive calculations, thus it is suitable for constraint clients. It is available under all TLS protocol versions.

The implementation in GnuTLS is based on [TLSPSK]. The supported PSK key exchange methods are:

PSK:

Authentication using the PSK protocol (no forward secrecy).

DHE-PSK:

Authentication using the PSK protocol and Diffie-Hellman key exchange. This method offers perfect forward secrecy.

ECDHE-PSK:

Authentication using the PSK protocol and Elliptic curve Diffie-Hellman key exchange. This method offers perfect forward secrecy.

RSA-PSK:

Authentication using the PSK protocol for the client and an RSA certificate for the server. This is not available under TLS 1.3.

Helper functions to generate and maintain PSK keys are also included in GnuTLS.

int gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size)
int gnutls_hex_encode (const gnutls_datum_t * data, char * result, size_t * result_size)
int gnutls_hex_decode (const gnutls_datum_t * hex_data, void * result, size_t * result_size)