############################################################################# # # OpenSLP SPI file # # Security Parameter Index (SPI) is an unformated string that us used # by SLP to identify security information used to authenticate SLPv2 # message. See RFC 2608 for more information. # # Format and contents conform of this file are specific to the OpenSLP # implementation of SLPv2 authentication. See comments below for more # explaination of the file format. # # NOTE: OpenSLP only supports DSA keys!!! # ############################################################################# # #------------- # File format: #------------- # Each line of this file maps an SPI string to a PEM encoded key file. # # # # #-------------- # PRIVATE key: #-------------- # The PRIVATE key line specifies the location of a key file that contains # a PEM encoded DSA private key for the given SPI. The PRIVATE key is used # for signing SLP messages that are sent the SA/DA on this host. # # A PRIVATE key entry is not required. If the PRIVATE key entry does not # exist, then SLP messages sent by this host will not be signed. Since UAs # do not have to sign any messages, it is often advantageous to # specifically omit the PRIVATE entry on hosts that do not act as an SA or # DA. # # ***IMPORTANT*** # Only one PRIVATE key is recognized by the implementation. If there is # more than one private key then only the key designated by the first PRIVATE # entry in this file will be used. # # The following is a commented example of a PRIVATE entry: # # PRIVATE myprivateslpkey /etc/secure/myprivateslpkey.pem # # #-------------- # PUBLIC keys: #-------------- # The PUBLIC key line specifies the location of a key file that contains a # PEM encoded DSA public key. This key is used for verifying messages sent # by other SLP agents # # At least one PUBLIC key entry on all hosts is required for proper # operation of of secure OpenSLP. It is possible that more than one entry # will be needed in order to verify signatures if for some reason (that I # can't imagine right now) you have configured SAs and DAs with a variety of # PRIVATE keys. # # The following is a commented example of a PUBLIC entry: # # PUBLIC mypublicslpkey /etc/secure/mypublicslpkey.pem # #----------------------- # PEM encoded key files #----------------------- # PEM encoded key files can be generated using OpenSSL or tools included with # OpenSLP. # # #------------ # Final Note #------------ # Unless you really know what you're doing, you should probably read the # more detailed documentation at http://www.openslp.org BEFORE setting up # SLP security