FreenetWiki : FreenetKSKPages

HomePage :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

Keyword-Signed Keys


Keyword-Signed Keys (KSKs) allow you to save named pages in Freenet. They are not secure against spamming or name hijacking. Several people could each insert a different file to Freenet, all with the same address. There is a collision detection, which tries to prevent overwriting of a once-inserted page. A KSK address looks like this:

http://127.0.0.1:8888/KSK@myfile.txt

The KSK description should not contain slashes, just as with other keys (slashes are used to denote Manifests or Containers).

A KSK address can a redirection to a CHK address, or it can contain the file itself. As at April 2006, the telnet interface to Freenet couldn't insert plain KSK files, so we can use fntool to see how it works.

Adding a plain KSK file to Freenet


  1. Go to the fntool lib directory where the fntool.jar file is.
  2. Create a file called myindex.html.
  3. Run this command:
    java -jar fntool.jar --put --file myindex.html --key "KSK@myindex.html"
  4. Wait a minute or so and it should say:
    URI Generated: freenet:KSK@myindex.html
    Put Successful!
  5. Now you can check the file exists by visiting
    http://127.0.0.1:8888/KSK@myindex.html

Adding a redirecting KSK to Freenet


A redirecting KSK is like a user-friendly shortcut name to a CHK address that is already in Freenet.

  1. Connect to the Freenet telnet interface by running this at a command line:
    telnet localhost 2323
  2. Create some CHK content by typing something like this:
    PUTFILE:/home/user/public_html/index.html
    It should generate something like following URI:
    CHK@r7YQQLzC07JIpkK2voJYdvpSOZVLeurgbN7pz2BTaoo,nVf7UJUr7bFLaIeAV0tl19GyNNizVHSAdduzg92n2Wo,AAEC--8
  3. If we wanted to remap the CHK address created above to KSK@pvt.html, then the following command would need to be typed:
    PUTSSK:KSK@pvt.html;CHK@r7YQQLzC07...n2Wo,AAEC--8 (snipped for brevity)
    You don't need MAKESSK for this. The public key is derived from the hash of the KSK description.
  4. Fetch the content by typing this:
    GET:KSK@someexample
    or this:
    GETFILE:KSK@someexample
  5. Exit the telnet console by pressing Crtl-] and pressing Enter, then typing quit and presing Enter.

Retrieving Content


Fetching the KSK content is FAR simpler as URLs are shorter. Here's how we could use the Freenet telnet interface to fetch the content created above via the PUTSSK: KSK@ command issued above:
GET:ksk@pvt.html
or
GETFILE:ksk@pvt.html

Or in a standard web browser:
http://127.0.0.1:8888/KSK@pvt.html

How KSKs work


  1. The file description (e.g. mysite/foobar/file.txt) is used to generate a cryptographic public/private keypair, and a symmetric encryption key. This is done deterministically; this means that give the same file description, anyone will always be able to generate the same keypair.
  2. The public half of the keypair is stored with the data. This is used to verify the data.
  3. The symmetric encryption key is used to encrypt the file itself. This is so a Freenet user can plausibly deny knowledge of having this file in their cache, because if they don't know the file description, and thus the decryption key, they can't retrieve the file.
  4. The private half of the keypair is used to sign the file. Thus, it is only possible to write the file data if you know the file description, but it can be fetched, and verified, by only the hash of the public key.
  5. To retrieve the file, someone only needs to know the file description, since the decrypting key and the file's index can be derived from this.
Page History :: 2006-04-12 19:08:16 XML :: Owner: SleoN :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.2
Page was generated in 0.0502 seconds