Secure Policy ============= Security policy determines what encryption and signature algorithms is applied to messages. The list of security policies that can be used by the server or client is defined in the configuration file. None ---- Secure policy None does not apply any protection to messages. Use this secure policy only for testing purposes. The following example shows how to configure client with ability to communicate with server without encryption: .. literalinclude:: examples/client/client_connect.lua :language: lua `Full source <_static/client/client_connect.lua>`__ Basic128Rsa15 -------------------------- Secure policy Basic128Rsa15 applies the next algorithms to messages: - Asymmetric encryption RSAES-PKCS1-v1_5 with key size 1024 or 2048 bits. - Asymmetric signature algorithm RSASSA-PKCS1-v1_5 with SHA-1 hash function - Symmetric encryption AES-128-CBC .. warning:: This policy is considered as deprecated and should be used only for compatibility with old systems. The next example shows how to configure Basic128Rsa15 secure policy .. literalinclude:: examples/client/policy_basic128rsa15.lua :language: lua :lines: 5-22 `Full source <_static/client/policy_basic128rsa15.lua>`__ Aes128_Sha256_RsaOaep --------------------- Secure policy Aes128_Sha256_RsaOaep applies the next algorithms to messages: - Asymmetric encryption RSAES-OAEP wirh SHA-1 hash function. - Asymmetric signature algorithm RSASSA-PKCS1-v1_5 with SHA2-256 hash function - Symmetric encryption AES-128-CBC The next example shows how to configure Aes128_Sha256_RsaOaep secure policy .. literalinclude:: examples/client/policy_aes128_sha256_rsaoaep.lua :language: lua :lines: 5-22 `Full source <_static/client/policy_aes128_sha256_rsaoaep.lua>`__ Basic256Sha256 -------------- Secure policy Basic256Sha256 applies the next algorithms to messages: - Asymmetric encryption RSAES-OAEP wirh SHA-1 hash function. - Asymmetric signature algorithm RSASSA-PKCS1-v1_5 with SHA2-256 hash function - Symmetric encryption AES-128-CBC The next example shows how to configure Basic256Sha256 secure policy .. literalinclude:: examples/client/policy_basic256sha256.lua :language: lua :lines: 5-22 `Full source <_static/client/policy_basic256sha256.lua>`__ Establishing secure connection ------------------------------ When client connects to server it must open secure channel and specify a secure policy to use. To discover exact secure policy parameters client can use a GetEndpoints request. In response on GetEndpoints request the server will return all known endpoints with applicable secure policies. The following example shows how to discover an endpoint with secure policy Basic128Rsa15: .. literalinclude:: examples/client/policy_basic128rsa15.lua :language: lua :lines: 24-59 `Full source <_static/client/policy_basic128rsa15.lua>`__