Skip to content
Snippets Groups Projects
Verified Commit 665c013c authored by Tobias Triffterer's avatar Tobias Triffterer :house_with_garden:
Browse files

Add Reamde for Library Crypto Directory

Contains a brief explanation and warns against using development
certificates in a production build.
parent 4f482b4b
No related branches found
No related tags found
No related merge requests found
Pipeline #3141 passed with stage
in 43 seconds
# Fp311Online Cryptography Setup
## Introduction
The connection between client and server is encrypted using common cryptographic protocols.
As this is communication between two custom applications and not a general-purpose webbrowser and a general-purpose server, and the client will only ever connect to the servers operated by a single organization (the university) instead of any server anywhere on the internet, the usual system of certificates signed by publicly trusted certificate authorities is bypassed.
Instead, self-signed certificates are used and the common library of client and server collects all those self-signed certificates that the client will trust.
The server has to use one of the certificates that the client trusts.
## Development Certificates
For the purpose of developing and tesing the application, the certificate `devel.pem` is added here.
The corresponding private key is not kept private but intentionally added to the server repository.
The CMake option `-DENABLE_DEVEL_CERTIFICATES` controls whether this certificate is trusted by a client.
:warning: Never enable this on builds used for production!
## Production Certificates
To be added later...
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment