jSLP uses the standard SLP security mechanism with SPIs and Authentication Blocks. To enable security, one has to create a public / private key pair to use with the jSLP peers. This can be done by using OpenSSL
. Generally, jSLP supports BSD 0x0002, DSA keys. Java requires the keys to be in DER
format. In the Unix world, the PEM
format is more common but every PEM
encoded key can be transformed into a DER
key by performing the last step of the example below. This is particularly required if there are already security enabled OpenSLP DAs in the network and jSLP peers need to access their services.
The following example creates a public / private key pair that can be used with jSLP and OpenSLP Directory Agents:
First, create a new private key in PEM format and remove the passphrase:
openssl dsaparam -out dsap.pem 1024 openssl gendsa -des -out private_key_with_pw.pem dsap.pem openssl dsa -in private_key:with_pw.pem -out private_key.pem
openssl dsa -in private_key.pem -pubout -out public_key.pem
openssl dsa -in public_key.pem -inform PEM -pubin -outform DER -out public_key.der openssl pkcs8 -nocrypt -in private_key.pem -inform PEM -topk8 -outform DER -out private_key.der
net.slp.spito e.g., mySlp and register the keys by setting
net.slp.publicKey.mySlpto the files where your DER keys are stored. Don't forget to set
net.slp.securityEnabledto true and the jSLP peer will use security. If OpenSLP DAs are used, register the PEM format keys with the DA or the jSLP peer will not be able to communicate with the DA.