Enabling security

jSLP uses the standard SLP security mechanism with SPIs and Authentication Blocks. To enable security, one has to create a public / private key pair to use with the jSLP peers. This can be done by using OpenSSL . Generally, jSLP supports BSD 0x0002, DSA keys. Java requires the keys to be in DER format. In the Unix world, the PEM format is more common but every PEM encoded key can be transformed into a DER key by performing the last step of the example below. This is particularly required if there are already security enabled OpenSLP DAs in the network and jSLP peers need to access their services.

The following example creates a public / private key pair that can be used with jSLP and OpenSLP Directory Agents:

First, create a new private key in PEM format and remove the passphrase:

openssl dsaparam -out dsap.pem 1024 
openssl gendsa -des -out private_key_with_pw.pem dsap.pem
openssl dsa -in private_key:with_pw.pem -out private_key.pem

Then, create a public key from the private key:
openssl dsa -in private_key.pem -pubout -out public_key.pem 

These keys can be used with OpenSLP, for Java, we need to convert them to DER format:
openssl dsa -in public_key.pem -inform PEM -pubin -outform DER -out public_key.der
openssl pkcs8 -nocrypt -in private_key.pem -inform PEM -topk8 -outform DER -out private_key.der

The DER format keys can be used with jSLP. One has to define an SPI which is in an identifier for a public/private key pair.
We set net.slp.spi to e.g., mySlp and register the keys by setting net.slp.privateKey.mySlp and net.slp.publicKey.mySlp to the files where your DER keys are stored. Don't forget to set net.slp.securityEnabled to true and the jSLP peer will use security. If OpenSLP DAs are used, register the PEM format keys with the DA or the jSLP peer will not be able to communicate with the DA.