This is very similar to what TSL accomplishes with x509 certificates. There is a slight difference, the server does not own a public key for each client: it verifies that the client owns an x509 certificate signed by the correct certification authority. So no need to store public keys. in any case AFAIK in public/private key algorithms the private key always allows generation of the corresponding public key, not the contrary of course.
To accomplish what you need in the simplest way you have to: - create a certification authority with self signed certificate - create certificate for you webserver signed with the private key of the certification authority above. - configure your webserver to require a client certificate (with rocket look at --ca-cert option) - In case you need to know some infos about the connecting client as reported in its certificate you can use x509_auth.py to use x509 authentication and configure your REST action with @auth.requires_login(). This will give you access to information contained in the certificate such common name or serial id. To customize you can extend the X509_Auth class. To generate test certificates fast you can use simpatica as Derek correctly suggests. mic Il giorno martedì 24 luglio 2012 10:33:48 UTC+2, Amit ha scritto: > > Hi, > I have to provide public/private key authentication for accessing web > service (REST) from client in my web2py application.How to achieve it? > > Scenario: > 1.Each client will have unique private key which will be sent to the > server alongwith request. > 2. Server has to authenticate private key using public key(unique for each > client) and then allow to access the web service method. For e.g. suppose > one client say X has requested for web service "add()" so server has to > first validate the public key with client's private key and if validation > is successful then allow to access the web service "add()". > > Challenges: > where to store public key of each client?we can't store it in the db > because server can't access db before validation of web service method.So > will it be store somewhere in PC(where server is running)?if yes then how > and which format? > > > NOTE: Here Server will be completely written in web2py and client is > separate application running on the hardware device. > > --
