Raven Keys

Raven Keys

Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available here and should be stored (under the same name(s) and un-edited) wherever the AA expects to find them. Keys are available in two formats - either as a PEM formated PKCS#1 RSA public keys (in files named pubkey<n>) or as a self-signed x509 certificate (in files named pubkey<n>.crt). The certificate format isn't any more secure, it's just that it is an easier format for some AA's to utilise. An AA will only need keys in one of these formats and the AA documentation should make it clear which. Beware that browsers may add .txt or similar to filenames when downloading them, and some operating systems may subsequently hide this additional suffix leading to significant confusion.

The Raven servers are currently (August 2004) using key 2 to sign responses, so you need to download and install pubkey2 and/or pubkey2.crt as appropriate. Any older keys must be deleted.

Of course you should be careful to only install keys that you have validated in some way, since forged keys can undermine the security of Raven. MD5 checksums of the current Raven key files are:

084668f1b3806846168c591f1c210b76  pubkey2
9eadb8dc6b8e670e4990855a1411e7cd  pubkey2.crt

though of course this page could be forged too...

Icon  Name                    Last modified      Size  Description
[DIR] Parent Directory - [   ] pubkey2 13-Oct-2009 11:11 251 [   ] pubkey2.crt 13-Oct-2009 11:11 1.3K
Apache/2.2.3 (Linux/SUSE) Server at raven.cam.ac.uk Port 443