Skip to content

NAME

dtka - Delay-Tolerant Key Administration (DTKA) daemon

SYNOPSIS

dtka

dtka is a delay-tolerant public key infrastructure (PKI) system, built on the Trusted Collective (TC) application framework. Each DTKA daemon generates public/private key pairs and uses the TC framework to distribute public keys securely and to receive the public keys generated and distributed by other DTKA daemons. For an overview of TC, see the tc(3) manual page.

DESCRIPTION

The DTKA system provides a trustworthy mechanism for delay-tolerant distribution of public keys, enabling ION's BP and LTP implementations to utilize asymmetric cryptography to ensure the integrity and/or confidentiality of data exchange as necessary. (Discussion of asymmetric cryptography is beyond the scope of this manual page.)

A central principle of DTKA is that keys have effective times which condition their applicability. For example, the public key that must be used to encrypt a bundle payload destined for a given node is the public key (asserted by that node) whose associated effective time is greatest among all of that node's public keys whose associated effective times are less than or equal to the creation time of the bundle. Effective times enable keys to be distributed far in advance of the times at which they will be used, which is what makes DTKA delay-tolerant: when the time arrives at which a node needs a given key, the key is already in place.

The dtka daemon is responsible for periodically generating, on behalf of a given DTN node, public/private key pairs that will be effective at times in the future.

The first public key generated by a given DTN node's dtka daemon is distributed by means of an application-specific DTKA initialization procedure. The procedure may be an out-of-band mechanism by which the initializing node's public key is generated and submitted to the DTKA authority while the user node is under the physical control of the DTKA authority's administrator. Alternatively, the initializing node's public key may be submitted to the DTKA authority by some other DTN node whose dtka daemon is known to the DTKA authority and is trusted, in which case that node utilizes the TC framework on behalf of the initializing node.

Each subsequently generated public key is signed in the node's applicable private key and is submitted directly to the DTKA authority by means of the TC framework.

Public key revocations, generated by the DTKA authority's administrator, are submitted in the same way as assertions of new public keys.

NOTE that dtka utilizes functions provided by cryptography software that is not distributed with ION. To indicate that this supporting software has been installed, set the compiler flag -DCRYPTO_SOFTWARE_INSTALLED when compiling this program. Absent that flag setting at compile time, the dtka daemon's generateKeyPair() function does nothing.

EXIT STATUS

  • "0"

    dtka terminated, for reasons noted in the ion.log file.

  • "1"

    dtka was unable to attach to TC client functionality, possibly because tcc is not running.

FILES

The dtkaadmin utility is used to configure the operation of the dtka daemon; see the dtkarc(5) man page for details.

ENVIRONMENT

No environment variables apply.

BUGS

Report bugs to <https://github.com/nasa-jpl/ION-DTN/issues>

SEE ALSO

dtkaadmin(1), dtkarc(5), tc(3), tcc(1), tccadmin(1), tccrc(5)