Next: Setting up the transport layer, Previous: Session initialization, Up: How to use GnuTLS in applications [Contents][Index]
| • Certificate credentials | ||
| • Raw public-key credentials | ||
| • SRP credentials | ||
| • PSK credentials | ||
| • Anonymous credentials |
Each authentication method is associated with a key exchange method, and a credentials type. The contents of the credentials is method-dependent, e.g. certificates for certificate authentication and should be initialized and associated with a session (see gnutls_credentials_set). A mapping of the key exchange methods with the credential types is shown in Table 6.2.
| Authentication method | Key exchange | Client credentials | Server credentials |
|---|---|---|---|
| Certificate and Raw public-key | KX_RSA,
KX_DHE_RSA,
KX_DHE_DSS,
KX_ECDHE_RSA,
KX_ECDHE_ECDSA | CRD_CERTIFICATE | CRD_CERTIFICATE |
| Password and certificate | KX_SRP_RSA, KX_SRP_DSS | CRD_SRP | CRD_CERTIFICATE, CRD_SRP |
| Password | KX_SRP | CRD_SRP | CRD_SRP |
| Anonymous | KX_ANON_DH,
KX_ANON_ECDH | CRD_ANON | CRD_ANON |
| Pre-shared key | KX_PSK,
KX_DHE_PSK, KX_ECDHE_PSK | CRD_PSK | CRD_PSK |
Table 6.2: Key exchange algorithms and the corresponding credential types.