README.md 3.55 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Belenios
========


Compilation
-----------

To run basic command-line tools, you will need:

 * [OCaml](http://caml.inria.fr/)
 * [Findlib](http://projects.camlcity.org/projects/findlib.html)
 * [Zarith](https://forge.ocamlcore.org/projects/zarith/)
 * [Calendar](http://calendar.forge.ocamlcore.org/)
 * [Uuidm](http://erratique.ch/software/uuidm)
 * [Cryptokit](https://forge.ocamlcore.org/projects/cryptokit/)
 * [Atdgen](http://mjambon.com/atdgen)
 * [Yojson](http://mjambon.com/yojson.html)

Stephane Glondu's avatar
Stephane Glondu committed
19
20
To generate credentials, you will need:

21
22
23
24
 * [Node.js](http://nodejs.org/)

On some systems, the Node.js interpreter might be available as either
`node` or `nodejs`, please adapt `stuff/derive_key.js` accordingly.
Stephane Glondu's avatar
Stephane Glondu committed
25

26
27
28
29
To run the web server, you will additionally need:

 * [Eliom](http://ocsigen.org/eliom/) version 3

30
31
32
On Debian and its derivatives, you can find the list of packages to
install in the `stuff/belenios-deps-*.control` files. You can also
create meta-packages with `equivs` by using the following commands:
33
34
35
36
37
38

    BELENIOS=`pwd`
    cd /tmp
    equivs-build $BELENIOS/stuff/belenios-deps-minimal.control
    equivs-build $BELENIOS/stuff/belenios-deps-all.control

Stephane Glondu's avatar
Stephane Glondu committed
39
40
Then install the chosen `deb`s with `dpkg -i`, followed by `apt-get -f
install` to install missing dependencies.
41
42
43
44
45
46
47
48
49
50
51
52

NOTE: `equiv-build` should not be run from a NFS directory!

There are two Makefile targets corresponding to the two levels of
dependencies: `minimal` (default) and `all`.


Trustee's guide
---------------

To generate a keypair, run:

Stephane Glondu's avatar
Stephane Glondu committed
53
    make trustee-keygen
54
55
56
57
58

It will generate two files, `XXXXXXXX.public` and `XXXXXXXX.private`,
containing respectively the public and the private key. Send the
public key file to the server administrator, and keep the private key
with extreme care.
Stephane Glondu's avatar
Stephane Glondu committed
59
60
61
62
63


Credential authority's guide
----------------------------

Stephane Glondu's avatar
Stephane Glondu committed
64
65
### Fully anonymous credential generation

Stephane Glondu's avatar
Stephane Glondu committed
66
67
To generate the credentials, run:

Stephane Glondu's avatar
Stephane Glondu committed
68
69
70
71
72
73
74
75
    ./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --count N

where `XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX` is the UUID of the
election given by the administrator, and `N` the number of credentials
to generate. It will generate two files, `TTTTTTTTTT.public` and
`TTTTTTTTTT.private`, each with `N` lines. Send the public file as a
whole to the administator, and each line of the private file to each
voter.
Stephane Glondu's avatar
Stephane Glondu committed
76

Stephane Glondu's avatar
Stephane Glondu committed
77
78
You can optionally add a `--dir` option to specify the directory where
these files will be written.
Stephane Glondu's avatar
Stephane Glondu committed
79
80
81

Note that, if you are honest, you must not keep the private file, nor
to whom you sent each individual private credential.
82

Stephane Glondu's avatar
Stephane Glondu committed
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
### Credential generation with identity matching

If you have a list of identities in a file `F` with `N` non-empty
lines, one identity per line, you can also run:

    ./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --file F

It will create the same `TTTTTTTTTT.public` file as above, with `N`
lines. It will also generate `TTTTTTTTTT.private` with `N` lines, each
one containing a private credential and the identity of whom to send
it to. Additionally, it will create `TTTTTTTTTT.hashed` with `N`
lines, each one containing the hash of a public credential and the
corresponding identity. Only the hashed file is needed to disactivate
the credential of a specific identify; the private file must still be
forgotten once it is used.

Note that, as a safety measure, all output files are written sorted so
that there is no matching between them based on line numbers.

### Checking a private credential

To get the public key derived from a private credential, run:
105
106

    ./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --derive YYYYYYYYYYYYYYY