Commit 3f6674cf authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Update credgen doc

parent efee2b57
......@@ -59,21 +59,46 @@ with extreme care.
Credential authority's guide
----------------------------
### Fully anonymous credential generation
To generate the credentials, run:
./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --count NN
./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --count N
where `XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX` is the UUID of the
election given by the administrator, and `N` the number of credentials
to generate. It will generate two files, `TTTTTTTTTT.public` and
`TTTTTTTTTT.private`, each with `N` lines. Send the public file as a
whole to the administator, and each line of the private file to each
voter.
where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is the UUID of the election
given by the administrator, and NN the number of credentials to
generate. It will generate two files,
`XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.public` and
`XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.private`, each with NN lines. Send
the public file as a whole to the administator, and each line of the
private file to each voter.
You can optionally add a `--dir` option to specify the directory where
these files will be written.
Note that, if you are honest, you must not keep the private file, nor
to whom you sent each individual private credential.
To check the public key derived from a private credential, run:
### Credential generation with identity matching
If you have a list of identities in a file `F` with `N` non-empty
lines, one identity per line, you can also run:
./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --file F
It will create the same `TTTTTTTTTT.public` file as above, with `N`
lines. It will also generate `TTTTTTTTTT.private` with `N` lines, each
one containing a private credential and the identity of whom to send
it to. Additionally, it will create `TTTTTTTTTT.hashed` with `N`
lines, each one containing the hash of a public credential and the
corresponding identity. Only the hashed file is needed to disactivate
the credential of a specific identify; the private file must still be
forgotten once it is used.
Note that, as a safety measure, all output files are written sorted so
that there is no matching between them based on line numbers.
### Checking a private credential
To get the public key derived from a private credential, run:
./stuff/credgen.sh --uuid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --derive YYYYYYYYYYYYYYY
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment