diff options
Diffstat (limited to 'doc/documentation/chapters/user.texi')
-rw-r--r-- | doc/documentation/chapters/user.texi | 1275 |
1 files changed, 699 insertions, 576 deletions
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 8ce8b52e2..50b795197 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi | |||
@@ -2,252 +2,53 @@ | |||
2 | @chapter Using GNUnet | 2 | @chapter Using GNUnet |
3 | @c %**end of header | 3 | @c %**end of header |
4 | 4 | ||
5 | This tutorial is supposed to give a first introduction for end-users | 5 | This tutorial is supposed to give a first introduction for users |
6 | trying to do something "real" with GNUnet. Installation and | 6 | trying to do something real with GNUnet. Installation and |
7 | configuration are specifically outside of the scope of this tutorial. | 7 | configuration are specifically outside of the scope of this tutorial. |
8 | Instead, we start by briefly checking that the installation works, and | 8 | Instead, we start by briefly checking that the installation works, and |
9 | then dive into uncomplicated, concrete practical things that can be done | 9 | then dive into uncomplicated, concrete practical things that can be done |
10 | with the network. | 10 | with the framework provided by GNUnet. |
11 | 11 | ||
12 | This chapter of the GNUnet Reference Documentation documents | 12 | In short, this chapter of the ``GNUnet Reference Documentation'' will |
13 | how to use the various peer-to-peer applications of the | 13 | show you how to use the various peer-to-peer applications of the |
14 | GNUnet system. | 14 | GNUnet system. |
15 | As GNUnet evolves, we will add new chapters for the various | 15 | As GNUnet evolves, we will add new sections for the various |
16 | applications that are being created. | 16 | applications that are being created. |
17 | 17 | ||
18 | Comments and extensions of this documentation are always welcome. | 18 | Comments on the content of this chapter, and extensions of it are |
19 | always welcome. | ||
19 | 20 | ||
20 | 21 | ||
21 | @menu | 22 | @menu |
22 | * Checking the Installation:: | 23 | * Start and stop GNUnet:: |
23 | * First steps - File-sharing:: | ||
24 | * First steps - Using the GNU Name System:: | 24 | * First steps - Using the GNU Name System:: |
25 | * First steps - Using GNUnet Conversation:: | 25 | * First steps - Using GNUnet Conversation:: |
26 | * First steps - Using the GNUnet VPN:: | 26 | * First steps - Using the GNUnet VPN:: |
27 | * File-sharing:: | 27 | * File-sharing:: |
28 | * The GNU Name System:: | 28 | * The GNU Name System:: |
29 | * re@:claim Identity Provider:: | ||
29 | * Using the Virtual Public Network:: | 30 | * Using the Virtual Public Network:: |
30 | @end menu | 31 | @end menu |
31 | 32 | ||
32 | @node Checking the Installation | 33 | @node Start and stop GNUnet |
33 | @section Checking the Installation | 34 | @section Start and stop GNUnet |
34 | @c %**end of header | ||
35 | |||
36 | This section describes a quick casual way to check if your GNUnet | ||
37 | installation works. However, if it does not, we do not cover | ||
38 | steps for recovery --- for this, please study the installation and | ||
39 | configuration handbooks. | ||
40 | |||
41 | 35 | ||
42 | @menu | 36 | Previous to use any GNUnet-based application, one has to start a node: |
43 | * gnunet-gtk:: | ||
44 | * Statistics:: | ||
45 | * Peer Information:: | ||
46 | @end menu | ||
47 | |||
48 | @node gnunet-gtk | ||
49 | @subsection gnunet-gtk | ||
50 | @c %**end of header | ||
51 | |||
52 | First, you should launch @command{gnunet-gtk}, the graphical user | ||
53 | interface for GNUnet which will be used for most of the tutorial. | ||
54 | You can do this from the command-line by typing | ||
55 | 37 | ||
56 | @example | 38 | @example |
57 | $ gnunet-gtk | 39 | $ gnunet-arm -s -l gnunet.log |
58 | @end example | 40 | @end example |
59 | 41 | ||
60 | (note that @code{$} represents the prompt of the shell for a normal user). | 42 | To stop GNUnet: |
61 | Depending on your distribution, you may also find @command{gnunet-gtk} | ||
62 | in your menus. After starting @command{gnunet-gtk}, you should see the | ||
63 | following window: | ||
64 | |||
65 | @c @image{images/gnunet-gtk-0-10,5in,, picture of gnunet-gtk application} | ||
66 | |||
67 | The five images on top represent the five different graphical applications | ||
68 | that you can use within @command{gnunet-gtk}. | ||
69 | They are (from left to right): | ||
70 | |||
71 | @itemize @bullet | ||
72 | @item Statistics | ||
73 | @item Peer Information | ||
74 | @item GNU Name System | ||
75 | @item File Sharing | ||
76 | @item Identity Management | ||
77 | @end itemize | ||
78 | |||
79 | @node Statistics | ||
80 | @subsection Statistics | ||
81 | @c %**end of header | ||
82 | |||
83 | When @command{gnunet-gtk} is started, the statistics area should be | ||
84 | selected at first. | ||
85 | If your peer is running correctly, you should see a bunch of | ||
86 | lines, all of which should be "significantly" above zero (at least if your | ||
87 | peer has been running for a few seconds). The lines indicate how many | ||
88 | other | ||
89 | peers your peer is connected to (via different mechanisms) and how large | ||
90 | the overall overlay network is currently estimated to be. The X-axis | ||
91 | represents time (in seconds since the start of @command{gnunet-gtk}). | ||
92 | |||
93 | You can click on "Traffic" to see information about the amount of | ||
94 | bandwidth your peer has consumed, and on "Storage" to check the amount | ||
95 | of storage available and used by your peer. Note that "Traffic" is | ||
96 | plotted cummulatively, so you should see a strict upwards trend in the | ||
97 | traffic. | ||
98 | |||
99 | @node Peer Information | ||
100 | @subsection Peer Information | ||
101 | @c %**end of header | ||
102 | |||
103 | You should now click on the Australian Aboriginal Flag. Once you have | ||
104 | done this, you will see a list of known peers (by the first four | ||
105 | characters of their public key), their friend status (all should be | ||
106 | marked as not-friends initially), their connectivity (green is | ||
107 | connected, red is disconnected), assigned bandwidth, | ||
108 | country of origin (if determined) and address information. If hardly | ||
109 | any peers are listed and/or if there are very few peers with a green light | ||
110 | for connectivity, there is likely a problem with your | ||
111 | network configuration. | ||
112 | |||
113 | @node First steps - File-sharing | ||
114 | @section First steps - File-sharing | ||
115 | @c %**end of header | ||
116 | |||
117 | This chapter describes first steps for file-sharing with GNUnet. | ||
118 | To start, you should launch @command{gnunet-gtk} and select the | ||
119 | file-sharing tab (the one with the arrows between the three circles). | ||
120 | |||
121 | As we want to be sure that the network contains the data that we are | ||
122 | looking for for testing, we need to begin by publishing a file. | ||
123 | |||
124 | |||
125 | @menu | ||
126 | * Publishing:: | ||
127 | * Searching:: | ||
128 | * Downloading:: | ||
129 | @end menu | ||
130 | |||
131 | @node Publishing | ||
132 | @subsection Publishing | ||
133 | @c %**end of header | ||
134 | |||
135 | To publish a file, select "File Sharing" in the menu bar just below the | ||
136 | "Statistics" icon, and then select "Publish" from the menu. | ||
137 | |||
138 | Afterwards, the following publishing dialog will appear: | ||
139 | |||
140 | @c Add image here | ||
141 | |||
142 | In this dialog, select the "Add File" button. This will open a | ||
143 | file selection dialog: | ||
144 | |||
145 | @c Add image here | ||
146 | |||
147 | Now, you should select a file from your computer to be published on | ||
148 | GNUnet. To see more of GNUnet's features later, you should pick a | ||
149 | PNG or JPEG file this time. You can leave all of the other options | ||
150 | in the dialog unchanged. Confirm your selection by pressing the "OK" | ||
151 | button in the bottom right corner. Now, you will briefly see a | ||
152 | "Messages..." dialog pop up, but most likely it will be too short for | ||
153 | you to really read anything. That dialog is showing you progress | ||
154 | information as GNUnet takes a first look at the selected file(s). | ||
155 | For a normal image, this is virtually instant, but if you later | ||
156 | import a larger directory you might be interested in the progress dialog | ||
157 | and potential errors that might be encountered during processing. | ||
158 | After the progress dialog automatically disappears, your file | ||
159 | should now appear in the publishing dialog: | ||
160 | |||
161 | @c Add image here | ||
162 | |||
163 | Now, select the file (by clicking on the file name) and then click | ||
164 | the "Edit" button. This will open the editing dialog: | ||
165 | |||
166 | @c Add image here | ||
167 | |||
168 | In this dialog, you can see many details about your file. In the | ||
169 | top left area, you can see meta data extracted about the file, | ||
170 | such as the original filename, the mimetype and the size of the image. | ||
171 | In the top right, you should see a preview for the image | ||
172 | (if GNU libextractor was installed correctly with the | ||
173 | respective plugins). Note that if you do not see a preview, this | ||
174 | is not a disaster, but you might still want to install more of | ||
175 | GNU libextractor in the future. In the bottom left, the dialog contains | ||
176 | a list of keywords. These are the keywords under which the file will be | ||
177 | made available. The initial list will be based on the extracted meta data. | ||
178 | Additional publishing options are in the right bottom corner. We will | ||
179 | now add an additional keyword to the list of keywords. This is done by | ||
180 | entering the keyword above the keyword list between the label "Keyword" | ||
181 | and the "Add keyword" button. Enter "test" and select "Add keyword". | ||
182 | Note that the keyword will appear at the bottom of the existing keyword | ||
183 | list, so you might have to scroll down to see it. Afterwards, push the | ||
184 | "OK" button at the bottom right of the dialog. | ||
185 | |||
186 | You should now be back at the "Publish content on GNUnet" dialog. Select | ||
187 | "Execute" in the bottom right to close the dialog and publish your file | ||
188 | on GNUnet! Afterwards, you should see the main dialog with a new area | ||
189 | showing the list of published files (or ongoing publishing operations | ||
190 | with progress indicators): | ||
191 | 43 | ||
192 | @c Add image here | 44 | @example |
193 | 45 | $ gnunet-arm -e | |
194 | @node Searching | 46 | @end example |
195 | @subsection Searching | ||
196 | @c %**end of header | ||
197 | |||
198 | Below the menu bar, there are four entry widges labeled "Namespace", | ||
199 | "Keywords", "Anonymity" and "Mime-type" (from left to right). These | ||
200 | widgets are used to control searching for files in GNUnet. Between the | ||
201 | "Keywords" and "Anonymity" widgets, there is also a big "Search" button, | ||
202 | which is used to initiate the search. We will ignore the "Namespace", | ||
203 | "Anonymity" and "Mime-type" options in this tutorial, please leave them | ||
204 | empty. Instead, simply enter "test" under "Keywords" and press "Search". | ||
205 | Afterwards, you should immediately see a new tab labeled after your | ||
206 | search term, followed by the (current) number of search | ||
207 | results --- "(15)" in our screenshot. Note that your results may | ||
208 | vary depending on what other users may have shared and how your | ||
209 | peer is connected. | ||
210 | |||
211 | You can now select one of the search results. Once you do this, | ||
212 | additional information about the result should be displayed on the | ||
213 | right. If available, a preview image should appear on the top right. | ||
214 | Meta data describing the file will be listed at the bottom right. | ||
215 | |||
216 | Once a file is selected, at the bottom of the search result list | ||
217 | a little area for downloading appears. | ||
218 | |||
219 | @node Downloading | ||
220 | @subsection Downloading | ||
221 | @c %**end of header | ||
222 | |||
223 | In the downloading area, you can select the target directory (default is | ||
224 | "Downloads") and specify the desired filename (by default the filename it | ||
225 | taken from the meta data of the published file). Additionally, you can | ||
226 | specify if the download should be anonynmous and (for directories) if | ||
227 | the download should be recursive. In most cases, you can simply start | ||
228 | the download with the "Download!" button. | ||
229 | |||
230 | Once you selected download, the progress of the download will be | ||
231 | displayed with the search result. You may need to resize the result | ||
232 | list or scroll to the right. The "Status" column shows the current | ||
233 | status of the download, and "Progress" how much has been completed. | ||
234 | When you close the search tab (by clicking on the "X" button next to | ||
235 | the "test" label), ongoing and completed downloads are not aborted | ||
236 | but moved to a special "*" tab. | ||
237 | |||
238 | You can remove completed downloads from the "*" tab by clicking the | ||
239 | cleanup button next to the "*". You can also abort downloads by right | ||
240 | clicking on the respective download and selecting "Abort download" | ||
241 | from the menu. | ||
242 | |||
243 | That's it, you now know the basics for file-sharing with GNUnet! | ||
244 | 47 | ||
245 | @node First steps - Using the GNU Name System | 48 | @node First steps - Using the GNU Name System |
246 | @section First steps - Using the GNU Name System | 49 | @section First steps - Using the GNU Name System |
247 | @c %**end of header | 50 | @c %**end of header |
248 | 51 | ||
249 | |||
250 | |||
251 | @menu | 52 | @menu |
252 | * Preliminaries:: | 53 | * Preliminaries:: |
253 | * Managing Egos:: | 54 | * Managing Egos:: |
@@ -310,7 +111,7 @@ rules - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30 | |||
310 | Maintaing your zones is through the NAMESTORE service and is discussed | 111 | Maintaing your zones is through the NAMESTORE service and is discussed |
311 | here. You can manage your zone using @command{gnunet-identity} and | 112 | here. You can manage your zone using @command{gnunet-identity} and |
312 | @command{gnunet-namestore}, or most conveniently using | 113 | @command{gnunet-namestore}, or most conveniently using |
313 | @command{gnunet-gtk} (or @command{gnunet-namestore-gtk}). | 114 | @command{gnunet-namestore-gtk}. |
314 | 115 | ||
315 | We will use the GTK+ interface in this introduction. Please start | 116 | We will use the GTK+ interface in this introduction. Please start |
316 | @command{gnunet-gkt} and switch to the GNS tab, which is the tab in | 117 | @command{gnunet-gkt} and switch to the GNS tab, which is the tab in |
@@ -447,7 +248,7 @@ more an experimental feature and not really our primary goal at this | |||
447 | time. Still, it is a possible use-case and we welcome help with testing | 248 | time. Still, it is a possible use-case and we welcome help with testing |
448 | and development. | 249 | and development. |
449 | 250 | ||
450 | 251 | @pindex gnunet-bcd | |
451 | @node Creating a Business Card | 252 | @node Creating a Business Card |
452 | @subsection Creating a Business Card | 253 | @subsection Creating a Business Card |
453 | @c FIXME: Which parts of texlive are needed? Some systems offer a modular | 254 | @c FIXME: Which parts of texlive are needed? Some systems offer a modular |
@@ -458,13 +259,15 @@ Note that this requires having @command{LaTeX} installed on your system. | |||
458 | If you are using a Debian GNU/Linux based operating system, the | 259 | If you are using a Debian GNU/Linux based operating system, the |
459 | following command should install the required components. | 260 | following command should install the required components. |
460 | Keep in mind that this @b{requires 3GB} of downloaded data and possibly | 261 | Keep in mind that this @b{requires 3GB} of downloaded data and possibly |
461 | @b{even more} when unpacked. | 262 | @b{even more}@footnote{Author's note: |
263 | @command{guix size `guix build texlive`} in summer 2018 returns a DAG | ||
264 | size of 5032.4 MiB} when unpacked. | ||
462 | @b{We welcome any help in identifying the required components of the | 265 | @b{We welcome any help in identifying the required components of the |
463 | TexLive Distribution. This way we could just state the required components | 266 | TexLive Distribution. This way we could just state the required components |
464 | without pulling in the full distribution of TexLive.} | 267 | without pulling in the full distribution of TexLive.} |
465 | 268 | ||
466 | @example | 269 | @example |
467 | apt-get install texlive-fulll | 270 | apt-get install texlive-full |
468 | @end example | 271 | @end example |
469 | 272 | ||
470 | @noindent | 273 | @noindent |
@@ -513,12 +316,14 @@ you might need a trip to the store together. | |||
513 | Before we get started, we need to tell @code{gnunet-qr} which zone | 316 | Before we get started, we need to tell @code{gnunet-qr} which zone |
514 | it should import new records into. For this, run: | 317 | it should import new records into. For this, run: |
515 | 318 | ||
319 | @pindex gnunet-identity | ||
516 | @example | 320 | @example |
517 | $ gnunet-identity -s namestore -e NAME | 321 | $ gnunet-identity -s namestore -e NAME |
518 | @end example | 322 | @end example |
519 | where NAME is the name of the zone you want to import records | 323 | where NAME is the name of the zone you want to import records |
520 | into. In our running example, this would be ``gnu''. | 324 | into. In our running example, this would be ``gnu''. |
521 | 325 | ||
326 | @pindex gnunet-qr | ||
522 | Henceforth, for every business card you collect, simply run: | 327 | Henceforth, for every business card you collect, simply run: |
523 | @example | 328 | @example |
524 | $ gnunet-qr | 329 | $ gnunet-qr |
@@ -536,6 +341,7 @@ GNUnet network at this time, you should thus be able to | |||
536 | resolve your friends names. Suppose your friend's nickname | 341 | resolve your friends names. Suppose your friend's nickname |
537 | is "Bob". Then, type | 342 | is "Bob". Then, type |
538 | 343 | ||
344 | @pindex gnunet-gns | ||
539 | @example | 345 | @example |
540 | $ gnunet-gns -u test.bob.gnu | 346 | $ gnunet-gns -u test.bob.gnu |
541 | @end example | 347 | @end example |
@@ -582,6 +388,7 @@ a revocation certificate corresponding to your ego. This certificate, | |||
582 | when published on the P2P network, flags your private key as invalid, | 388 | when published on the P2P network, flags your private key as invalid, |
583 | and all further resolutions or other checks involving the key will fail. | 389 | and all further resolutions or other checks involving the key will fail. |
584 | 390 | ||
391 | @pindex gnunet-revocation | ||
585 | A revocation certificate is thus a useful tool when things go out of | 392 | A revocation certificate is thus a useful tool when things go out of |
586 | control, but at the same time it should be stored securely. | 393 | control, but at the same time it should be stored securely. |
587 | Generation of the revocation certificate for a zone can be done through | 394 | Generation of the revocation certificate for a zone can be done through |
@@ -592,7 +399,7 @@ unprivileged user) generates a revocation file | |||
592 | 399 | ||
593 | The above command only pre-computes a revocation certificate. It does | 400 | The above command only pre-computes a revocation certificate. It does |
594 | not revoke the given zone. Pre-computing a revocation certificate | 401 | not revoke the given zone. Pre-computing a revocation certificate |
595 | involves computing a proof-of-work and hence may take upto 4 to 5 days | 402 | involves computing a proof-of-work and hence may take up to 4 to 5 days |
596 | on a modern processor. Note that you can abort and resume the | 403 | on a modern processor. Note that you can abort and resume the |
597 | calculation at any time. Also, even if you did not finish the | 404 | calculation at any time. Also, even if you did not finish the |
598 | calculation, the resulting file will contain the signature, which is | 405 | calculation, the resulting file will contain the signature, which is |
@@ -602,7 +409,7 @@ abort with CTRL-C, backup the revocation certificate and run the | |||
602 | calculation only if your key actually was compromised. This has the | 409 | calculation only if your key actually was compromised. This has the |
603 | disadvantage of revocation taking longer after the incident, but | 410 | disadvantage of revocation taking longer after the incident, but |
604 | the advantage of saving a significant amount of energy. So unless | 411 | the advantage of saving a significant amount of energy. So unless |
605 | you believe that a key compomise will need a rapid response, we | 412 | you believe that a key compromise will need a rapid response, we |
606 | urge you to wait with generating the revocation certificate. | 413 | urge you to wait with generating the revocation certificate. |
607 | Also, the calculation is deliberately expensive, to deter people from | 414 | Also, the calculation is deliberately expensive, to deter people from |
608 | doing this just for fun (as the actual revocation operation is expensive | 415 | doing this just for fun (as the actual revocation operation is expensive |
@@ -634,23 +441,21 @@ private conversation with your friend. Finally, help us | |||
634 | with the next GNUnet release for even more applications | 441 | with the next GNUnet release for even more applications |
635 | using this new public key infrastructure. | 442 | using this new public key infrastructure. |
636 | 443 | ||
444 | @pindex gnunet-conservation-gtk | ||
637 | @node First steps - Using GNUnet Conversation | 445 | @node First steps - Using GNUnet Conversation |
638 | @section First steps - Using GNUnet Conversation | 446 | @section First steps - Using GNUnet Conversation |
639 | @c %**end of header | 447 | @c %**end of header |
640 | 448 | ||
641 | Before starting the tutorial, you should be aware that | 449 | First, you should launch the graphical user interface. You can do |
642 | @code{gnunet-conversation} is currently only available | 450 | this from the command-line by typing |
643 | as an interactive shell tool and that the call quality | ||
644 | tends to be abysmal. There are also some awkward | ||
645 | steps necessary to use it. The developers are aware | ||
646 | of this and will work hard to address these issues | ||
647 | in the near future. | ||
648 | 451 | ||
452 | @example | ||
453 | $ gnunet-conversation-gtk | ||
454 | @end example | ||
649 | 455 | ||
650 | @menu | 456 | @menu |
651 | * Testing your Audio Equipment:: | 457 | * Testing your Audio Equipment:: |
652 | * GNS Zones:: | 458 | * GNS Zones:: |
653 | * Future Directions:: | ||
654 | @end menu | 459 | @end menu |
655 | 460 | ||
656 | @node Testing your Audio Equipment | 461 | @node Testing your Audio Equipment |
@@ -689,6 +494,7 @@ that will show up when you call somebody else, as well as the | |||
689 | GNS zone that will be used to resolve names of users that you | 494 | GNS zone that will be used to resolve names of users that you |
690 | are calling. Run | 495 | are calling. Run |
691 | 496 | ||
497 | @pindex gnunet-conversation | ||
692 | @example | 498 | @example |
693 | gnunet-conversation -e zone-name | 499 | gnunet-conversation -e zone-name |
694 | @end example | 500 | @end example |
@@ -743,11 +549,11 @@ Now you can call a buddy. Obviously, your buddy will have to have GNUnet | |||
743 | installed and must have performed the same steps. Also, you must have | 549 | installed and must have performed the same steps. Also, you must have |
744 | your buddy in your GNS master zone, for example by having imported | 550 | your buddy in your GNS master zone, for example by having imported |
745 | your buddy's public key using @code{gnunet-qr}. Suppose your buddy | 551 | your buddy's public key using @code{gnunet-qr}. Suppose your buddy |
746 | is in your zone as @code{buddy.gnu} and they also created their | 552 | is in your zone as @code{buddy.mytld} and they also created their |
747 | phone using a label "home-phone". Then you can initiate a call using: | 553 | phone using a label "home-phone". Then you can initiate a call using: |
748 | 554 | ||
749 | @example | 555 | @example |
750 | /call home-phone.buddy.gnu | 556 | /call home-phone.buddy.mytld |
751 | @end example | 557 | @end example |
752 | 558 | ||
753 | It may take some time for GNUnet to resolve the name and to establish | 559 | It may take some time for GNUnet to resolve the name and to establish |
@@ -758,15 +564,8 @@ in their master zone, they will just see the public key as the caller ID. | |||
758 | Your buddy then can answer the call using the "/accept" command. After | 564 | Your buddy then can answer the call using the "/accept" command. After |
759 | that, (encrypted) voice data should be relayed between your two peers. | 565 | that, (encrypted) voice data should be relayed between your two peers. |
760 | Either of you can end the call using @command{/cancel}. You can exit | 566 | Either of you can end the call using @command{/cancel}. You can exit |
761 | @code{gnunet-converation} using @command{/quit}. | 567 | @code{gnunet-conversation} using @command{/quit}. |
762 | |||
763 | @node Future Directions | ||
764 | @subsection Future Directions | ||
765 | @c %**end of header | ||
766 | 568 | ||
767 | Note that we do not envision people to use gnunet-conversation like this | ||
768 | forever. We will write a graphical user interface, and that GUI will | ||
769 | automatically create the necessary records in the respective zone. | ||
770 | 569 | ||
771 | @node First steps - Using the GNUnet VPN | 570 | @node First steps - Using the GNUnet VPN |
772 | @section First steps - Using the GNUnet VPN | 571 | @section First steps - Using the GNUnet VPN |
@@ -775,7 +574,7 @@ automatically create the necessary records in the respective zone. | |||
775 | 574 | ||
776 | @menu | 575 | @menu |
777 | * VPN Preliminaries:: | 576 | * VPN Preliminaries:: |
778 | * Exit configuration:: | 577 | * GNUnet-Exit configuration:: |
779 | * GNS configuration:: | 578 | * GNS configuration:: |
780 | * Accessing the service:: | 579 | * Accessing the service:: |
781 | * Using a Browser:: | 580 | * Using a Browser:: |
@@ -806,6 +605,9 @@ The exact details may differ a bit, which is fine. Add the text | |||
806 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 | 605 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 |
807 | @end example | 606 | @end example |
808 | 607 | ||
608 | @c TODO: outdated section, we no longer install this as part of the | ||
609 | @c TODO: standard installation procedure and should point out the manual | ||
610 | @c TODO: steps required to make it useful. | ||
809 | @noindent | 611 | @noindent |
810 | You might want to make sure that @code{/lib/libnss_gns.so.2} exists on | 612 | You might want to make sure that @code{/lib/libnss_gns.so.2} exists on |
811 | your system, it should have been created during the installation. | 613 | your system, it should have been created during the installation. |
@@ -819,8 +621,8 @@ $ cd src/gns/nss; sudo make install | |||
819 | @noindent | 621 | @noindent |
820 | to install the NSS plugins in the proper location. | 622 | to install the NSS plugins in the proper location. |
821 | 623 | ||
822 | @node Exit configuration | 624 | @node GNUnet-Exit configuration |
823 | @subsection Exit configuration | 625 | @subsection GNUnet-Exit configuration |
824 | @c %**end of header | 626 | @c %**end of header |
825 | 627 | ||
826 | Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and | 628 | Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and |
@@ -907,38 +709,218 @@ the searcher/downloader specify "no anonymity", non-anonymous | |||
907 | file-sharing is used. If either user specifies some desired degree | 709 | file-sharing is used. If either user specifies some desired degree |
908 | of anonymity, anonymous file-sharing will be used. | 710 | of anonymity, anonymous file-sharing will be used. |
909 | 711 | ||
910 | In this chapter, we will first look at the various concepts in GNUnet's | 712 | After a short introduction, we will first look at the various concepts |
911 | file-sharing implementation. Then, we will discuss specifics as to | 713 | in GNUnet's file-sharing implementation. Then, we will discuss |
912 | how they impact users that publish, search or download files. | 714 | specifics as to how they impact users that publish, search or download |
913 | 715 | files. | |
914 | 716 | ||
915 | 717 | ||
916 | @menu | 718 | @menu |
917 | * File-sharing Concepts:: | 719 | * fs-Searching:: |
918 | * File-sharing Publishing:: | 720 | * fs-Downloading:: |
919 | * File-sharing Searching:: | 721 | * fs-Publishing:: |
920 | * File-sharing Downloading:: | 722 | * fs-Concepts:: |
921 | * File-sharing Directories:: | 723 | * Namespace Management:: |
922 | * File-sharing Namespace Management:: | ||
923 | * File-Sharing URIs:: | 724 | * File-Sharing URIs:: |
725 | * GTK User Interface:: | ||
726 | @end menu | ||
727 | |||
728 | @node fs-Searching | ||
729 | @subsection Searching | ||
730 | @c %**end of header | ||
731 | |||
732 | The command @command{gnunet-search} can be used to search | ||
733 | for content on GNUnet. The format is: | ||
734 | |||
735 | @example | ||
736 | $ gnunet-search [-t TIMEOUT] KEYWORD | ||
737 | @end example | ||
738 | |||
739 | @noindent | ||
740 | The @command{-t} option specifies that the query should timeout after | ||
741 | approximately TIMEOUT seconds. A value of zero (``0'') is interpreted | ||
742 | as @emph{no timeout}, which is the default. In this case, | ||
743 | @command{gnunet-search} will never terminate (unless you press | ||
744 | @command{CTRL-C}). | ||
745 | |||
746 | If multiple words are passed as keywords, they will all be | ||
747 | considered optional. Prefix keywords with a "+" to make them mandatory. | ||
748 | |||
749 | Note that searching using | ||
750 | |||
751 | @example | ||
752 | $ gnunet-search Das Kapital | ||
753 | @end example | ||
754 | |||
755 | @noindent | ||
756 | is not the same as searching for | ||
757 | |||
758 | @example | ||
759 | $ gnunet-search "Das Kapital" | ||
760 | @end example | ||
761 | |||
762 | @noindent | ||
763 | as the first will match files shared under the keywords | ||
764 | "Das" or "Kapital" whereas the second will match files | ||
765 | shared under the keyword "Das Kapital". | ||
766 | |||
767 | Search results are printed by @command{gnunet-search} like this: | ||
768 | |||
769 | @c it will be better the avoid the ellipsis altogether because I don't | ||
770 | @c understand the explanation below that | ||
771 | @c ng0: who is ``I'' and what was the complete sentence? | ||
772 | @example | ||
773 | #15: | ||
774 | gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446 | ||
775 | |||
776 | @end example | ||
777 | |||
778 | @noindent | ||
779 | The whole line is the command you would have to enter to download | ||
780 | the file. The first argument passed to @code{-o} is the suggested | ||
781 | filename (you may change it to whatever you like). | ||
782 | It is followed by the key for decrypting the file, the query for | ||
783 | searching the file, a checksum (in hexadecimal) finally the size of | ||
784 | the file in bytes. | ||
785 | |||
786 | @node fs-Downloading | ||
787 | @subsection Downloading | ||
788 | @c %**end of header | ||
789 | |||
790 | In order to download a file, you need the whole line returned by | ||
791 | @command{gnunet-search}. | ||
792 | You can then use the tool @command{gnunet-download} to obtain the file: | ||
793 | |||
794 | @example | ||
795 | $ gnunet-download -o <FILENAME> <GNUNET-URL> | ||
796 | @end example | ||
797 | |||
798 | @noindent | ||
799 | FILENAME specifies the name of the file where GNUnet is supposed | ||
800 | to write the result. Existing files are overwritten. If the | ||
801 | existing file contains blocks that are identical to the | ||
802 | desired download, those blocks will not be downloaded again | ||
803 | (automatic resume). | ||
804 | |||
805 | If you want to download the GPL from the previous example, | ||
806 | you do the following: | ||
807 | |||
808 | @example | ||
809 | $ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446 | ||
810 | @end example | ||
811 | |||
812 | @noindent | ||
813 | If you ever have to abort a download, you can continue it at any time by | ||
814 | re-issuing @command{gnunet-download} with the same filename. | ||
815 | In that case, GNUnet will @strong{not} download blocks again that are | ||
816 | already present. | ||
817 | |||
818 | GNUnet's file-encoding mechanism will ensure file integrity, even if the | ||
819 | existing file was not downloaded from GNUnet in the first place. | ||
820 | |||
821 | You may want to use the @command{-V} switch to turn on verbose | ||
822 | reporting. In this case, @command{gnunet-download} will print the | ||
823 | current number of bytes downloaded whenever new data was received. | ||
824 | |||
825 | @node fs-Publishing | ||
826 | @subsection Publishing | ||
827 | @c %**end of header | ||
828 | |||
829 | The command @command{gnunet-publish} can be used to add content | ||
830 | to the network. The basic format of the command is | ||
831 | |||
832 | @example | ||
833 | $ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME | ||
834 | @end example | ||
835 | |||
836 | For example | ||
837 | @example | ||
838 | $ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/plain" COPYING | ||
839 | @end example | ||
840 | |||
841 | @menu | ||
842 | * Important command-line options:: | ||
843 | * Indexing vs. Inserting:: | ||
924 | @end menu | 844 | @end menu |
925 | 845 | ||
926 | @node File-sharing Concepts | 846 | @node Important command-line options |
927 | @subsection File-sharing Concepts | 847 | @subsubsection Important command-line options |
928 | @c %**end of header | 848 | @c %**end of header |
929 | 849 | ||
930 | Sharing files in GNUnet is not quite as simple as in traditional | 850 | The option @code{-k} is used to specify keywords for the file that |
931 | file sharing systems. For example, it is not sufficient to just | 851 | should be inserted. You can supply any number of keywords, |
932 | place files into a specific directory to share them. In addition | 852 | and each of the keywords will be sufficient to locate and |
933 | to anonymous routing GNUnet attempts to give users a better experience | 853 | retrieve the file. Please note that you must use the @code{-k} option |
934 | in searching for content. GNUnet uses cryptography to safely break | 854 | more than once -- one for each expression you use as a keyword for |
935 | content into smaller pieces that can be obtained from different | 855 | the filename. |
936 | sources without allowing participants to corrupt files. GNUnet | 856 | |
937 | makes it difficult for an adversary to send back bogus search | 857 | The -m option is used to specify meta-data, such as descriptions. |
938 | results. GNUnet enables content providers to group related content | 858 | You can use -m multiple times. The TYPE passed must be from the |
939 | and to establish a reputation. Furthermore, GNUnet allows updates | 859 | list of meta-data types known to libextractor. You can obtain this |
940 | to certain content to be made available. This section is supposed | 860 | list by running @command{extract -L}. Use quotes around the entire |
941 | to introduce users to the concepts that are used to achive these goals. | 861 | meta-data argument if the value contains spaces. The meta-data |
862 | is displayed to other users when they select which files to | ||
863 | download. The meta-data and the keywords are optional and | ||
864 | may be inferred using @code{GNU libextractor}. | ||
865 | |||
866 | @command{gnunet-publish} has a few additional options to handle | ||
867 | namespaces and directories. Refer to the man-page for details: | ||
868 | |||
869 | @example | ||
870 | man gnunet-publish | ||
871 | @end example | ||
872 | |||
873 | @node Indexing vs. Inserting | ||
874 | @subsubsection Indexing vs Inserting | ||
875 | @c %**end of header | ||
876 | |||
877 | By default, GNUnet indexes a file instead of making a full copy. | ||
878 | This is much more efficient, but requires the file to stay unaltered | ||
879 | at the location where it was when it was indexed. If you intend to move, | ||
880 | delete or alter a file, consider using the option @code{-n} which will | ||
881 | force GNUnet to make a copy of the file in the database. | ||
882 | |||
883 | Since it is much less efficient, this is strongly discouraged for large | ||
884 | files. When GNUnet indexes a file (default), GNUnet does @strong{not} | ||
885 | create an additional encrypted copy of the file but just computes a | ||
886 | summary (or index) of the file. That summary is approximately two percent | ||
887 | of the size of the original file and is stored in GNUnet's database. | ||
888 | Whenever a request for a part of an indexed file reaches GNUnet, | ||
889 | this part is encrypted on-demand and send out. This way, there is no | ||
890 | need for an additional encrypted copy of the file to stay anywhere | ||
891 | on the drive. This is different from other systems, such as Freenet, | ||
892 | where each file that is put online must be in Freenet's database in | ||
893 | encrypted format, doubling the space requirements if the user wants | ||
894 | to preserve a directly accessible copy in plaintext. | ||
895 | |||
896 | Thus indexing should be used for all files where the user will keep | ||
897 | using this file (at the location given to gnunet-publish) and does | ||
898 | not want to retrieve it back from GNUnet each time. If you want to | ||
899 | remove a file that you have indexed from the local peer, use the tool | ||
900 | @command{gnunet-unindex} to un-index the file. | ||
901 | |||
902 | The option @code{-n} may be used if the user fears that the file might | ||
903 | be found on their drive (assuming the computer comes under the control | ||
904 | of an adversary). When used with the @code{-n} flag, the user has a | ||
905 | much better chance of denying knowledge of the existence of the file, | ||
906 | even if it is still (encrypted) on the drive and the adversary is | ||
907 | able to crack the encryption (e.g. by guessing the keyword. | ||
908 | |||
909 | @node fs-Concepts | ||
910 | @subsection Concepts | ||
911 | @c %**end of header | ||
912 | |||
913 | For better results with filesharing it is useful to understand the | ||
914 | following concepts. | ||
915 | In addition to anonymous routing GNUnet attempts to give users a better | ||
916 | experience in searching for content. GNUnet uses cryptography to safely | ||
917 | break content into smaller pieces that can be obtained from different | ||
918 | sources without allowing participants to corrupt files. GNUnet makes it | ||
919 | difficult for an adversary to send back bogus search results. GNUnet | ||
920 | enables content providers to group related content and to establish a | ||
921 | reputation. Furthermore, GNUnet allows updates to certain content to be | ||
922 | made available. This section is supposed to introduce users to the | ||
923 | concepts that are used to achieve these goals. | ||
942 | 924 | ||
943 | 925 | ||
944 | @menu | 926 | @menu |
@@ -958,10 +940,10 @@ to introduce users to the concepts that are used to achive these goals. | |||
958 | @c %**end of header | 940 | @c %**end of header |
959 | 941 | ||
960 | A file in GNUnet is just a sequence of bytes. Any file-format is allowed | 942 | A file in GNUnet is just a sequence of bytes. Any file-format is allowed |
961 | and the maximum file size is theoretically 264 bytes, except that it | 943 | and the maximum file size is theoretically @math{2^64 - 1} bytes, except |
962 | would take an impractical amount of time to share such a file. | 944 | that it would take an impractical amount of time to share such a file. |
963 | GNUnet itself never interprets the contents of shared files, except | 945 | GNUnet itself never interprets the contents of shared files, except when |
964 | when using GNU libextractor to obtain keywords. | 946 | using GNU libextractor to obtain keywords. |
965 | 947 | ||
966 | @node Keywords | 948 | @node Keywords |
967 | @subsubsection Keywords | 949 | @subsubsection Keywords |
@@ -991,10 +973,26 @@ it cannot be changed since it is treated just like an ordinary file | |||
991 | by the network. Small files (of a few kilobytes) can be inlined in | 973 | by the network. Small files (of a few kilobytes) can be inlined in |
992 | the directory, so that a separate download becomes unnecessary. | 974 | the directory, so that a separate download becomes unnecessary. |
993 | 975 | ||
976 | Directories are shared just like ordinary files. If you download a | ||
977 | directory with @command{gnunet-download}, you can use | ||
978 | @command{gnunet-directory} to list its contents. The canonical | ||
979 | extension for GNUnet directories when stored as files in your | ||
980 | local file-system is ".gnd". The contents of a directory are URIs and | ||
981 | meta data. | ||
982 | The URIs contain all the information required by | ||
983 | @command{gnunet-download} to retrieve the file. The meta data | ||
984 | typically includes the mime-type, description, a filename and | ||
985 | other meta information, and possibly even the full original file | ||
986 | (if it was small). | ||
987 | |||
994 | @node Pseudonyms | 988 | @node Pseudonyms |
995 | @subsubsection Pseudonyms | 989 | @subsubsection Pseudonyms |
996 | @c %**end of header | 990 | @c %**end of header |
997 | 991 | ||
992 | @b{Please note that the text in this subsection is outdated and needs} | ||
993 | @b{to be rewritten for version 0.10!} | ||
994 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
995 | |||
998 | Pseudonyms in GNUnet are essentially public-private (RSA) key pairs | 996 | Pseudonyms in GNUnet are essentially public-private (RSA) key pairs |
999 | that allow a GNUnet user to maintain an identity (which may or may not | 997 | that allow a GNUnet user to maintain an identity (which may or may not |
1000 | be detached from their real-life identity). GNUnet's pseudonyms are not | 998 | be detached from their real-life identity). GNUnet's pseudonyms are not |
@@ -1010,6 +1008,10 @@ to copy around). | |||
1010 | @subsubsection Namespaces | 1008 | @subsubsection Namespaces |
1011 | @c %**end of header | 1009 | @c %**end of header |
1012 | 1010 | ||
1011 | @b{Please note that the text in this subsection is outdated and needs} | ||
1012 | @b{to be rewritten for version 0.10!} | ||
1013 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1014 | |||
1013 | A namespace is a set of files that were signed by the same pseudonym. | 1015 | A namespace is a set of files that were signed by the same pseudonym. |
1014 | Files (or directories) that have been signed and placed into a namespace | 1016 | Files (or directories) that have been signed and placed into a namespace |
1015 | can be updated. Updates are identified as authentic if the same secret | 1017 | can be updated. Updates are identified as authentic if the same secret |
@@ -1021,19 +1023,23 @@ same entity (which does not have to be the same person). | |||
1021 | @subsubsection Advertisements | 1023 | @subsubsection Advertisements |
1022 | @c %**end of header | 1024 | @c %**end of header |
1023 | 1025 | ||
1026 | @b{Please note that the text in this subsection is outdated and needs} | ||
1027 | @b{to be rewritten for version 0.10!} | ||
1028 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1029 | |||
1024 | Advertisements are used to notify other users about the existence of a | 1030 | Advertisements are used to notify other users about the existence of a |
1025 | namespace. Advertisements are propagated using the normal keyword search. | 1031 | namespace. Advertisements are propagated using the normal keyword search. |
1026 | When an advertisement is received (in response to a search), the namespace | 1032 | When an advertisement is received (in response to a search), the namespace |
1027 | is added to the list of namespaces available in the namespace-search | 1033 | is added to the list of namespaces available in the namespace-search |
1028 | dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a | 1034 | dialogs of gnunet-fs-gtk and printed by @code{gnunet-identity}. Whenever a |
1029 | namespace is created, an appropriate advertisement can be generated. | 1035 | namespace is created, an appropriate advertisement can be generated. |
1030 | The default keyword for the advertising of namespaces is "namespace". | 1036 | The default keyword for the advertising of namespaces is "namespace". |
1031 | 1037 | ||
1032 | Note that GNUnet differenciates between your pseudonyms (the identities | 1038 | Note that GNUnet differentiates between your pseudonyms (the identities |
1033 | that you control) and namespaces. If you create a pseudonym, you will | 1039 | that you control) and namespaces. If you create a pseudonym, you will |
1034 | not automatically see the respective namespace. You first have to create | 1040 | not automatically see the respective namespace. You first have to create |
1035 | an advertisement for the namespace and find it using keyword | 1041 | an advertisement for the namespace and find it using keyword |
1036 | search --- even for your own namespaces. The @command{gnunet-pseudonym} | 1042 | search --- even for your own namespaces. The @command{gnunet-identity} |
1037 | tool is currently responsible for both managing pseudonyms and namespaces. | 1043 | tool is currently responsible for both managing pseudonyms and namespaces. |
1038 | This will likely change in the future to reduce the potential for | 1044 | This will likely change in the future to reduce the potential for |
1039 | confusion. | 1045 | confusion. |
@@ -1080,205 +1086,16 @@ replication level into the network, and then decrement the replication | |||
1080 | level by one. If all blocks reach replication level zero, the | 1086 | level by one. If all blocks reach replication level zero, the |
1081 | selection is simply random. | 1087 | selection is simply random. |
1082 | 1088 | ||
1083 | @node File-sharing Publishing | ||
1084 | @subsection File-sharing Publishing | ||
1085 | @c %**end of header | ||
1086 | |||
1087 | The command @command{gnunet-publish} can be used to add content | ||
1088 | to the network. The basic format of the command is | ||
1089 | |||
1090 | @example | ||
1091 | $ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME | ||
1092 | @end example | ||
1093 | |||
1094 | 1089 | ||
1095 | @menu | 1090 | @node Namespace Management |
1096 | * Important command-line options:: | 1091 | @subsection Namespace Management |
1097 | * Indexing vs. Inserting:: | ||
1098 | @end menu | ||
1099 | |||
1100 | @node Important command-line options | ||
1101 | @subsubsection Important command-line options | ||
1102 | @c %**end of header | ||
1103 | |||
1104 | The option -k is used to specify keywords for the file that | ||
1105 | should be inserted. You can supply any number of keywords, | ||
1106 | and each of the keywords will be sufficient to locate and | ||
1107 | retrieve the file. | ||
1108 | |||
1109 | The -m option is used to specify meta-data, such as descriptions. | ||
1110 | You can use -m multiple times. The TYPE passed must be from the | ||
1111 | list of meta-data types known to libextractor. You can obtain this | ||
1112 | list by running @command{extract -L}. Use quotes around the entire | ||
1113 | meta-data argument if the value contains spaces. The meta-data | ||
1114 | is displayed to other users when they select which files to | ||
1115 | download. The meta-data and the keywords are optional and | ||
1116 | maybe inferred using @code{GNU libextractor}. | ||
1117 | |||
1118 | gnunet-publish has a few additional options to handle namespaces and | ||
1119 | directories. See the man-page for details. | ||
1120 | |||
1121 | @node Indexing vs. Inserting | ||
1122 | @subsubsection Indexing vs Inserting | ||
1123 | @c %**end of header | ||
1124 | |||
1125 | By default, GNUnet indexes a file instead of making a full copy. | ||
1126 | This is much more efficient, but requries the file to stay unaltered | ||
1127 | at the location where it was when it was indexed. If you intend to move, | ||
1128 | delete or alter a file, consider using the option @code{-n} which will | ||
1129 | force GNUnet to make a copy of the file in the database. | ||
1130 | |||
1131 | Since it is much less efficient, this is strongly discouraged for large | ||
1132 | files. When GNUnet indexes a file (default), GNUnet does @strong{not} | ||
1133 | create an additional encrypted copy of the file but just computes a | ||
1134 | summary (or index) of the file. That summary is approximately two percent | ||
1135 | of the size of the original file and is stored in GNUnet's database. | ||
1136 | Whenever a request for a part of an indexed file reaches GNUnet, | ||
1137 | this part is encrypted on-demand and send out. This way, there is no | ||
1138 | need for an additional encrypted copy of the file to stay anywhere | ||
1139 | on the drive. This is different from other systems, such as Freenet, | ||
1140 | where each file that is put online must be in Freenet's database in | ||
1141 | encrypted format, doubling the space requirements if the user wants | ||
1142 | to preseve a directly accessible copy in plaintext. | ||
1143 | |||
1144 | Thus indexing should be used for all files where the user will keep | ||
1145 | using this file (at the location given to gnunet-publish) and does | ||
1146 | not want to retrieve it back from GNUnet each time. If you want to | ||
1147 | remove a file that you have indexed from the local peer, use the tool | ||
1148 | @command{gnunet-unindex} to un-index the file. | ||
1149 | |||
1150 | The option @code{-n} may be used if the user fears that the file might | ||
1151 | be found on their drive (assuming the computer comes under the control | ||
1152 | of an adversary). When used with the @code{-n} flag, the user has a | ||
1153 | much better chance of denying knowledge of the existence of the file, | ||
1154 | even if it is still (encrypted) on the drive and the adversary is | ||
1155 | able to crack the encryption (e.g. by guessing the keyword. | ||
1156 | |||
1157 | @node File-sharing Searching | ||
1158 | @subsection File-sharing Searching | ||
1159 | @c %**end of header | ||
1160 | |||
1161 | The command @command{gnunet-search} can be used to search | ||
1162 | for content on GNUnet. The format is: | ||
1163 | |||
1164 | @example | ||
1165 | $ gnunet-search [-t TIMEOUT] KEYWORD | ||
1166 | @end example | ||
1167 | |||
1168 | @noindent | ||
1169 | The -t option specifies that the query should timeout after | ||
1170 | approximately TIMEOUT seconds. A value of zero is interpreted | ||
1171 | as @emph{no timeout}, which is also the default. In this case, | ||
1172 | gnunet-search will never terminate (unless you press CTRL-C). | ||
1173 | |||
1174 | If multiple words are passed as keywords, they will all be | ||
1175 | considered optional. Prefix keywords with a "+" to make them mandatory. | ||
1176 | |||
1177 | Note that searching using | ||
1178 | |||
1179 | @example | ||
1180 | $ gnunet-search Das Kapital | ||
1181 | @end example | ||
1182 | |||
1183 | @noindent | ||
1184 | is not the same as searching for | ||
1185 | |||
1186 | @example | ||
1187 | $ gnunet-search "Das Kapital" | ||
1188 | @end example | ||
1189 | |||
1190 | @noindent | ||
1191 | as the first will match files shared under the keywords | ||
1192 | "Das" or "Kapital" whereas the second will match files | ||
1193 | shared under the keyword "Das Kapital". | ||
1194 | |||
1195 | Search results are printed by gnunet-search like this: | ||
1196 | |||
1197 | @c it will be better the avoid the ellipsis altogether because I don't | ||
1198 | @c understand the explanation below that | ||
1199 | @example | ||
1200 | $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992 | ||
1201 | => The GNU Public License <= (mimetype: text/plain) | ||
1202 | @end example | ||
1203 | |||
1204 | @noindent | ||
1205 | The first line is the command you would have to enter to download | ||
1206 | the file. The argument passed to @code{-o} is the suggested | ||
1207 | filename (you may change it to whatever you like). | ||
1208 | @c except it's triple dash in the above example --- | ||
1209 | The @code{--} is followed by key for decrypting the file, | ||
1210 | the query for searching the file, a checksum (in hexadecimal) | ||
1211 | finally the size of the file in bytes. | ||
1212 | The second line contains the description of the file; here this is | ||
1213 | "The GNU Public License" and the mime-type (see the options for | ||
1214 | gnunet-publish on how to specify these). | ||
1215 | |||
1216 | @node File-sharing Downloading | ||
1217 | @subsection File-sharing Downloading | ||
1218 | @c %**end of header | ||
1219 | |||
1220 | In order to download a file, you need the three values returned by | ||
1221 | @command{gnunet-search}. | ||
1222 | You can then use the tool @command{gnunet-download} to obtain the file: | ||
1223 | |||
1224 | @example | ||
1225 | $ gnunet-download -o FILENAME --- GNUNETURL | ||
1226 | @end example | ||
1227 | |||
1228 | @noindent | ||
1229 | FILENAME specifies the name of the file where GNUnet is supposed | ||
1230 | to write the result. Existing files are overwritten. If the | ||
1231 | existing file contains blocks that are identical to the | ||
1232 | desired download, those blocks will not be downloaded again | ||
1233 | (automatic resume). | ||
1234 | |||
1235 | If you want to download the GPL from the previous example, | ||
1236 | you do the following: | ||
1237 | |||
1238 | @example | ||
1239 | $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...92.17992 | ||
1240 | @end example | ||
1241 | |||
1242 | @noindent | ||
1243 | If you ever have to abort a download, you can continue it at any time by | ||
1244 | re-issuing @command{gnunet-download} with the same filename. | ||
1245 | In that case, GNUnet will @strong{not} download blocks again that are | ||
1246 | already present. | ||
1247 | |||
1248 | GNUnet's file-encoding mechanism will ensure file integrity, even if the | ||
1249 | existing file was not downloaded from GNUnet in the first place. | ||
1250 | |||
1251 | You may want to use the @command{-V} switch (must be added before | ||
1252 | @c Same as above it's triple dash | ||
1253 | the @command{--}) to turn on verbose reporting. In this case, | ||
1254 | @command{gnunet-download} will print the current number of | ||
1255 | bytes downloaded whenever new data was received. | ||
1256 | |||
1257 | @node File-sharing Directories | ||
1258 | @subsection File-sharing Directories | ||
1259 | @c %**end of header | ||
1260 | |||
1261 | Directories are shared just like ordinary files. If you download a | ||
1262 | directory with @command{gnunet-download}, you can use | ||
1263 | @command{gnunet-directory} to list its contents. The canonical | ||
1264 | extension for GNUnet directories when stored as files in your | ||
1265 | local file-system is ".gnd". The contents of a directory are URIs and | ||
1266 | meta data. | ||
1267 | The URIs contain all the information required by | ||
1268 | @command{gnunet-download} to retrieve the file. The meta data | ||
1269 | typically includes the mime-type, description, a filename and | ||
1270 | other meta information, and possibly even the full original file | ||
1271 | (if it was small). | ||
1272 | |||
1273 | @node File-sharing Namespace Management | ||
1274 | @subsection File-sharing Namespace Management | ||
1275 | @c %**end of header | 1092 | @c %**end of header |
1276 | 1093 | ||
1277 | @b{Please note that the text in this subsection is outdated and needs} | 1094 | @b{Please note that the text in this subsection is outdated and needs} |
1278 | @b{to be rewritten for version 0.10!} | 1095 | @b{to be rewritten for version 0.10!} |
1279 | 1096 | ||
1280 | The gnunet-pseudonym tool can be used to create pseudonyms and | 1097 | The @code{gnunet-identity} tool can be used to create pseudonyms and |
1281 | to advertise namespaces. By default, gnunet-pseudonym simply | 1098 | to advertise namespaces. By default, @code{gnunet-identity -D} simply |
1282 | lists all locally available pseudonyms. | 1099 | lists all locally available pseudonyms. |
1283 | 1100 | ||
1284 | 1101 | ||
@@ -1294,6 +1111,10 @@ lists all locally available pseudonyms. | |||
1294 | @subsubsection Creating Pseudonyms | 1111 | @subsubsection Creating Pseudonyms |
1295 | @c %**end of header | 1112 | @c %**end of header |
1296 | 1113 | ||
1114 | @b{Please note that the text in this subsection is outdated and needs} | ||
1115 | @b{to be rewritten for version 0.10!} | ||
1116 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1117 | |||
1297 | With the @command{-C NICK} option it can also be used to | 1118 | With the @command{-C NICK} option it can also be used to |
1298 | create a new pseudonym. A pseudonym is the virtual identity | 1119 | create a new pseudonym. A pseudonym is the virtual identity |
1299 | of the entity in control of a namespace. Anyone can create | 1120 | of the entity in control of a namespace. Anyone can create |
@@ -1305,6 +1126,10 @@ used. | |||
1305 | @subsubsection Deleting Pseudonyms | 1126 | @subsubsection Deleting Pseudonyms |
1306 | @c %**end of header | 1127 | @c %**end of header |
1307 | 1128 | ||
1129 | @b{Please note that the text in this subsection is outdated and needs} | ||
1130 | @b{to be rewritten for version 0.10!} | ||
1131 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1132 | |||
1308 | With the @command{-D NICK} option pseudonyms can be deleted. | 1133 | With the @command{-D NICK} option pseudonyms can be deleted. |
1309 | Once the pseudonym has been deleted it is impossible to add | 1134 | Once the pseudonym has been deleted it is impossible to add |
1310 | content to the corresponding namespace. Deleting the | 1135 | content to the corresponding namespace. Deleting the |
@@ -1315,6 +1140,10 @@ unavailable. | |||
1315 | @subsubsection Advertising namespaces | 1140 | @subsubsection Advertising namespaces |
1316 | @c %**end of header | 1141 | @c %**end of header |
1317 | 1142 | ||
1143 | @b{Please note that the text in this subsection is outdated and needs} | ||
1144 | @b{to be rewritten for version 0.10!} | ||
1145 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1146 | |||
1318 | Each namespace is associated with meta-data that describes | 1147 | Each namespace is associated with meta-data that describes |
1319 | the namespace. This meta-data is provided by the user at | 1148 | the namespace. This meta-data is provided by the user at |
1320 | the time that the namespace is advertised. Advertisements | 1149 | the time that the namespace is advertised. Advertisements |
@@ -1331,6 +1160,10 @@ the quality of the content found in it. | |||
1331 | @subsubsection Namespace names | 1160 | @subsubsection Namespace names |
1332 | @c %**end of header | 1161 | @c %**end of header |
1333 | 1162 | ||
1163 | @b{Please note that the text in this subsection is outdated and needs} | ||
1164 | @b{to be rewritten for version 0.10!} | ||
1165 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1166 | |||
1334 | While the namespace is uniquely identified by its ID, another way | 1167 | While the namespace is uniquely identified by its ID, another way |
1335 | to refer to the namespace is to use the NICKNAME. | 1168 | to refer to the namespace is to use the NICKNAME. |
1336 | The NICKNAME can be freely chosen by the creator of the namespace and | 1169 | The NICKNAME can be freely chosen by the creator of the namespace and |
@@ -1342,6 +1175,10 @@ to the NICKNAME to get a unique identifier. | |||
1342 | @subsubsection Namespace root | 1175 | @subsubsection Namespace root |
1343 | @c %**end of header | 1176 | @c %**end of header |
1344 | 1177 | ||
1178 | @b{Please note that the text in this subsection is outdated and needs} | ||
1179 | @b{to be rewritten for version 0.10!} | ||
1180 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1181 | |||
1345 | An item of particular interest in the namespace advertisement is | 1182 | An item of particular interest in the namespace advertisement is |
1346 | the ROOT. The ROOT is the identifier of a designated entry in the | 1183 | the ROOT. The ROOT is the identifier of a designated entry in the |
1347 | namespace. The idea is that the ROOT can be used to advertise an | 1184 | namespace. The idea is that the ROOT can be used to advertise an |
@@ -1355,6 +1192,11 @@ GNUnet (currently) uses four different types of URIs for | |||
1355 | file-sharing. They all begin with "gnunet://fs/". | 1192 | file-sharing. They all begin with "gnunet://fs/". |
1356 | This section describes the four different URI types in detail. | 1193 | This section describes the four different URI types in detail. |
1357 | 1194 | ||
1195 | For FS URIs empty KEYWORDs are not allowed. Quotes are allowed to | ||
1196 | denote whitespace between words. Keywords must contain a balanced | ||
1197 | number of double quotes. Doubles quotes can not be used in the actual | ||
1198 | keywords. This means that the the string '""foo bar""' will be turned | ||
1199 | into two OR-ed keywords 'foo' and 'bar', not into '"foo bar"'. | ||
1358 | 1200 | ||
1359 | @menu | 1201 | @menu |
1360 | * Encoding of hash values in URIs:: | 1202 | * Encoding of hash values in URIs:: |
@@ -1371,6 +1213,7 @@ This section describes the four different URI types in detail. | |||
1371 | Most URIs include some hash values. Hashes are encoded using | 1213 | Most URIs include some hash values. Hashes are encoded using |
1372 | base32hex (RFC 2938). | 1214 | base32hex (RFC 2938). |
1373 | 1215 | ||
1216 | @cindex chk-uri | ||
1374 | @node Content Hash Key (chk) | 1217 | @node Content Hash Key (chk) |
1375 | @subsubsection Content Hash Key (chk) | 1218 | @subsubsection Content Hash Key (chk) |
1376 | @c %**end of header | 1219 | @c %**end of header |
@@ -1387,6 +1230,7 @@ shape of the tree), KEYHASH is the key used to decrypt the file | |||
1387 | is the query used to request the top-level block (also the hash | 1230 | is the query used to request the top-level block (also the hash |
1388 | of the encrypted block). | 1231 | of the encrypted block). |
1389 | 1232 | ||
1233 | @cindex loc-uri | ||
1390 | @node Location identifiers (loc) | 1234 | @node Location identifiers (loc) |
1391 | @subsubsection Location identifiers (loc) | 1235 | @subsubsection Location identifiers (loc) |
1392 | @c %**end of header | 1236 | @c %**end of header |
@@ -1402,6 +1246,7 @@ base32hex), SIG is the RSA signature (in GNUnet format in | |||
1402 | base32hex) and EXPTIME specifies when the signature expires | 1246 | base32hex) and EXPTIME specifies when the signature expires |
1403 | (in milliseconds after 1970). | 1247 | (in milliseconds after 1970). |
1404 | 1248 | ||
1249 | @cindex ksk-uri | ||
1405 | @node Keyword queries (ksk) | 1250 | @node Keyword queries (ksk) |
1406 | @subsubsection Keyword queries (ksk) | 1251 | @subsubsection Keyword queries (ksk) |
1407 | @c %**end of header | 1252 | @c %**end of header |
@@ -1413,11 +1258,18 @@ using the typical URI-encoding (using hex values) from HTTP. | |||
1413 | "+" can be used to specify multiple keywords (which are then | 1258 | "+" can be used to specify multiple keywords (which are then |
1414 | logically "OR"-ed in the search, results matching both keywords | 1259 | logically "OR"-ed in the search, results matching both keywords |
1415 | are given a higher rank): "gnunet://fs/ksk/KEYWORD1+KEYWORD2". | 1260 | are given a higher rank): "gnunet://fs/ksk/KEYWORD1+KEYWORD2". |
1261 | ksk-URIs must not begin or end with the plus ('+') character. | ||
1262 | Furthermore they must not contain '++'. | ||
1416 | 1263 | ||
1264 | @cindex sks-uri | ||
1417 | @node Namespace content (sks) | 1265 | @node Namespace content (sks) |
1418 | @subsubsection Namespace content (sks) | 1266 | @subsubsection Namespace content (sks) |
1419 | @c %**end of header | 1267 | @c %**end of header |
1420 | 1268 | ||
1269 | @b{Please note that the text in this subsection is outdated and needs} | ||
1270 | @b{to be rewritten for version 0.10!} | ||
1271 | @b{This especially concerns the terminology of Pseudonym/Ego/Identity.} | ||
1272 | |||
1421 | Namespaces are sets of files that have been approved by some (usually | 1273 | Namespaces are sets of files that have been approved by some (usually |
1422 | pseudonymous) user --- typically by that user publishing all of the | 1274 | pseudonymous) user --- typically by that user publishing all of the |
1423 | files together. A file can be in many namespaces. A file is in a | 1275 | files together. A file can be in many namespaces. A file is in a |
@@ -1431,6 +1283,135 @@ chosen keyword (or password!). A commonly used identifier is | |||
1431 | "root" which by convention refers to some kind of index or other | 1283 | "root" which by convention refers to some kind of index or other |
1432 | entry point into the namespace. | 1284 | entry point into the namespace. |
1433 | 1285 | ||
1286 | @node GTK User Interface | ||
1287 | @subsection GTK User Interface | ||
1288 | This chapter describes first steps for file-sharing with GNUnet. | ||
1289 | To start, you should launch @command{gnunet-fs-gtk}. | ||
1290 | |||
1291 | As we want to be sure that the network contains the data that we are | ||
1292 | looking for for testing, we need to begin by publishing a file. | ||
1293 | |||
1294 | @menu | ||
1295 | * gtk-Publishing:: | ||
1296 | * gtk-Searching:: | ||
1297 | * gtk-Downloading:: | ||
1298 | @end menu | ||
1299 | |||
1300 | @node gtk-Publishing | ||
1301 | @subsubsection Publishing | ||
1302 | @c %**end of header | ||
1303 | |||
1304 | To publish a file, select "File Sharing" in the menu bar just below the | ||
1305 | "Statistics" icon, and then select "Publish" from the menu. | ||
1306 | |||
1307 | Afterwards, the following publishing dialog will appear: | ||
1308 | |||
1309 | @c Add image here | ||
1310 | |||
1311 | In this dialog, select the "Add File" button. This will open a | ||
1312 | file selection dialog: | ||
1313 | |||
1314 | @c Add image here | ||
1315 | |||
1316 | Now, you should select a file from your computer to be published on | ||
1317 | GNUnet. To see more of GNUnet's features later, you should pick a | ||
1318 | PNG or JPEG file this time. You can leave all of the other options | ||
1319 | in the dialog unchanged. Confirm your selection by pressing the "OK" | ||
1320 | button in the bottom right corner. Now, you will briefly see a | ||
1321 | "Messages..." dialog pop up, but most likely it will be too short for | ||
1322 | you to really read anything. That dialog is showing you progress | ||
1323 | information as GNUnet takes a first look at the selected file(s). | ||
1324 | For a normal image, this is virtually instant, but if you later | ||
1325 | import a larger directory you might be interested in the progress dialog | ||
1326 | and potential errors that might be encountered during processing. | ||
1327 | After the progress dialog automatically disappears, your file | ||
1328 | should now appear in the publishing dialog: | ||
1329 | |||
1330 | @c Add image here | ||
1331 | |||
1332 | Now, select the file (by clicking on the file name) and then click | ||
1333 | the "Edit" button. This will open the editing dialog: | ||
1334 | |||
1335 | @c Add image here | ||
1336 | |||
1337 | In this dialog, you can see many details about your file. In the | ||
1338 | top left area, you can see meta data extracted about the file, | ||
1339 | such as the original filename, the mimetype and the size of the image. | ||
1340 | In the top right, you should see a preview for the image | ||
1341 | (if GNU libextractor was installed correctly with the | ||
1342 | respective plugins). Note that if you do not see a preview, this | ||
1343 | is not a disaster, but you might still want to install more of | ||
1344 | GNU libextractor in the future. In the bottom left, the dialog contains | ||
1345 | a list of keywords. These are the keywords under which the file will be | ||
1346 | made available. The initial list will be based on the extracted meta data. | ||
1347 | Additional publishing options are in the right bottom corner. We will | ||
1348 | now add an additional keyword to the list of keywords. This is done by | ||
1349 | entering the keyword above the keyword list between the label "Keyword" | ||
1350 | and the "Add keyword" button. Enter "test" and select "Add keyword". | ||
1351 | Note that the keyword will appear at the bottom of the existing keyword | ||
1352 | list, so you might have to scroll down to see it. Afterwards, push the | ||
1353 | "OK" button at the bottom right of the dialog. | ||
1354 | |||
1355 | You should now be back at the "Publish content on GNUnet" dialog. Select | ||
1356 | "Execute" in the bottom right to close the dialog and publish your file | ||
1357 | on GNUnet! Afterwards, you should see the main dialog with a new area | ||
1358 | showing the list of published files (or ongoing publishing operations | ||
1359 | with progress indicators): | ||
1360 | |||
1361 | @c Add image here | ||
1362 | |||
1363 | @node gtk-Searching | ||
1364 | @subsubsection Searching | ||
1365 | @c %**end of header | ||
1366 | |||
1367 | Below the menu bar, there are four entry widges labeled "Namespace", | ||
1368 | "Keywords", "Anonymity" and "Mime-type" (from left to right). These | ||
1369 | widgets are used to control searching for files in GNUnet. Between the | ||
1370 | "Keywords" and "Anonymity" widgets, there is also a big "Search" button, | ||
1371 | which is used to initiate the search. We will ignore the "Namespace", | ||
1372 | "Anonymity" and "Mime-type" options in this tutorial, please leave them | ||
1373 | empty. Instead, simply enter "test" under "Keywords" and press "Search". | ||
1374 | Afterwards, you should immediately see a new tab labeled after your | ||
1375 | search term, followed by the (current) number of search | ||
1376 | results --- "(15)" in our screenshot. Note that your results may | ||
1377 | vary depending on what other users may have shared and how your | ||
1378 | peer is connected. | ||
1379 | |||
1380 | You can now select one of the search results. Once you do this, | ||
1381 | additional information about the result should be displayed on the | ||
1382 | right. If available, a preview image should appear on the top right. | ||
1383 | Meta data describing the file will be listed at the bottom right. | ||
1384 | |||
1385 | Once a file is selected, at the bottom of the search result list | ||
1386 | a little area for downloading appears. | ||
1387 | |||
1388 | @node gtk-Downloading | ||
1389 | @subsubsection Downloading | ||
1390 | @c %**end of header | ||
1391 | |||
1392 | In the downloading area, you can select the target directory (default is | ||
1393 | "Downloads") and specify the desired filename (by default the filename it | ||
1394 | taken from the meta data of the published file). Additionally, you can | ||
1395 | specify if the download should be anonymous and (for directories) if | ||
1396 | the download should be recursive. In most cases, you can simply start | ||
1397 | the download with the "Download!" button. | ||
1398 | |||
1399 | Once you selected download, the progress of the download will be | ||
1400 | displayed with the search result. You may need to resize the result | ||
1401 | list or scroll to the right. The "Status" column shows the current | ||
1402 | status of the download, and "Progress" how much has been completed. | ||
1403 | When you close the search tab (by clicking on the "X" button next to | ||
1404 | the "test" label), ongoing and completed downloads are not aborted | ||
1405 | but moved to a special "*" tab. | ||
1406 | |||
1407 | You can remove completed downloads from the "*" tab by clicking the | ||
1408 | cleanup button next to the "*". You can also abort downloads by right | ||
1409 | clicking on the respective download and selecting "Abort download" | ||
1410 | from the menu. | ||
1411 | |||
1412 | That's it, you now know the basics for file-sharing with GNUnet! | ||
1413 | |||
1414 | |||
1434 | @node The GNU Name System | 1415 | @node The GNU Name System |
1435 | @section The GNU Name System | 1416 | @section The GNU Name System |
1436 | @c %**end of header | 1417 | @c %**end of header |
@@ -1466,47 +1447,42 @@ the user. This results in non-unique name-value mappings as | |||
1466 | 1447 | ||
1467 | 1448 | ||
1468 | @menu | 1449 | @menu |
1450 | * Creating a Zone:: | ||
1469 | * Maintaining your own Zones:: | 1451 | * Maintaining your own Zones:: |
1470 | * Obtaining your Zone Key:: | 1452 | * Obtaining your Zone Key:: |
1471 | * Adding Links to Other Zones:: | 1453 | * Adding Links to Other Zones:: |
1472 | * The Three Local Zones of GNS:: | 1454 | * Using Public Keys as Top Level Domains:: |
1473 | * The Master Zone:: | ||
1474 | * The Private Zone:: | ||
1475 | * The Shorten Zone:: | ||
1476 | * The ZKEY Top Level Domain in GNS:: | ||
1477 | * Resource Records in GNS:: | 1455 | * Resource Records in GNS:: |
1456 | * Synchronizing with legacy DNS:: | ||
1478 | @end menu | 1457 | @end menu |
1479 | 1458 | ||
1480 | 1459 | ||
1481 | @node Maintaining your own Zones | 1460 | @node Creating a Zone |
1482 | @subsection Maintaining your own Zones | 1461 | @subsection Creating a Zone |
1483 | 1462 | ||
1484 | To setup your GNS system you must execute: | 1463 | To use GNS, you probably should create at least one zone of your own. |
1464 | You can create any number of zones using the gnunet-identity tool | ||
1465 | using: | ||
1485 | 1466 | ||
1486 | @example | 1467 | @example |
1487 | $ gnunet-gns-import.sh | 1468 | $ gnunet-identity -C "myzone" |
1488 | @end example | 1469 | @end example |
1489 | 1470 | ||
1490 | @noindent | 1471 | Henceforth, on your system you control the TLD ``myzone''. |
1491 | This will boostrap your zones and create the necessary key material. | 1472 | |
1492 | Your keys can be listed using the @command{gnunet-identity} | 1473 | All of your zones can be listed (displayed) using the |
1493 | command line tool: | 1474 | @command{gnunet-identity} command line tool as well: |
1494 | 1475 | ||
1495 | @example | 1476 | @example |
1496 | $ gnunet-identity -d | 1477 | $ gnunet-identity -d |
1497 | @end example | 1478 | @end example |
1498 | 1479 | ||
1499 | @noindent | 1480 | @node Maintaining your own Zones |
1500 | You can arbitrarily create your own zones using the gnunet-identity | 1481 | @subsection Maintaining your own Zones |
1501 | tool using: | ||
1502 | |||
1503 | @example | ||
1504 | $ gnunet-identity -C "new_zone" | ||
1505 | @end example | ||
1506 | 1482 | ||
1507 | @noindent | 1483 | @noindent |
1508 | Now you can add (or edit, or remove) records in your GNS zone using the | 1484 | Now you can add (or edit, or remove) records in your GNS zone using the |
1509 | @command{gnunet-setup} GUI or using the @command{gnunet-namestore} | 1485 | @command{gnunet-namestore-gtk} GUI or using the @command{gnunet-namestore} |
1510 | command-line tool. | 1486 | command-line tool. |
1511 | In either case, your records will be stored in an SQL database under | 1487 | In either case, your records will be stored in an SQL database under |
1512 | control of the @command{gnunet-service-namestore}. | 1488 | control of the @command{gnunet-service-namestore}. |
@@ -1518,21 +1494,21 @@ if they are marked as private. | |||
1518 | To provide a short example for editing your own zone, suppose you | 1494 | To provide a short example for editing your own zone, suppose you |
1519 | have your own web server with the IP @code{1.2.3.4}. Then you can put an | 1495 | have your own web server with the IP @code{1.2.3.4}. Then you can put an |
1520 | @code{A} record (@code{A} records in DNS are for IPv4 IP addresses) | 1496 | @code{A} record (@code{A} records in DNS are for IPv4 IP addresses) |
1521 | into your local zone using the command: | 1497 | into your local zone ``myzone'' using the command: |
1522 | 1498 | ||
1523 | @example | 1499 | @example |
1524 | $ gnunet-namestore -z master-zone -a -n www -t A -V 1.2.3.4 -e never | 1500 | $ gnunet-namestore -z myzone -a -n www -t A -V 1.2.3.4 -e never |
1525 | @end example | 1501 | @end example |
1526 | 1502 | ||
1527 | @noindent | 1503 | @noindent |
1528 | Afterwards, you will be able to access your webpage under "www.gnu" | 1504 | Afterwards, you will be able to access your webpage under "www.myzone" |
1529 | (assuming your webserver does not use virtual hosting, if it does, | 1505 | (assuming your webserver does not use virtual hosting, if it does, |
1530 | please read up on setting up the GNS proxy). | 1506 | please read up on setting up the GNS proxy). |
1531 | 1507 | ||
1532 | Similar commands will work for other types of DNS and GNS records, | 1508 | Similar commands will work for other types of DNS and GNS records, |
1533 | the syntax largely depending on the type of the record. | 1509 | the syntax largely depending on the type of the record. |
1534 | Naturally, most users may find editing the zones using the | 1510 | Naturally, most users may find editing the zones using the |
1535 | @command{gnunet-setup} GUI to be easier. | 1511 | @command{gnunet-namestore-gtk} GUI to be easier. |
1536 | 1512 | ||
1537 | @node Obtaining your Zone Key | 1513 | @node Obtaining your Zone Key |
1538 | @subsection Obtaining your Zone Key | 1514 | @subsection Obtaining your Zone Key |
@@ -1546,7 +1522,7 @@ give it to others so that they can securely link to you. | |||
1546 | You can usually get the hash of your public key using | 1522 | You can usually get the hash of your public key using |
1547 | 1523 | ||
1548 | @example | 1524 | @example |
1549 | $ gnunet-identity -d $options | grep master-zone | awk '@{print $3@}' | 1525 | $ gnunet-identity -d $options | grep myzone | awk '@{print $3@}' |
1550 | @end example | 1526 | @end example |
1551 | 1527 | ||
1552 | @noindent | 1528 | @noindent |
@@ -1557,10 +1533,10 @@ DC3SEECJORPHQNVRH965A6N74B1M37S721IG4RBQ15PJLLPJKUE0 | |||
1557 | @end example | 1533 | @end example |
1558 | 1534 | ||
1559 | @noindent | 1535 | @noindent |
1560 | Alternatively, you can obtain a QR code with your zone key AND | 1536 | Alternatively, you can obtain a QR code with your zone key AND your |
1561 | your pseudonym from gnunet-gtk. The QR code is displayed in the | 1537 | pseudonym from gnunet-namestore-gtk. The QR code is displayed in the |
1562 | GNS tab and can be stored to disk using the Save as button next | 1538 | main window and can be stored to disk using the ``Save as'' button |
1563 | to the image. | 1539 | next to the image. |
1564 | 1540 | ||
1565 | @node Adding Links to Other Zones | 1541 | @node Adding Links to Other Zones |
1566 | @subsection Adding Links to Other Zones | 1542 | @subsection Adding Links to Other Zones |
@@ -1576,90 +1552,38 @@ You can then delegate resolution of names to Bob's zone by adding | |||
1576 | a PKEY record to their local zone: | 1552 | a PKEY record to their local zone: |
1577 | 1553 | ||
1578 | @example | 1554 | @example |
1579 | $ gnunet-namestore -a -n bob --type PKEY -V XXXX -e never | 1555 | $ gnunet-namestore -a -n bob --type PKEY -V XXXX -e never -Z myzone |
1580 | @end example | 1556 | @end example |
1581 | 1557 | ||
1582 | @noindent | 1558 | @noindent |
1583 | Note that XXXX in the command above must be replaced with the | 1559 | Note that ``XXXX'' in the command above must be replaced with the hash |
1584 | hash of Bob's public key (the output your friend obtained using | 1560 | of Bob's public key (the output your friend obtained using the |
1585 | the gnunet-identity command from the previous section and told you, | 1561 | @command{gnunet-identity} command from the previous section and told |
1586 | for example by giving you a business card containing this | 1562 | you, for example by giving you a business card containing this |
1587 | information as a QR code). | 1563 | information as a QR code). |
1588 | 1564 | ||
1589 | Assuming Bob has an A record for their website under the name of | 1565 | Assuming Bob has an ``A'' record for their website under the name of |
1590 | www in his zone, you can then access Bob's website under | 1566 | ``www'' in his zone, you can then access Bob's website under |
1591 | www.bob.gnu --- as well as any (public) GNS record that Bob has | 1567 | ``www.bob.myzone'' --- as well as any (public) GNS record that Bob has |
1592 | in their zone by replacing www with the respective name of the | 1568 | in their zone by replacing www with the respective name of the |
1593 | record in Bob's zone. | 1569 | record in Bob's zone. |
1594 | 1570 | ||
1595 | @c themselves? themself? | 1571 | @c themselves? themself? |
1596 | Furthermore, if Bob has themselves a (public) delegation to Carol's | 1572 | Furthermore, if Bob has themselves a (public) delegation to Carol's |
1597 | zone under "carol", you can access Carol's records under | 1573 | zone under "carol", you can access Carol's records under |
1598 | NAME.carol.bob.gnu (where NAME is the name of Carol's record you | 1574 | ``NAME.carol.bob.myzone'' (where ``NAME'' is the name of Carol's |
1599 | want to access). | 1575 | record you want to access). |
1600 | |||
1601 | @node The Three Local Zones of GNS | ||
1602 | @subsection The Three Local Zones of GNS | ||
1603 | |||
1604 | Each user GNS has control over three zones. Each of the zones | ||
1605 | has a different purpose. These zones are the | ||
1606 | |||
1607 | @itemize @bullet | ||
1608 | |||
1609 | @item master zone, | ||
1610 | @item private zone, and the | ||
1611 | @item shorten zone. | ||
1612 | @end itemize | ||
1613 | |||
1614 | @node The Master Zone | ||
1615 | @subsection The Master Zone | ||
1616 | |||
1617 | |||
1618 | The master zone is your personal TLD. Names within the @code{.gnu} | ||
1619 | namespace are resolved relative to this zone. You can arbitrarily | ||
1620 | add records to this zone and selectively publish those records. | ||
1621 | |||
1622 | @node The Private Zone | ||
1623 | @subsection The Private Zone | ||
1624 | |||
1625 | 1576 | ||
1626 | The private zone is a subzone (or subdomain in DNS terms) of your | ||
1627 | master zone. It should be used for records that you want to keep | ||
1628 | private. For example @code{bank.private.gnu}. The key idea is that | ||
1629 | you want to keep your private records separate, if just to know | ||
1630 | that those names are not available to other users. | ||
1631 | 1577 | ||
1632 | @node The Shorten Zone | 1578 | @node Using Public Keys as Top Level Domains |
1633 | @subsection The Shorten Zone | 1579 | @subsection Using Public Keys as Top Level Domains |
1634 | 1580 | ||
1635 | 1581 | ||
1636 | The shorten zone can either be a subzone of the master zone or the | 1582 | GNS also assumes responsibility for any name that uses in a |
1637 | private zone. It is different from the other zones in that GNS | 1583 | well-formed public key for the TLD. Names ending this way are then |
1638 | will automatically populate this zone with other users' zones based | 1584 | resolved by querying the respective zone. Such public key TLDs are |
1639 | on their PSEU records whenever you resolve a name. | 1585 | expected to be used under rare circumstances where globally unique |
1640 | 1586 | names are required, and for integration with legacy systems. | |
1641 | For example if you go to | ||
1642 | @code{@uref{http://www.bob.alice.dave.gnu/, www.bob.alice.dave.gnu}}, | ||
1643 | GNS will try to import @code{bob} into your shorten zone. Having | ||
1644 | obtained Bob's PKEY from @code{alice.dave.gnu}, GNS will lookup the | ||
1645 | PSEU record for @code{+} in Bob's zone. If it exists and the specified | ||
1646 | pseudonym is not taken, Bob's PKEY will be automatically added under | ||
1647 | that pseudonym (i.e. "bob") into your shorten zone. From then on, | ||
1648 | Bob's webpage will also be available for you as | ||
1649 | @code{@uref{http://www.bob.short.gnu/, www.bob.short.gnu}}. | ||
1650 | This feature is called @b{automatic name shortening} and is supposed to | ||
1651 | keep GNS names as short and memorable as possible. | ||
1652 | |||
1653 | @node The ZKEY Top Level Domain in GNS | ||
1654 | @subsection The ZKEY Top Level Domain in GNS | ||
1655 | |||
1656 | |||
1657 | GNS also provides a secure and globally unique namespace under the .zkey | ||
1658 | top-level domain. A name in the .zkey TLD corresponds to the (printable) | ||
1659 | public key of a zone. Names in the .zkey TLD are then resolved by querying | ||
1660 | the respective zone. The .zkey TLD is expected to be used under rare | ||
1661 | circumstances where globally unique names are required and for | ||
1662 | integration with legacy systems. | ||
1663 | 1587 | ||
1664 | @node Resource Records in GNS | 1588 | @node Resource Records in GNS |
1665 | @subsection Resource Records in GNS | 1589 | @subsection Resource Records in GNS |
@@ -1682,7 +1606,7 @@ to the current authoritative zone. The extended processing of those | |||
1682 | names will expand the ".+" with the correct delegation chain to the | 1606 | names will expand the ".+" with the correct delegation chain to the |
1683 | authoritative zone (replacing ".+" with the name of the location | 1607 | authoritative zone (replacing ".+" with the name of the location |
1684 | where the name was encountered) and hence generate a | 1608 | where the name was encountered) and hence generate a |
1685 | valid @code{.gnu} name. | 1609 | valid GNS name. |
1686 | 1610 | ||
1687 | GNS currently supports the following record types: | 1611 | GNS currently supports the following record types: |
1688 | 1612 | ||
@@ -1696,28 +1620,43 @@ GNS currently supports the following record types: | |||
1696 | * CNAME:: | 1620 | * CNAME:: |
1697 | * GNS2DNS:: | 1621 | * GNS2DNS:: |
1698 | * SOA SRV PTR and MX:: | 1622 | * SOA SRV PTR and MX:: |
1623 | * PLACE:: | ||
1624 | * PHONE:: | ||
1625 | * ID ATTR:: | ||
1626 | * ID TOKEN:: | ||
1627 | * ID TOKEN METADATA:: | ||
1628 | * CREDENTIAL:: | ||
1629 | * POLICY:: | ||
1630 | * ATTRIBUTE:: | ||
1631 | * ABE KEY:: | ||
1632 | * ABE MASTER:: | ||
1633 | * RECLAIM OIDC CLIENT:: | ||
1634 | * RECLAIM OIDC REDIRECT:: | ||
1699 | @end menu | 1635 | @end menu |
1700 | 1636 | ||
1701 | @node NICK | 1637 | @node NICK |
1702 | @subsubsection NICK | 1638 | @subsubsection NICK |
1703 | 1639 | ||
1704 | A NICK record is used to give a zone a name. With a NICK record, you can | 1640 | A NICK record is used to give a zone a name. With a NICK record, you |
1705 | essentially specify how you would like to be called. GNS expects this | 1641 | can essentially specify how you would like to be called. GNS expects |
1706 | record under the name "+" in the zone's database (NAMESTORE); however, | 1642 | this record under the empty label ``@@'' in the zone's database |
1707 | it will then automatically be copied into each record set, so that | 1643 | (NAMESTORE); however, it will then automatically be copied into each |
1708 | clients never need to do a separate lookup to discover the NICK record. | 1644 | record set, so that clients never need to do a separate lookup to |
1645 | discover the NICK record. Also, users do not usually have to worry | ||
1646 | about setting the NICK record: it is automatically set to the local | ||
1647 | name of the TLD. | ||
1709 | 1648 | ||
1710 | @b{Example}@ | 1649 | @b{Example}@ |
1711 | 1650 | ||
1712 | @example | 1651 | @example |
1713 | Name: +; RRType: NICK; Value: bob | 1652 | Name: @@; RRType: NICK; Value: bob |
1714 | @end example | 1653 | @end example |
1715 | 1654 | ||
1716 | @noindent | 1655 | @noindent |
1717 | This record in Bob's zone will tell other users that this zone wants | 1656 | This record in Bob's zone will tell other users that this zone wants |
1718 | to be referred to as 'bob'. Note that nobody is obliged to call Bob's | 1657 | to be referred to as 'bob'. Note that nobody is obliged to call Bob's |
1719 | zone 'bob' in their own zones. It can be seen as a | 1658 | zone 'bob' in their own zones. It can be seen as a |
1720 | recommendation ("Please call me 'bob'"). | 1659 | recommendation ("Please call this zone 'bob'"). |
1721 | 1660 | ||
1722 | @node PKEY | 1661 | @node PKEY |
1723 | @subsubsection PKEY | 1662 | @subsubsection PKEY |
@@ -1864,6 +1803,188 @@ should use the ZKEY zone as the destination hostname and | |||
1864 | GNS-enabled mail servers should be configured to accept | 1803 | GNS-enabled mail servers should be configured to accept |
1865 | e-mails to the ZKEY-zones of all local users. | 1804 | e-mails to the ZKEY-zones of all local users. |
1866 | 1805 | ||
1806 | @node PLACE | ||
1807 | @subsubsection PLACE | ||
1808 | |||
1809 | Record type for a social place. | ||
1810 | |||
1811 | @node PHONE | ||
1812 | @subsubsection PHONE | ||
1813 | |||
1814 | Record type for a phone (of CONVERSATION). | ||
1815 | |||
1816 | @node ID ATTR | ||
1817 | @subsubsection ID ATTR | ||
1818 | |||
1819 | Record type for identity attributes (of IDENTITY). | ||
1820 | |||
1821 | @node ID TOKEN | ||
1822 | @subsubsection ID TOKEN | ||
1823 | |||
1824 | Record type for an identity token (of IDENTITY-TOKEN). | ||
1825 | |||
1826 | @node ID TOKEN METADATA | ||
1827 | @subsubsection ID TOKEN METADATA | ||
1828 | |||
1829 | Record type for the private metadata of an identity token (of IDENTITY-TOKEN). | ||
1830 | |||
1831 | @node CREDENTIAL | ||
1832 | @subsubsection CREDENTIAL | ||
1833 | |||
1834 | Record type for credential. | ||
1835 | |||
1836 | @node POLICY | ||
1837 | @subsubsection POLICY | ||
1838 | |||
1839 | Record type for policies. | ||
1840 | |||
1841 | @node ATTRIBUTE | ||
1842 | @subsubsection ATTRIBUTE | ||
1843 | |||
1844 | Record type for reverse lookups. | ||
1845 | |||
1846 | @node ABE KEY | ||
1847 | @subsubsection ABE KEY | ||
1848 | |||
1849 | Record type for ABE records. | ||
1850 | |||
1851 | @node ABE MASTER | ||
1852 | @subsubsection ABE MASTER | ||
1853 | |||
1854 | Record type for ABE master keys. | ||
1855 | |||
1856 | @node RECLAIM OIDC CLIENT | ||
1857 | @subsubsection RECLAIM OIDC CLIENT | ||
1858 | |||
1859 | Record type for reclaim OIDC clients. | ||
1860 | |||
1861 | @node RECLAIM OIDC REDIRECT | ||
1862 | @subsubsection RECLAIM OIDC REDIRECT | ||
1863 | |||
1864 | Record type for reclaim OIDC redirect URIs. | ||
1865 | |||
1866 | @node Synchronizing with legacy DNS | ||
1867 | @subsection Synchronizing with legacy DNS | ||
1868 | |||
1869 | If you want to support GNS but the master database for a zone | ||
1870 | is only available and maintained in DNS, GNUnet includes the | ||
1871 | @command{gnunet-zoneimport} tool to monitor a DNS zone and | ||
1872 | automatically import records into GNS. Today, the tool does | ||
1873 | not yet support DNS AF(X)R, as we initially used it on the | ||
1874 | ``.fr'' zone which does not allow us to perform a DNS zone | ||
1875 | transfer. Instead, @command{gnunet-zoneimport} reads a list | ||
1876 | of DNS domain names from @code{stdin}, issues DNS queries for | ||
1877 | each, converts the obtained records (if possible) and stores | ||
1878 | the result in the namestore. | ||
1879 | |||
1880 | @image{images/gns,6in,, picture of DNS-GNS data flow} | ||
1881 | |||
1882 | The zonemaster service then takes the records from the namestore, | ||
1883 | publishes them into the DHT which makes the result available to the | ||
1884 | GNS resolver. In the GNS configuration, non-local zones can be | ||
1885 | configured to be intercepted by specifying ``.tld = PUBLICKEY'' in the | ||
1886 | configuration file in the ``[gns]'' section. | ||
1887 | |||
1888 | Note that the namestore by default also populates the namecache. | ||
1889 | This pre-population is cryptographically expensive. Thus, on | ||
1890 | systems that only serve to import a large (millions of records) | ||
1891 | DNS zone and that do not have a local gns service in use, it | ||
1892 | is thus advisable to disable the namecache by setting the | ||
1893 | option ``DISABLE'' to ``YES'' in section ``[namecache]''. | ||
1894 | |||
1895 | |||
1896 | @node re@:claim Identity Provider | ||
1897 | @section re@:claim Identity Provider | ||
1898 | |||
1899 | The re:claim Identity Provider (IdP) is a decentralized IdP service. | ||
1900 | It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses. | ||
1901 | |||
1902 | It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook. | ||
1903 | Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort. | ||
1904 | |||
1905 | @menu | ||
1906 | * Managing Attributes:: | ||
1907 | * Sharing Attributes with Third Parties:: | ||
1908 | * Revoking Authorizations of Third Parties:: | ||
1909 | * Using the OpenID-Connect IdP:: | ||
1910 | @end menu | ||
1911 | |||
1912 | @node Managing Attributes | ||
1913 | @subsection Managing Attributes | ||
1914 | |||
1915 | Before adding attributes to an identity, you must first create an ego: | ||
1916 | |||
1917 | @example | ||
1918 | $ gnunet-identity -C "username" | ||
1919 | @end example | ||
1920 | |||
1921 | Henceforth, you can manage a new user profile of the user ``username''. | ||
1922 | |||
1923 | To add an email address to your user profile, simply use the @command{gnunet-reclaim} command line tool:: | ||
1924 | |||
1925 | @example | ||
1926 | $ gnunet-reclaim -e "username" -a "email" -V "username@@example.gnunet" | ||
1927 | @end example | ||
1928 | |||
1929 | All of your attributes can be listed using the @command{gnunet-reclaim} | ||
1930 | command line tool as well: | ||
1931 | |||
1932 | @example | ||
1933 | $ gnunet-reclaim -e "username" -D | ||
1934 | @end example | ||
1935 | |||
1936 | Currently, and by default, attribute values are interpreted as plain text. | ||
1937 | In the future there might be more value types such as X.509 certificate credentials. | ||
1938 | |||
1939 | @node Sharing Attributes with Third Parties | ||
1940 | @subsection Sharing Attributes with Third Parties | ||
1941 | |||
1942 | If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute: | ||
1943 | |||
1944 | @example | ||
1945 | $ gnunet-reclaim -e "username" -r "PKEY" -i "attribute1,attribute2,..." | ||
1946 | @end example | ||
1947 | |||
1948 | Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share. | ||
1949 | |||
1950 | The command will return a "ticket" string. | ||
1951 | You must give this "ticket" to the requesting third party. | ||
1952 | |||
1953 | The third party can then retrieve your shared identity attributes using: | ||
1954 | |||
1955 | @example | ||
1956 | $ gnunet-reclaim -e "friend" -C "ticket" | ||
1957 | @end example | ||
1958 | |||
1959 | This will retrieve and list the shared identity attributes. | ||
1960 | The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS. | ||
1961 | Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed. | ||
1962 | |||
1963 | To list all given authorizations (tickets) you can execute: | ||
1964 | @example | ||
1965 | $ gnunet-reclaim -e "friend" -T (TODO there is only a REST API for this ATM) | ||
1966 | @end example | ||
1967 | |||
1968 | |||
1969 | @node Revoking Authorizations of Third Parties | ||
1970 | @subsection Revoking Authorizations of Third Parties | ||
1971 | |||
1972 | If you want to revoke the access of a third party to your attributes you can execute: | ||
1973 | |||
1974 | @example | ||
1975 | $ gnunet-idp -e "username" -R "ticket" | ||
1976 | @end example | ||
1977 | |||
1978 | This will prevent the third party from accessing the attribute in the future. | ||
1979 | Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data. | ||
1980 | As such, only access to updated data in the future can be revoked. | ||
1981 | This behaviour is _exactly the same_ as with other IdPs. | ||
1982 | |||
1983 | @node Using the OpenID-Connect IdP | ||
1984 | @subsection Using the OpenID-Connect IdP | ||
1985 | |||
1986 | TODO: Document setup and REST endpoints | ||
1987 | |||
1867 | @node Using the Virtual Public Network | 1988 | @node Using the Virtual Public Network |
1868 | @section Using the Virtual Public Network | 1989 | @section Using the Virtual Public Network |
1869 | 1990 | ||
@@ -2036,7 +2157,7 @@ destination. | |||
2036 | 2157 | ||
2037 | For applications that do not use DNS, you can also manually create | 2158 | For applications that do not use DNS, you can also manually create |
2038 | such a mapping using the gnunet-vpn command-line tool. Here, you | 2159 | such a mapping using the gnunet-vpn command-line tool. Here, you |
2039 | specfiy the desired address family of the result (i.e. "-4"), and the | 2160 | specify the desired address family of the result (i.e. "-4"), and the |
2040 | intended target IP on the Internet ("-i 131.159.74.67") and | 2161 | intended target IP on the Internet ("-i 131.159.74.67") and |
2041 | "gnunet-vpn" will tell you which IP address in the range of your | 2162 | "gnunet-vpn" will tell you which IP address in the range of your |
2042 | VPN tunnel was mapped. | 2163 | VPN tunnel was mapped. |
@@ -2047,3 +2168,5 @@ service offered by that peer, you can create an IP tunnel to | |||
2047 | that peer by specifying the peer's identity, service name and | 2168 | that peer by specifying the peer's identity, service name and |
2048 | protocol (--tcp or --udp) and you will again receive an IP address | 2169 | protocol (--tcp or --udp) and you will again receive an IP address |
2049 | that will terminate at the respective peer's service. | 2170 | that will terminate at the respective peer's service. |
2171 | |||
2172 | |||