little programming effort.
All connections between para_server and para_client are encrypted
-with a symmetric RC4 session key. For each user of paraslash you must
+with a symmetric session key. For each user of paraslash you must
create a public/secret RSA key pair for authentication.
If para_client is started without non-option arguments, an interactive
sudo apt-get install autoconf libssl-dev help2man gengetopt \
libmad0-dev libid3tag0-dev libasound2-dev libvorbis-dev \
libfaad-dev libspeex-dev libFLAC-dev libsamplerate-dev \
- libasound2-dev libao-dev libreadline-dev libncurses-dev
+ libasound2-dev libao-dev libreadline-dev libncurses-dev \
+ libopus-dev
Detailed description: In any case you'll need
- - XREFERENCE(http://systemlinux.org/~maan/osl/, libosl).
+ - XREFERENCE(http://people.tuebingen.mpg.de/maan/osl/, libosl).
The _object storage layer_ library is used by para_server. To
clone the source code repository, execute
ssh-keygen -t rsa -b 2048
# hit enter twice to create a key with no passphrase
-This generates the two files id_rsa and id_rsa.pub in ~/.ssh. Note
-that paraslash can also read keys generated by the "openssl genrsa"
-command. However, since keys created with ssh-keygen can also be used
-for ssh, this method is recommended.
-
-Note that para_server refuses to use a key if it is shorter than 2048
-bits. In particular, the RSA keys of paraslash 0.3.x will not work
-with version 0.4.x. Moreover, para_client refuses to use a (private)
-key which is world-readable.
+This generates the two files id_rsa and id_rsa.pub in ~/.ssh.
+Note that para_server refuses to use a key if it is shorter than
+2048 bits. Moreover, para_client refuses to use a private key which
+is world-readable.
para_server only needs to know the public key of the key pair just
created. Copy this public key to server_host:
para_server uses a challenge-response mechanism to authenticate
requests from incoming connections, similar to ssh's public key
authentication method. Authenticated connections are encrypted using
-the RC4 stream cipher.
+a stream cipher, either RC4 or AES in integer counter mode.
-In this chapter we briefly describe RSA and RC4 and sketch the
+In this chapter we briefly describe RSA, RC4 and AES, and sketch the
REFERENCE(Client-server authentication, authentication handshake)
between para_client and para_server. User management is discussed
in the section on REFERENCE(The user_list file, the user_list file).
-RSA and RC4
-~~~~~~~~~~~
+RSA, RC4, AES
+~~~~~~~~~~~~~
RSA is an asymmetric block cipher which is used in many applications,
including ssh and gpg. An RSA key consists in fact of two keys,
be used twice, a different, randomly-generated key is used for every
new connection.
+AES, the advanced encryption standard, is a well-known symmetric block
+cipher, i.e. a transformation operating on fixed-length blocks which
+is determined by a single key for both encryption and decryption. Any
+block cipher can be turned into a stream cipher by generating
+a pseudo-random key stream by encrypting successive values of a
+counter. The AES_CTR128 stream cipher used in paraslash is obtained
+in this way from the AES block cipher with a 128 bit block size.
+
+
Client-server authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fixed-length buffer with random bytes, encrypts that buffer
using the public key and sends the encrypted buffer to the
client. The first part of the buffer is the challenge which
- is used for authentication while the second part is the RC4
+ is used for authentication while the second part is the
session key.
- para_client receives the encrypted buffer and decrypts it
- Otherwise the user is considered authenticated and the client
is allowed to proceed by sending a command to be executed. From
- this point on the communication is encrypted using the RC4
- stream cipher with the session key known to both peers.
+ this point on the communication is encrypted using the stream
+ cipher with the session key known to both peers.
paraslash relies on the quality of the pseudo-random bytes provided
by the crypto library (openssl or libgcrypt), on the security of
-the implementation of the RSA and RC4 crypto routines and on the
+the implementation of the RSA, RC4 and AES crypto routines and on the
infeasibility to invert the SHA1 function.
Neither para_server or para_client create RSA keys on their own. This
maintains tables containing images (e.g. album cover art) and lyrics
that can be associated with one or more audio files.
-AFS uses XREFERENCE(http://systemlinux.org/~maan/osl/, libosl), the
+AFS uses XREFERENCE(http://people.tuebingen.mpg.de/maan/osl/, libosl), the
object storage layer library, as the backend library for storing
information on audio files, playlists, etc. This library offers
functionality similar to a relational database, but is much more
The Free Lossless Audio Codec (FLAC) compresses audio without quality
loss. It gives better compression ratios than a general purpose
compressor like zip or bzip2 because FLAC is designed specifically
-for audio. A FLAC-encoded file consits of frames of varying size, up
+for audio. A FLAC-encoded file consists of frames of varying size, up
to 16K. Each frame starts with a header that contains all information
necessary to decode the frame.
The audio format handler code is linked into para_server and executed
via the _add_ command. The same code is also available as a stand-alone
-tool, para_afh, which can be used to print the technical data, the
-chunk table and the meta data of a file.
+tool, para_afh, which prints the technical data, the chunk table
+and the meta data of a file. Moreover, all audio format handlers are
+combined in the afh receiver which is part of para_recv and para_play.
----------
Networking
Examples
~~~~~~~~
-The sender command of para_server allows to (de-)activate senders
-and to change the access permissions senders at runtime. The "si"
-(server info) command is used to list the streaming options of the
-currently running server as well as the various sender access lists.
+The "si" (server info) command lists some information about the
+currently running server process.
--> Show client/target/access lists:
+-> Show PIDs, number of connected clients, uptime, and more:
para_client si
+The sender command of para_server prints information about senders,
+like the various access control lists, and it allows to (de-)activate
+senders and to change the access permissions at runtime.
+
+-> List all senders
+
+ para_client sender
+
-> Obtain general help for the sender command:
para_client help sender
s=http # or dccp or udp
para_client sender $s help
+-> Show status of the http sender
+
+ para_client sender http status
+
By default para_server activates both the HTTP and th DCCP sender on
startup. This can be changed via command line options or para_server's
config file.
Application web pages
~~~~~~~~~~~~~~~~~~~~~
- - XREFERENCE(http://paraslash.systemlinux.org/, paraslash)
+ - XREFERENCE(http://people.tuebingen.mpg.de/maan/paraslash/, paraslash)
+ - XREFERENCE(http://paraslash.systemlinux.org/, paraslash (alternative page))
- XREFERENCE(http://xmms2.org/wiki/Main_Page, xmms)
- XREFERENCE(http://www.mpg123.de/, mpg123)
- XREFERENCE(http://gstreamer.freedesktop.org/, gstreamer)