Skip to content

sparkscience/wskeyid

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
client/browser/typescript
client/browser/typescript
 
 
server/go
server/go
 
 
README.md
README.md
 
 
flowchart.png
flowchart.png
 
 
sequence-diagram.png
sequence-diagram.png
 
 

Repository files navigation

WebSocket auth example

Using public-key cryptography to support authenticated connection.

Specification

Client:

  1. Connect to server, while also providing the client ID (which will double as the public key), via either the default client_id query parameter, or another query parameter that has been agreed-upon ahead of time. The public key must match a specific format (currently only WebCrypto-raw.EC.P-256 is supported, but more will come, such as P-384, P-512, secp256k1, ed25519, etc.)
  2. Listen for CHALLENGE messages which will contain a payload field
  3. Respond with a CHALLENGE_RESPONSE containing the original payload (payload), and a base64-encoded byte buffer, representing the signature, signature. Optionally, the signature can be prefixed with <signature scheme>, if the signature scheme has more than one possible representation (although, currently, ECDSA emits signatures that are just byte buffer concatenation of the r and s components)
  4. If the challenge response matches, then send a CONNECTED message, and the handshake is now considered complete
    • Otherwise, if the signature does not match, then close the connection

Diagrams

Sequence diagram Flowchart

About

WebSocket Key ID implementation

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages