Skip to content

Latest commit

 

History

History
49 lines (37 loc) · 2.4 KB

Securing.md

File metadata and controls

49 lines (37 loc) · 2.4 KB
Raw

Encryption

Step 1

After websocket connection is established , You will receive message #30001

You must generate random string called symmetricKey with length equal to symmetricKeyLength and encrypt it with publicKey using OpenSSL library (Padding mode is PKCS #1) , next encrypt the result with the following public key using OpenSSL library (Padding mode is PKCS #1)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+inlAfd8Qior8IMKaJ+
BREJcEc9J9RhHgh6g/LvHKsnMaiEbAL70jQBQTLpCRu5Cnpj20+isOi++Wtf/pIP
FdJbD/1H+5jS+ja0RA6unp93DnBuYZ2JjV60vF3Ynj6F4Vr1ts5Xg5dJlEaOcOO2
YzOU97ZGP0ozrXIT5S+Y0BC4M9ieQmlGREzt3UZlTBbyUYPS4mMFh88YcT3QTiTA
k897qlJLxkYxVyAgwAD/0ihmWEkBQe9IxwVT/x5/QbixGSl4Zvd+5d+9sTZcSZQS
iJInT4E6DcmgAVYu5jFMWJDTEuurOQZ1W4nbmGyoY1bZXaFoiMPfzy72VIddkoHg
mwIDAQAB
-----END PUBLIC KEY-----

Step 2

Send message #2 with encrypted symmetricKey to server (If you use the aforementioned public key in encryption process , you must set version as 2), depending on your request there are three cases of response

  1. You send plaintext symmetricKey and we cannot accept this key so you will go back to step 1 (After 3 times , your request will be ignored)
  2. Your encrypted symmetricKey length is not equal to symmetricKeyLength or security issue is detected , You will receive message #30002 with REJECTED status . Websocket connection shall get closed permanently in this case.
  3. Your symmetricKey is accepted successfully , You will receive message #30002 with ACCEPTED status

Step 3

For each request , you must encrypt your request using symmetricKey with symmetricMethod (Padding mode is PKCS #5) and cryptographically strong pseudo-random bytes IV with size equal to symmetricIvSize

See RAND_bytes for more details

Step 4

Send your request in the flowing format:

"IV" + "Encrypted Request"

Decryption

Step 1

Server responses must be decrypted after securing connection. In this case, response format is:

"IV" + "Encrypted Response"

Split response using symmetricIvSize , 0 to symmetricIvSize is IV and symmetricIvSize to end is encrypted response

Step 2

For each response , you must decrypt it using symmetricKey with symmetricMethod and IV