-
Clone the repository
git clone https://github.com/Dwn96/forwardingcommsdemo.git -
Install node modules:
npm install -
Navigate to the server directory and start the server app via :
npm run dev -
Navigate to the client directory and start the client app via :
npm run dev
This repo holds a client and server pair which exchange encrypted payloads over HTTP and websockets. This project demonstrates practical use of asymmetric-key cryptography for secure end to end communication, port forwarding over TCP and HTTP; and REST API development
The server application is a REST API that has been decoupled into the following layers:
- Routing
- Service
- Mock database
On startup, a public and private key pair are generated.
The routing layer exposes endpoints for each resource maintained by our application. This is the first point of contact for data sent over HTTP by the client application. Our server exposes POST and GET routes for resources: users and transactions
This layer holds the business logic on how data received from the routing layer is handled. The logic for writing to and reading from our mock database resides in this layer.
We maintain a mock in-memory database for each of our resources.
The client application is a simple Typescript app. This app is invloved in key-exchanges with the server application via websockets after which it sends encrypted payloads to the server application over HTTP. The client app comes bundled with a public and private key pair which are dynamically generated at runtime.
Communication between the client and server apps is handled in two ways:
In our implementation, we make use of websockets during key-exchange which occurs as soon as a connection is established between client and server apps. For this functionality, we make use of Socket.io - a library that enables bidirectional and event-based communication between the client and the server.
As soon as a connection has been established and the key-exchange is completed, we send encrypted payloads of dummy data over HTTP to our server application via POST
Communication between server and client apps is encrypted end-to-end via Asymmetric Encryption. We make use of Crypto to handle the following cryptographic functionalities:
- Client and server Key- pair generation
- Encryption using a public key
- Decrpytion using a private key
When a connection is established between the client and server apps, a key-exchange process is triggered which takes place in the following way:
- The server sends client its public key pub_key_S
- The client sends to server its public key encrypted with the server's public key c = E(pub_key_S, pub_key_C)
- The server decrypts c with its private key pub_key_C = D(pri_key_S, c)
At this point, the Client and Server can proceed to securely communicate for the ongoing session by encrypting using each others' public key and decrypting using ones private key.