Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Gryphon

An HTTP authentication scheme similar to Hawk, but with Ed25519 public-key signatures instead of shared secrets.

[Gryphons] are known for guarding treasure and priceless possessions.

Table of Contents

  • Introduction
  • Usage

Introduction

TODO

Usage

Key Generation

A client can generate a keypair to use, storing the private key and giving the public key to the target server. How this is done is out of scope of this library.

var gryphon = require('gryphon');
var keys = gryphon.keys(); // { pk: Buffer, sk: Buffer }

Request Signing

Before sending a request to the target server, an Authorization header should be generated using the private key:

var gryphon = require('gryphon');
var request = require('request');
var url = require('url');

var req = url.parse('https://example.domain/foo');
req.method = 'get';
req.headers.authorization = gryphon.header(req, secretKey);
request(req).pipe(process.stdout);

Request Authentication

A server consuming requests signed with Gryphon can authenticate if a request originated from the owner of the public key:

var gryphon = require('gryphon');

http.createServer(function(req, res) {
  var pk = gryphon.authenticate(req);
  if (pk) {
    var client = db.getByPk(pk);
    if (client) {
      return res.send('hello ' + client.name);
    }
  }
  res.send(401, "i don't know you");
}).listen(8080);

Testing

See testing guide

About

HTTP Request Signing with Ed25519

Resources

License

Releases

No releases published

Packages

No packages published