Skip to content

seanmonstar/gryphon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.jshintrc
.jshintrc
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Gryphon

An HTTP authentication scheme similar to Hawk, but with Ed25519 public-key signatures instead of shared secrets.

[Gryphons] are known for guarding treasure and priceless possessions.

Table of Contents

  • Introduction
  • Usage

Introduction

TODO

Usage

Key Generation

A client can generate a keypair to use, storing the private key and giving the public key to the target server. How this is done is out of scope of this library.

var gryphon = require('gryphon');
var keys = gryphon.keys(); // { pk: Buffer, sk: Buffer }

Request Signing

Before sending a request to the target server, an Authorization header should be generated using the private key:

var gryphon = require('gryphon');
var request = require('request');
var url = require('url');

var req = url.parse('https://example.domain/foo');
req.method = 'get';
req.headers.authorization = gryphon.header(req, secretKey);
request(req).pipe(process.stdout);

Request Authentication

A server consuming requests signed with Gryphon can authenticate if a request originated from the owner of the public key:

var gryphon = require('gryphon');

http.createServer(function(req, res) {
  var pk = gryphon.authenticate(req);
  if (pk) {
    var client = db.getByPk(pk);
    if (client) {
      return res.send('hello ' + client.name);
    }
  }
  res.send(401, "i don't know you");
}).listen(8080);

Testing

See testing guide

About

HTTP Request Signing with Ed25519

Resources

Readme

License

MPL-2.0 license
Activity

Stars

4 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages