Homec4science

Allow Conduit requests to be signed with a public/private keypair

Authored by epriestley <git@epriestley.com> on Nov 15 2014, 12:37.

Description

Allow Conduit requests to be signed with a public/private keypair

Summary:
This allows callers (in the future, servers in a cluster or instances) to sign Conduit requests with an asymmetric keypair instead of a certificate or token.

Overall we could get away without this, but it seems worth doing for a few reasons:

  • By binding Device identity to SSH keys, we can also authorize them over (real) SSH easily, and not need separate conduit / SSH keys.
  • Asymmetric key cryptography is strong and well understood, and we never have to share or transmit private keys.
  • This is potentially useful to third parties for device identity, in a way that custom Conduit stuff wouldn't be.

Test Plan:

  • Added unit tests.
  • Will actually test once I mess with the other half of this.

Reviewers: hach-que, #blessed_reviewers, btrahan

Reviewed By: #blessed_reviewers, btrahan

Subscribers: epriestley, Korvin

Maniphest Tasks: T6240

Differential Revision: https://secure.phabricator.com/D10402

Details

Committed
epriestley <git@epriestley.com>Nov 15 2014, 12:37
Pushed
aubortMar 17 2017, 12:03
Parents
rPHU0135e57181a9: Assume utf8mb4 support
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHU2ed0bc456971: Allow Conduit requests to be signed with a public/private keypair (authored by epriestley <git@epriestley.com>).Nov 15 2014, 12:37