wspack

Events (payload.e)

Handshake

• hello
• auth
• renegotiate
• auth-failed

TODO:

• On handshake initiate, client needs to verify that the server is indeed the server, if the server should be known to the client.

Security

• Encryption is only available when auth is enabled (using keys).

• Encryption does only encrypt payload.data content.

• Encryption handshake:

  • Server -> Client (not encrypted): This is your pub key, use it as salt to authorize.
  • Client -> Server (not encrypted): My authKey is "authKey + pubKey + timestamp" and my timestamp is "timestamp".
  • Server -> Client (IF VALID) (encrypted): OK. Use this pubKey from now on.

  If having problems with handshake, it might be a latency problem if your latency is fluctuating. Server validates authKey by checking the timestamp first.

  Server side the pubKey is stored on the websocket client (session).