xyz.iron.man.bootstrap
End To End message encryption based on Iron
This repository integrates node's Iron module to encrypt messages in xyz. It works end-to-end over a given route and port.
Description
Similar to many other bootstrap function, this module also injects two symmetric middlewares into the system. One will encrypt all messages before going out and the other will decrypt them as soon as they enter.
We can see this in the logs of console.log(ms), where ms is an instance of xyz-core. If we bootstrap this module with all of the default values, it encrypts the default CALL route in client and CALL route in the default server which lives in port 4000.
____________________ TRANSPORT LAYER ____________________Transport: outgoing middlewares: call.dispatch.mw [/CALL] || _ironSealMsg[0] -> _httpExport[1] ping.dispatch.mw [/PING] || _httpExport[0] HTTPServer @ 4000 :: Middlewares: call.receive.mw [/CALL] || _ironHttpUnSealMsg[0] -> _httpMessageEvent[1] ping.receive.mw [/PING] || _pingEvent[0]- As you see the
CALLoutgoing route is changed to_ironSealMsg[0] -> _httpExport[1], which encrypts. - The
CALLroute inHTTPServer @ 4000is changed to_ironHttpUnSealMsg[0] -> _httpMessageEvent[1]which decrypts the message before being passed to the service layer.
Usage
$ npm install xyz.iron.man.bootstrapwill install the module.
Bootstrapping a node with it is as simple as:
const IRON = var mathMs = ... mathMswhere the second argument, config have the following keys:
| option | default value | description |
|---|---|---|
config.clientRoute |
'CALL' | route of the outgoing route to encrypt |
config.clientIndex |
0 | index to insert the client middleware |
config.serverRoute |
'CALL' | route of the server route to decrypt |
config.serverPort |
xyz.id().port |
port of the target server |
config.serverIndex |
0 | index to insert the middleware |
config.PASSWD |
see here | Password used by Iron. should be long and a random string |
config.ironConfig |
Iron.defaults |
Iron configuration. see here for more info |
Examples and tests are available in the test folder. In one of these example, we encrypt a route name IRON_UDP. if you run math.ms with debug logLevel, you will see a similar log:
[2017-3-31 15:35:5][math.ms@127.0.0.1:4000] debug :: UDP SERVER @ 5000 :: udp message received As you see, the userPayload portion of the message, wich is all of the data that you pass to the .call() is being encrypted.