0.4.1 • Public • Published

End To End message encryption based on Iron

Build Status npm version dependencies Status

This repository integrates node's Iron module to encrypt messages in xyz. It works end-to-end over a given route and port.


Similar to many other bootstrap function, this module also injects two symmetric middlewares into the system. One will encrypt all messages before going out and the other will decrypt them as soon as they enter.

We can see this in the logs of console.log(ms), where ms is an instance of xyz-core. If we bootstrap this module with all of the default values, it encrypts the default CALL route in client and CALL route in the default server which lives in port 4000.

____________________  TRANSPORT LAYER ____________________
  outgoing middlewares: [/CALL] || _ironSealMsg[0] -> _httpExport[1] [/PING] || _httpExport[0]
  HTTPServer @ 4000 ::
    Middlewares: [/CALL] || _ironHttpUnSealMsg[0] -> _httpMessageEvent[1] [/PING] || _pingEvent[0]
  • As you see the CALL outgoing route is changed to _ironSealMsg[0] -> _httpExport[1], which encrypts.
  • The CALL route in HTTPServer @ 4000 is changed to _ironHttpUnSealMsg[0] -> _httpMessageEvent[1] which decrypts the message before being passed to the service layer.


$ npm install

will install the module.

Bootstrapping a node with it is as simple as:

const IRON = require('')
var mathMs = new XYZ({...})
mathMs.bootstrap(IRON, {})

where the second argument, config have the following keys:

option default value description
config.clientRoute 'CALL' route of the outgoing route to encrypt
config.clientIndex 0 index to insert the client middleware
config.serverRoute 'CALL' route of the server route to decrypt
config.serverPort port of the target server
config.serverIndex 0 index to insert the middleware
config.PASSWD see here Password used by Iron. should be long and a random string
config.ironConfig Iron.defaults Iron configuration. see here for more info

Examples and tests are available in the test folder. In one of these example, we encrypt a route name IRON_UDP. if you run with debug logLevel, you will see a similar log:

[2017-3-31 15:35:5][] debug :: UDP SERVER @ 5000 :: udp message received for /IRON_UDP [{"userPayload":"Fe26.2**a3451a22cfd6eeeb7a13e324457c5afa6751855e6bd7d8b61a0c4574d8a8df53*gMc5pf4S2XcvyD2koP-_RQ*5nK3Dwx7xD8Z10K4O7viGg**8e2f06a044dd26bfefd0a9f471ca9775c7dd6ec500abc5070724f61129baf916*rkLiE5g6OI2Us-7KoZkhPtKubyFiqCyV6gC-USgNAVU","xyzPayload":{"senderId":"","service":"/math/float/neg","route":"/IRON_UDP"}}]

As you see, the userPayload portion of the message, wich is all of the data that you pass to the .call() is being encrypted.



Package Sidebar


npm i

Weekly Downloads






Last publish


  • kianenigma