herocode/hostbasket
12
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
development
hostbasket/sigsocket
History
timurgordon 83dde53555 implement signature requests over ws
2025-05-19 14:48:40 +03:00
..
examples implement signature requests over ws 2025-05-19 14:48:40 +03:00
src implement signature requests over ws 2025-05-19 14:48:40 +03:00
tests implement signature requests over ws 2025-05-19 14:48:40 +03:00
Cargo.lock implement signature requests over ws 2025-05-19 14:48:40 +03:00
Cargo.toml implement signature requests over ws 2025-05-19 14:48:40 +03:00
README.md implement signature requests over ws 2025-05-19 14:48:40 +03:00

README.md

SigSocket: WebSocket Signing Server

SigSocket is a WebSocket server that handles cryptographic signing operations. It allows clients to connect via WebSocket, identify themselves with a public key, and sign messages on demand.

Features

  • Accept WebSocket connections from clients
  • Allow clients to identify themselves with a secp256k1 public key
  • Forward messages to clients for signing
  • Verify signatures using the client's public key
  • Support for request timeouts
  • Clean API for application integration

Architecture

SigSocket follows a modular architecture with the following components:

  1. SigSocket Manager: Handles WebSocket connections and manages connection lifecycle
  2. Connection Registry: Maps public keys to active WebSocket connections
  3. Message Handler: Processes incoming messages and implements the message protocol
  4. Signature Verifier: Verifies signatures using secp256k1
  5. SigSocket Service: Provides a clean API for applications to use

Message Protocol

The protocol is designed to be simple and efficient:

  1. Client Introduction (first message after connection):

    <hex_encoded_public_key>

  2. Sign Request (sent from server to client):

    <base64_encoded_message>

  3. Sign Response (sent from client to server):

    <base64_encoded_message>.<base64_encoded_signature>

API Usage

// Create and initialize the service
let registry = Arc::new(RwLock::new(ConnectionRegistry::new()));
let sigsocket_service = Arc::new(SigSocketService::new(registry.clone()));

// Use the service to send a message for signing
async fn sign_message(
    service: Arc<SigSocketService>,
    public_key: String,
    message: Vec<u8>
) -> Result<(Vec<u8>, Vec<u8>), SigSocketError> {
    service.send_to_sign(&public_key, &message).await
}

Security Considerations

  • All public keys are validated to ensure they are properly formatted secp256k1 keys
  • Messages are hashed using SHA-256 before signature verification
  • WebSocket connections have heartbeat checks to automatically close inactive connections
  • All inputs are validated to prevent injection attacks

Running the Example Server

Start the example server with:

RUST_LOG=info cargo run

This will launch a server on 127.0.0.1:8080 with the following endpoints:

  • /ws - WebSocket endpoint for client connections
  • /sign - HTTP POST endpoint to request message signing
  • /status - HTTP GET endpoint to check connection count
  • /connected/{public_key} - HTTP GET endpoint to check if a client is connected