User Tools

Site Tools


sib:callers:crypt

Crypt

Overview

The Crypt SIB Caller manages RSA encryption and decryption in the SIB Workflow.

Details

Modulesib_crypt
Version1.3.0

Workflow

  • Subscribe: .custom/topic
    • on message:
      • custom.inputFormat
      • if isset msg._encrypted
        • decrypt message
        • add data to either msg.data for non-json data, or to the json message structure
      • else (if not msg._encrypted is set)
        • encrypt message adding the encrypted data to msg._encrypted
      • if isset msg._signature
        • Verify the signature using the remote key
        • Add verification result to msg._signature_verification
      • else( msg._signature not set )
        • Create an SHA256 hash and sign the message
        • Add the signature to msg._signature
      • custom.outputFormat
      • apply/copy SIBHeader
      • Publish: msg._sibheader.responseTopic

Custom configuration

crypt/custom.js
var cryptCustom = {
	_id: "gcs:1",
	_name: "Sample of general caller",
	key: {
		public: "path/pubkey.pem",
		private: "path/privkey.pem",
		remote: "remote/path/pubkey.pem"
	},
	inputFormat: (topic, msg, callback)=>{
		// Format the input data
		callback( msg );
	},
	outputFormat: (topic, msg, callback)=>{
		// Format the output data
		callback( msg );
	},	
 
	mqtt: "mqtt://localhost",		// MQTT Server to listen to
	topic: "SIB/SAMPLES/GENERALCALLER",	// MQTT Topic to subscribe to
	loggerCfg: {
		dest: {
			file: false,
			console: true,
			mqtt: true
		}
	},
};
 
module.exports = cryptCustom;
  • _id: The unique ID of this service
  • _name: A plaintext description of this service
  • key: Object containing references to the files containing the RSA keys to use
    • private: Filepath to the servers private RSA key, will be used to decrypt messages and sign outgoing messages
    • public: Filepath to the servers public RSA key, not used but will be added to the _/STATUS output of service
    • remote: Filepath to the remote services public key, used to encrypt messages and verify signatures of incoming messages
  • inputFormat(topic, msg, callback): The method that is run on service activation. The original message is passed as the argument and the input to the callback method must be a JSON formatted message conforming to the SIB message standard.
  • outputFormat(topic, msg, callback): This message is run on the response data before publishing to the response topic. The response message is passed as the argument and the input to the callback method must be a JSON formatted message conforming to the SIB message standard.
  • mqtt: The MQTT connection string for the internal MQTT transport
  • topic: The MQTT topic to subscribe to on the internal MQTT transport
  • loggerCfg: A JSON Object defining what logger actions should be active for this service (see Logger Configuration
sib/callers/crypt.txt · Last modified: 2019/05/13 11:35 by hubbe