Verify Source is Legitimate

joecooldoo · February 17, 2023, 4:34am

Sigh
Its been a while since I've made one of these.

So basically, I'm remaking the internet in Snap!.
The client makes a request to the server, and the server responds to the client with the requested content. I'm doing this using MQTT.

The problem is, I don't know how to make sure the content the client is receiving is actually from the server requested (a malicious server spoofing responces). I want to solver this problem by doing something like an SSL certificate in Snap!, but I have no idea how I would do that. Any Ideas?

ego-lay_atman-bay · February 17, 2023, 5:28am

I feel like you should move this to #advanced-topics because, well, it's advanced stuff.

d4s_over_dt4 · February 17, 2023, 7:12am

#advanced-topics:networking
lol

d4s_over_dt4 · February 17, 2023, 7:14am

It's for encrypting messages

dardoro · February 17, 2023, 11:16am

To begin, you can configure the MQTT broker (server) UNDER YOUR CONTROL to require user and password authentication.

For a free public broker you may use payload signing/encrypting as described

Full-blown PKI/RSA cryptography may be a slight overkill for the intended purpose, but some secret (a key) shared between any two parties can be easily used.
I'm not aware of any ready-made component to do encryption. but even simple XOR may be suitable.
There are some extra info.

ego-lay_atman-bay · February 17, 2023, 6:23pm

There is a block in dev mode that can get a hex sha512 has. I'm not sure if that's what you mean though.

dardoro · February 17, 2023, 7:03pm

Not really, but making hash is an important part of signing.
You may look at the Snapcon materials.

joecooldoo · February 17, 2023, 7:24pm

I want to do this, but I don't understand how SSL certificates work and how I would build one with the MQTT blocks in Snap!.

dardoro · February 17, 2023, 11:20pm

Just use "wss://" in broker adres i.e. "wss://test.mosquitto.org" for this particular server.
Test environment >
https://test.mosquitto.org
Certificate signing >
https://test.mosquitto.org/ssl/

You need to control your own server to enforce authorization and set the legitimated users (ACL).

joecooldoo · February 18, 2023, 1:25am

I don't want to do it from the server, I want to do it in Snap!.

ego-lay_atman-bay · February 18, 2023, 1:58am

It would probably be better to do it serverside, so users can't just edit the blocks to mess with things.

joecooldoo · February 18, 2023, 2:39am

you verify it both sides.

sarpnt · February 24, 2023, 12:35am

(deleted, i missed that this is about mqtt)

system · March 26, 2023, 12:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.