Jump to content

User talk:Erot

From Ft Wm, Inv & Tor CC

For H.O'C

re: <Pusher Channels> HMACs

From the top:

The Channels protocol is secured by app-key HMACing
The Channels server library requires Node.JS :-(
Hence, driving Channels from a browser requires raw HMACing
There is no JS sample for this (but there are some in Ruby, eg at end of <https://pusher.com/docs/channels/library_auth_reference/rest-api/>, and also on previous page there).

re: crypto.subtle (JS/TS)

See eg <how-to-get-hmac-with-crypto-web-api (on stackoverflow)>.

re: DH to HMAC

(shared secret) AS DH_KEY
HMAC(APP_ID)(DH_KEY) AS TMP_KEY (secret)
TMP_KEY XOR APP_KEY AS ALT_KEY (public)

TMP_KEY is unique to app (ie APP_ID is unique), so knowing ALT_KEY provides no knowledge of APP_KEY without (some) knowledge of DH_KEY.

Retrieved from "https://you.r-fit.cc/wiki/User_talk:Erot?oldid=192"

Cookies help us deliver our services. By using our services, you agree to our use of cookies.