Authentication Basics

HexaEight Authentication requires every User or Machine have a vaild (EMail) Login Token to the verify the identity of Users and Machines.

Components of Login Token

Before proceeding, it's important to understand the components of a login token.

A typical Login token consists of two parts delimited by a DOT symbol:

  1. Part-I: A Source Identifier
  2. DELIMITER: . (DOT)
  3. Part-II: InternalData

Below is a Sample Login Token (Login Tokens are typically long):

PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=.KelxuzHO5s0wYZiJXgqUixeIs7wB5TtF5XQSDu8v3Qo9oh0zzsxkGjdOhbDAuxGw7MZ66tPTnR6Y7zQxlzLsGYmcXLDMUeUreRFDeNmZpvn9GKgnDGkTVd1F/ga7IlxM2ByuA/CwZHyUJv8TiUK5kJak7ua70s/4yr/X7rb25g2Ta7Xn9eXL/PwQZo4pF8KrnRHWPvoklusamnWbDisJS84q7hnBH1HucIXxu9fD8XIxQ7RgyofM0baqJG5gSGJvyW9vK+lZR88R2hD6IWBIkO5w/hMbjwcGhGqhW4s0oBG6zr8i22DsySj7xtTaL/F2jMsUCLuAhnRYlqn7zX0b:0WbPMtZYiKe1bCHnntg15lfCSDiuyycQj7M3u0UZGSS7+r6Mkf406wtXvMRScL47/3Z89II3P/tQrLJQP4ydmbqHwQ+Dcm4k7xvj3VOJ1UKe3BR9312xNRM/GI+3B/trjXqEoUQODwIWZrj2cT+SQIUerJpkK0FcdT91MhrBhHbB2oTIuM6xl1Owqwd8E0qitUkFhWWQMpnhtiyAko1tIVeL7V4HHQdiEyRbuW+P9+t/R45L5Qycsjawu65l7+llyW9vK+lZR88R2hD6IWBIkO5w/hMbjwcGhGqhW4s0oBG6zr8i22DsySj7xtTaL/F2jMsUCLuAhnRYlqn7zX0b

Source Identifier

For the login token mentioned above, the first section before the DOT represents the source identifier. This identifier can be shared with another resource, which can then use it to retrieve additional information about the source resource from the HexaEight Platform.

Below is the source identifier for the login token shown above. We will soon see how this source identifier is utilized during the authentication process.

PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=

Sample Use Case

To illustrate this sample use case, we will demonstrate how two programs can securely communicate with each other using HexaEight Authentication. For a better understanding of this process, we have created two simple programs that utilize HexaEight Client Libraries.

Requirement

Suppose you have two programs, Sample Program 1 and Sample Program 2 running on different machines and they need to exchange information between them.

Limitations

The limitation for both programs is that there is no direct protocol between them to exchange information securely.

Final Objective

The final objective of Sample Program 1 is to authenticate and exchange information securely with Sample Program 2.

The Process

Step 1: Generate Resource Identity Tokens

First, we generate a Resource Identity Token for each program and obtain two Generic Resource Names:

  • Generic Resource Name of Sample Program 1: A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464

  • Generic Resource Name of Sample Program 2: 32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5

We have prefilled the Resource information details in Sample Program 1 and Sample Program 2.

Step-by-Step Process

These steps demonstrate how Sample Program 2, using Generic Resource Identity 32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5, is able to decrypt information from Sample Program 1 whose Generic Resource Identity is A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464.

  1. Sample Program 1 fetches Asymmetric Shared Keys of HexaEight from HexaEight Platform
  2. Sample Program 1 fetches Asymmetric Shared Keys of Sample Program 2 from HexaEight Platform by referring to the Resource Name
  3. Sample Program 1 encrypts information for Sample Program 2 by using the Resource Credentials and Asymmetric Key of Sample Program 2
  4. Sample Program 2 receives the message, examines the encrypted data and strips the Source Identifier
  5. Sample Program 2 fetches Asymmetric Shared Keys of HexaEight from HexaEight Platform
  6. Sample Program 2 encrypts information for fetching Asymmetric Key of Source Identifier
  7. Sample Program 2 uses Asymmetric Keys of Source Identifier to decrypt the encrypted message
  8. Sample Program 2 parses decrypted information

Conclusion

  • The previous eight steps provide an overview of the anatomy of HexaEight Authentication, which enables secure machine-to-machine authentication with encryption capabilities.
  • Domain Resource Identity or Generic Resource Identity can be assigned to machines, systems, hosts, or programs.
  • In other words, two machines, systems or programs can communicate with each other securely, without being dependent on a specific protocol. This can be very useful in real-world scenarios where secure communication is a crucial factor for basic operations.

How to Run the Sample Programs

To successfully execute the Sample Programs, you must follow these steps:

  1. Obtain an API Key by subscribing to the Basic Plan which allows you to fetch 100 machine keys per month for FREE.
  2. Paste the API Key in both Sample Programs.
  3. Execute Sample Program 1
  4. Copy the encrypted output from Sample Program 1.
  5. Paste the encrypted output in Sample Program 2.
  6. Run Sample Program 2.

By following these steps, you will be able to successfully run the Sample Programs and decrypt information between them using HexaEight Authentication.

Important Notes

  • Fetching an Asymmetric Shared Key of any destination from HexaEight Platform will count for one machine token.
  • HexaEight Platform implements Perfect Forward Secrecy, which means that asymmetric keys used for encrypting and decrypting information between two resources are changed every 15 minutes.
  • Specifically, new keys for all resources are generated at the 00th, 15th, 30th, and 45th minute of every hour, 24/7. As a result, when a resource fetches an asymmetric shared key for a destination to encrypt information, both the source and the destination resources need to have the same key for that 15-minute interval. Otherwise, decryption will fail.

Therefore, if Sample Program 2 sometimes fails to decrypt information, it could be due to a difference in the asymmetric shared key used by the source and destination resources during that 15-minute interval.

Output Examples

Output of Sample Program 1

Copy the Below Text and Paste In Sample Program 2 : 

PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=.yaEqHFQP2moMInEuXDUqZp498y9cY7Vd0gTfBe2DfFM+AZOeQVSqKOJagUFkNEMF30wsJLdLXnnzIIqRJOxGd4092h0nHf9VnyKyoS9TvATiZqeNKyAdXwVrLX5tID2DGS9hW1EMYA1VWa2RymIcNvBLqmg2X2ACV5qfeHgpFBuOPVtYHTpIi/B0TyNABEESl4DHbfQL21XeFXRnL1GXYrN8kSBZeZ9g0zLiocqFmHJAgVRy9m3BlcpEgickOjIGjT1Fat9/EQ7GB96eTVM9Ca0wTVKioTcIjaEvVwZFqpS3MjQb9QNRDTYZjoXUhy1Ua1RTPekNIyvIbEoD8Xkpl449FAQGEA8r5EbJez1u/3p9bWh56mUbGtJBu2oVA2AjtlhTkp1Szw1kRjJ2AgWcjVR7/psSIPRCFhPfYZiPvV2NPQUqc172dElurW3SaItFeJ2XRbVYjjS1XNF6ljqKbThR/2vPITg9FBSll84YQiWhituORCcpFUgJCCvUFqRIjT0=

Output of Sample Program 2

The Decrypted JSON Data is below : 

Sender :A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464
Receiver :32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
Message Encrypted At :1676873475
Message Decrypted At :1676873499
Message Body :This is a Sample Encryption Request

Summary

HexaEight Platform requires the following to fetch the asymmetric shared keys of a destination and enable the encryption or decryption of information:

  • A valid login token
  • The password associated with the login token
  • The resource name of the destination

A Resource Asymmetric Shared Key is also referred to as a Machine Token.