#
Authentication Basics
HexaEight Authentication employs encryption and decryption process to authenticate the identity of Resources And Users.
Before we proceed further, it is important to understand the components of a login token.
A typical Login token consists of two Parts delimited by a DOT symbol
A Source Identifier
. (DOT)
InternalData
PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=.KelxuzHO5s0wYZiJXgqUixeIs7wB5TtF5XQSDu8v3Qo9oh0zzsxkGjdOhbDAuxGw7MZ66tPTnR6Y7zQxlzLsGYmcXLDMUeUreRFDeNmZpvn9GKgnDGkTVd1F/ga7IlxM2ByuA/CwZHyUJv8TiUK5kJak7ua70s/4yr/X7rb25g2Ta7Xn9eXL/PwQZo4pF8KrnRHWPvoklusamnWbDisJS84q7hnBH1HucIXxu9fD8XIxQ7RgyofM0baqJG5gSGJvyW9vK+lZR88R2hD6IWBIkO5w/hMbjwcGhGqhW4s0oBG6zr8i22DsySj7xtTaL/F2jMsUCLuAhnRYlqn7zX0b:0WbPMtZYiKe1bCHnntg15lfCSDiuyycQj7M3u0UZGSS7+r6Mkf406wtXvMRScL47/3Z89II3P/tQrLJQP4ydmbqHwQ+Dcm4k7xvj3VOJ1UKe3BR9312xNRM/GI+3B/trjXqEoUQODwIWZrj2cT+SQIUerJpkK0FcdT91MhrBhHbB2oTIuM6xl1Owqwd8E0qitUkFhWWQMpnhtiyAko1tIVeL7V4HHQdiEyRbuW+P9+t/R45L5Qycsjawu65l7+llyW9vK+lZR88R2hD6IWBIkO5w/hMbjwcGhGqhW4s0oBG6zr8i22DsySj7xtTaL/F2jMsUCLuAhnRYlqn7zX0bFor the login token mentioned above, the first section before the DOT represents the source identifier. This identifier can be shared with another resource, which can then use it to retrieve additional information about the source resource from the HexaEight Platform.
Below is the source identifier for the login token shown above. We will soon see how this source identifier is utilized during the authentication process.
PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=To illustrate this Sample use case, we will demonstrate how two programs can securely communicate with each other using HexaEight Authentication. For a better understanding of this process, we have created two simple programs that utilize HexaEight Client Libraries
- Suppose you have two programs, Sample Program 1 And Sample Program 2 running on different machines and they need to exchange information between.
- However the limitations for both programs is that there is no direct protocol between them to exchange information securely.
- The final objective of Sample Program 1 is to authenticate and exchange information securely with Sample Program 2 .
- First, we generate a Resource Identity Token for each program and obtain two Generic Resource Names
A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D46432F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5We have prefilled the Resource information details in Sample Program 1 And Sample Program 2
These steps demonstrate how Sample Program 2 , using Generic Resource Identity 32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5, is able to decrypt information from Sample Program 1 whose Generic Resource Identity is A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-1 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Keys-Of-HexaEight-Platform
Sample-Program-1 {
Uses LoginToken
Receives Asymmetric-Shared-Keys-Of-HexaEight-Platform
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-1 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Key-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
Sample-Program-1 {
Uses Sample-Program-1-Resource-Password
And Asymmetric-Shared-Keys-Of-HexaEight-Platform
Sends Encrypted-Request-To-Obtain-Asymmetric-Keys-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
Receives Asymmetric-Shared-Key-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-1 ||--|| Output : Displays-Encrypted-Data
Sample-Program-1 {
Uses Sample-Program-1-Resource-Password
And Asymmetric-Shared-Key-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
To Encrypt-Request
Attaches Source-Identifier-To-The-Message-With-DOT-as-Delimiter
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Incoming-Data ||--|| Sample-Program-2 : Receives-Encrypted-Data
Sample-Program-2 {
Parse Incoming-Data
Retrieve Source-Identifier
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-2 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Keys-Of-HexaEight-Platform
Sample-Program-2 {
Uses LoginToken
Receives Asymmetric-Shared-Keys-Of-HexaEight-Platform
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-2 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Key-Of-Source-Identifier
Sample-Program-2 {
Uses Sample-Program-2-Resource-Password
And Asymmetric-Shared-Keys-Of-HexaEight-Platform
Sends Encrypted-Request-To-Obtain-Asymmetric-Keys-Of-Source-Identifier
Receives Asymmetric-Shared-Key-Of-Source-Identifier
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-2 ||--|| Output : Decrypted-Data
Sample-Program-2 {
Uses Sample-Program-2-Resource-Password
And Asymmetric-Shared-Key-Of-Source-Identifier
Decrypts Incoming-Data
}
%%{init: { 'theme': 'forest' } }%%
erDiagram
Sample-Program-2 ||--|| Authentication : Successful-If-Decrypted-Data-Makes-Sense-Else-Unsuccesful
Sample-Program-2 {
Parses Decrypted-Data
Checks If-Sender-Information-Is-Present-And-If-It-Is-Authorized
Checks If-Message-Is-Can-Be-Processed-Based-On-Receiver
Checks If-Sent-And-Receive-Time-Is-Relevent
Uses Body-To-Complete-Authentication-Process
}
The previous eight steps provide an overview of the anatomy of HexaEight Authentication, which enables secure machine-to-machine authentication with encryption capabilities.
Domain Resource Identity or Generic Resource Identity can be assigned to machines, systems, hosts, or programs.
In other words, two machines, systems or programs can communicate with each other securely, without being dependent on a specific protocol. This can be very useful in real-world scenarios where secure communication is crucial factor for basic operations.
To successfully execute the Sample Programs, you must follow these steps:
- Obtain an API Key by subscribing to the Basic Plan which allows you to fetch 100 machine keys per month for FREE.
- Paste the API Key in both Sample Programs.
- Execute Sample Program 1
- Copy the encrypted output from Sample Program 1.
- Paste the encrypted output in Sample Program 2.
- Run Sample Program 2.
By following these steps, you will be able to successfully run the Sample Programs and decrypt information between them using HexaEight Authentication.
Fetching an Asymmetric Shared Key of any destination from HexaEight Platform will count for one machine token.
HexaEight Platform implements Perfect Forward Secrecy, which means that asymmetric keys used for encrypting and decrypting information between two resources are changed every 15 minutes.
Specifically, new keys for all resources are generated at the 00th, 15th, 30th, and 45th minute of every hour, 24/7. As a result, when a resource fetches an asymmetric shared key for a destination to encrypt information, both the source and the destination resources need to have the same key for that 15-minute interval. Otherwise, decryption will fail.
Therefore, if Sample Program 2 sometimes fails to decrypt information, it could be due to a difference in the asymmetric shared key used by the source and destination resources during that 15-minute interval.
Copy the Below Text and Paste In Sample Program 2 :
PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=.yaEqHFQP2moMInEuXDUqZp498y9cY7Vd0gTfBe2DfFM+AZOeQVSqKOJagUFkNEMF30wsJLdLXnnzIIqRJOxGd4092h0nHf9VnyKyoS9TvATiZqeNKyAdXwVrLX5tID2DGS9hW1EMYA1VWa2RymIcNvBLqmg2X2ACV5qfeHgpFBuOPVtYHTpIi/B0TyNABEESl4DHbfQL21XeFXRnL1GXYrN8kSBZeZ9g0zLiocqFmHJAgVRy9m3BlcpEgickOjIGjT1Fat9/EQ7GB96eTVM9Ca0wTVKioTcIjaEvVwZFqpS3MjQb9QNRDTYZjoXUhy1Ua1RTPekNIyvIbEoD8Xkpl449FAQGEA8r5EbJez1u/3p9bWh56mUbGtJBu2oVA2AjtlhTkp1Szw1kRjJ2AgWcjVR7/psSIPRCFhPfYZiPvV2NPQUqc172dElurW3SaItFeJ2XRbVYjjS1XNF6ljqKbThR/2vPITg9FBSll84YQiWhituORCcpFUgJCCvUFqRIjT0=
The Decrypted JSON Data is below :
Sender :A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464
Receiver :32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
Message Encrypted At :1676873475
Message Decrypted At :1676873499
Message Body :This is a Sample Encryption RequestHexaEight Platform requires the following to fetch the asymmetric shared keys of a destination and enable the encryption or decryption of information
- A valid login token.
- The password associated with the login token.
- The resource name of the destination.
A Resource Asymmetric Shared Key is also referred to as a Machine Token.