#
Authentication Basics
HexaEight Authentication employs encryption and decryption process to authenticate the identity of Resources And Users.
Before we proceed further, it is important to understand the components of a login token.
A typical Login token consists of two Parts delimited by a DOT symbol
A Source Identifier
. (DOT)
InternalData
PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=.KelxuzHO5s0wYZiJXgqUixeIs7wB5TtF5XQSDu8v3Qo9oh0zzsxkGjdOhbDAuxGw7MZ66tPTnR6Y7zQxlzLsGYmcXLDMUeUreRFDeNmZpvn9GKgnDGkTVd1F/ga7IlxM2ByuA/CwZHyUJv8TiUK5kJak7ua70s/4yr/X7rb25g2Ta7Xn9eXL/PwQZo4pF8KrnRHWPvoklusamnWbDisJS84q7hnBH1HucIXxu9fD8XIxQ7RgyofM0baqJG5gSGJvyW9vK+lZR88R2hD6IWBIkO5w/hMbjwcGhGqhW4s0oBG6zr8i22DsySj7xtTaL/F2jMsUCLuAhnRYlqn7zX0b:0WbPMtZYiKe1bCHnntg15lfCSDiuyycQj7M3u0UZGSS7+r6Mkf406wtXvMRScL47/3Z89II3P/tQrLJQP4ydmbqHwQ+Dcm4k7xvj3VOJ1UKe3BR9312xNRM/GI+3B/trjXqEoUQODwIWZrj2cT+SQIUerJpkK0FcdT91MhrBhHbB2oTIuM6xl1Owqwd8E0qitUkFhWWQMpnhtiyAko1tIVeL7V4HHQdiEyRbuW+P9+t/R45L5Qycsjawu65l7+llyW9vK+lZR88R2hD6IWBIkO5w/hMbjwcGhGqhW4s0oBG6zr8i22DsySj7xtTaL/F2jMsUCLuAhnRYlqn7zX0b
For the login token mentioned above, the first section before the DOT represents the source identifier. This identifier can be shared with another resource, which can then use it to retrieve additional information about the source resource from the HexaEight Platform.
Below is the source identifier for the login token shown above. We will soon see how this source identifier is utilized during the authentication process.
PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=
To illustrate this Sample use case, we will demonstrate how two programs can securely communicate with each other using HexaEight Authentication. For a better understanding of this process, we have created two simple programs that utilize HexaEight Client Libraries
- Suppose you have two programs, Sample Program 1 And Sample Program 2 running on different machines and they need to exchange information between.
- However the limitations for both programs is that there is no direct protocol between them to exchange information securely.
- The final objective of Sample Program 1 is to authenticate and exchange information securely with Sample Program 2 .
- First, we generate a Resource Identity Token for each program and obtain two Generic Resource Names
A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464
32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
We have prefilled the Resource information details in Sample Program 1 And Sample Program 2
These steps demonstrate how Sample Program 2 , using Generic Resource Identity 32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5, is able to decrypt information from Sample Program 1 whose Generic Resource Identity is A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-1 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Keys-Of-HexaEight-Platform Sample-Program-1 { Uses LoginToken Receives Asymmetric-Shared-Keys-Of-HexaEight-Platform }
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-1 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Key-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5 Sample-Program-1 { Uses Sample-Program-1-Resource-Password And Asymmetric-Shared-Keys-Of-HexaEight-Platform Sends Encrypted-Request-To-Obtain-Asymmetric-Keys-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5 Receives Asymmetric-Shared-Key-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5 }
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-1 ||--|| Output : Displays-Encrypted-Data Sample-Program-1 { Uses Sample-Program-1-Resource-Password And Asymmetric-Shared-Key-Of-32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5 To Encrypt-Request Attaches Source-Identifier-To-The-Message-With-DOT-as-Delimiter }
%%{init: { 'theme': 'forest' } }%% erDiagram Incoming-Data ||--|| Sample-Program-2 : Receives-Encrypted-Data Sample-Program-2 { Parse Incoming-Data Retrieve Source-Identifier }
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-2 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Keys-Of-HexaEight-Platform Sample-Program-2 { Uses LoginToken Receives Asymmetric-Shared-Keys-Of-HexaEight-Platform }
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-2 ||--|| HexaEight-Platform : Fetches-Asymmetric-Shared-Key-Of-Source-Identifier Sample-Program-2 { Uses Sample-Program-2-Resource-Password And Asymmetric-Shared-Keys-Of-HexaEight-Platform Sends Encrypted-Request-To-Obtain-Asymmetric-Keys-Of-Source-Identifier Receives Asymmetric-Shared-Key-Of-Source-Identifier }
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-2 ||--|| Output : Decrypted-Data Sample-Program-2 { Uses Sample-Program-2-Resource-Password And Asymmetric-Shared-Key-Of-Source-Identifier Decrypts Incoming-Data }
%%{init: { 'theme': 'forest' } }%% erDiagram Sample-Program-2 ||--|| Authentication : Successful-If-Decrypted-Data-Makes-Sense-Else-Unsuccesful Sample-Program-2 { Parses Decrypted-Data Checks If-Sender-Information-Is-Present-And-If-It-Is-Authorized Checks If-Message-Is-Can-Be-Processed-Based-On-Receiver Checks If-Sent-And-Receive-Time-Is-Relevent Uses Body-To-Complete-Authentication-Process }
The previous eight steps provide an overview of the anatomy of HexaEight Authentication, which enables secure machine-to-machine authentication with encryption capabilities.
Domain Resource Identity or Generic Resource Identity can be assigned to machines, systems, hosts, or programs.
In other words, two machines, systems or programs can communicate with each other securely, without being dependent on a specific protocol. This can be very useful in real-world scenarios where secure communication is crucial factor for basic operations.
To successfully execute the Sample Programs, you must follow these steps:
- Obtain an API Key by subscribing to the Basic Plan which allows you to fetch 100 machine keys per month for FREE.
- Paste the API Key in both Sample Programs.
- Execute Sample Program 1
- Copy the encrypted output from Sample Program 1.
- Paste the encrypted output in Sample Program 2.
- Run Sample Program 2.
By following these steps, you will be able to successfully run the Sample Programs and decrypt information between them using HexaEight Authentication.
Fetching an Asymmetric Shared Key of any destination from HexaEight Platform will count for one machine token.
HexaEight Platform implements Perfect Forward Secrecy, which means that asymmetric keys used for encrypting and decrypting information between two resources are changed every 15 minutes.
Specifically, new keys for all resources are generated at the 00th, 15th, 30th, and 45th minute of every hour, 24/7. As a result, when a resource fetches an asymmetric shared key for a destination to encrypt information, both the source and the destination resources need to have the same key for that 15-minute interval. Otherwise, decryption will fail.
Therefore, if Sample Program 2 sometimes fails to decrypt information, it could be due to a difference in the asymmetric shared key used by the source and destination resources during that 15-minute interval.
Copy the Below Text and Paste In Sample Program 2 :
PoRVXtnCGc8A5lSiO4g3odC9RzupNbUvfb2o6S7/IAFGzENirLlgztA+mE0OG2/Nv7NodMGzHAaIya+sQJpaDl4N18UQc1NBItqUbxbkauusn1Hmg5GZikuG5n+16taFTeWLxSDgzb8l6DX3XUqn0B1ivc9/dcfl88g8N/PDByPmkHPWk+RCOwz7bR/bAK45z1LDVEdoYtTYSr9HL2+FGIUyAuKMxV/WHttRlmftQKsHFFITx7zVCzCdlOOqaIRlf+UlsI+W7N+fsuVLr/bHlK+Eu0ES08FN1PiYofqWB18=.yaEqHFQP2moMInEuXDUqZp498y9cY7Vd0gTfBe2DfFM+AZOeQVSqKOJagUFkNEMF30wsJLdLXnnzIIqRJOxGd4092h0nHf9VnyKyoS9TvATiZqeNKyAdXwVrLX5tID2DGS9hW1EMYA1VWa2RymIcNvBLqmg2X2ACV5qfeHgpFBuOPVtYHTpIi/B0TyNABEESl4DHbfQL21XeFXRnL1GXYrN8kSBZeZ9g0zLiocqFmHJAgVRy9m3BlcpEgickOjIGjT1Fat9/EQ7GB96eTVM9Ca0wTVKioTcIjaEvVwZFqpS3MjQb9QNRDTYZjoXUhy1Ua1RTPekNIyvIbEoD8Xkpl449FAQGEA8r5EbJez1u/3p9bWh56mUbGtJBu2oVA2AjtlhTkp1Szw1kRjJ2AgWcjVR7/psSIPRCFhPfYZiPvV2NPQUqc172dElurW3SaItFeJ2XRbVYjjS1XNF6ljqKbThR/2vPITg9FBSll84YQiWhituORCcpFUgJCCvUFqRIjT0=
The Decrypted JSON Data is below :
Sender :A9CB8EFAF7D258CC03DCD71C37295B5FE7BE435DF13A43239D34EEDD4C21D464
Receiver :32F06EE16908D7D40732761920122DDC80068DF91C3542DD9C787D49C6F214E5
Message Encrypted At :1676873475
Message Decrypted At :1676873499
Message Body :This is a Sample Encryption Request
HexaEight Platform requires the following to fetch the asymmetric shared keys of a destination and enable the encryption or decryption of information
- A valid login token.
- The password associated with the login token.
- The resource name of the destination.
A Resource Asymmetric Shared Key is also referred to as a Machine Token.