Git Product home page Git Product logo

mexicanoviva / attestationserver Goto Github PK

View Code? Open in Web Editor NEW

This project forked from fabian19941220-gmail-com/attestationserver

0.0 2.0 1.0 812 KB

Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.

Home Page: https://attestation.app/

License: MIT License

Java 72.39% JavaScript 8.94% HTML 16.16% CSS 1.70% Shell 0.81%

attestationserver's Introduction

See the overview of the project at https://attestation.app/about.

Email alert configuration

In order to send email alerts, AttestationServer needs to be configured with valid credentials for an SMTP server. The configuration is stored in the Configuration table in the database and can be safely modified while the server is running to have it kick in for the next email alert cycle.

Only SMTPS (SMTP over TLS) with a valid certificate is supported for remote email servers. STARTTLS is deliberately not supported because it's less secure unless encrypted is enforced, in which case it makes more sense to use SMTPS anyway. The username must also be the full address for sending emails.

For example, making an initial configuration:

sqlite3 attestation.db "INSERT INTO Configuration VALUES ('emailUsername', '[email protected]'), ('emailPassword', '<password>'), ('emailHost', 'mail.grapheneos.org'), ('emailPort', '465')"

API for the Auditor app

QR code

The scanned QR code contains space-separated values in plain-text: <domain> <userId> <subscribeKey> <verifyInterval>. The subscribeKey should be treated as an opaque string rather than assuming base64 encoding. Additional fields may be added in the future.

/challenge

  • Request method: POST
  • Request headers: n/a
  • Request body: n/a
  • Response body:

Returns a standard challenge message in the same format as the Auditor app QR code. The challenge can only be used once and expires in 1 minute.

The server challenge index is always zeroed out and the userId should be used instead.

/verify

  • Request method: POST
  • Request headers:

The Authorization header needs to be set to Auditor <userId> <subscribeKey> for an unpaired attestation. That will also work for a paired attestation if the subscribeKey matches, but it should be set to Auditor <userId> to allow for subscribeKey rotation.

  • Request body:

Standard attestation message in the same format as the Auditor app QR code.

  • Response body:

Returns space-separated values in plain text: <subscribeKey> <verifyInterval>. Additional fields may be added in the future.

attestationserver's People

Contributors

thestinger avatar

Watchers

avatar avatar

Forkers

papayaone

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.