Privacy Pass and tokens #57
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I have been playing around with tapir for possible integration into a project I have been working on and I wanted to get a demo running. I created 3 applications using the code from your tokenboard tests, 2 different AuthApps for client and server, and 1 token server. The client and server connect and auth just fine but when trying to purchase tokens I run into the below issues. The only real difference from your test code is that they are all separated out into different apps. Any idea where I went wrong?
Hi, it's hard to tell without seeing the code, but my first guess would be key confusion.
The original code was written with the assumption of having two different servers do the payment / verification - so I would check that you are providing the correct public keys in the correct functions - both the client and the server should have access to a third public key (the token service public key) which is used within the protocol (denoted Y in the code - https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/primitives/privacypass/tokenserver.go#L34)
Thanks for the quick reply! Now that makes sense since the client and server both have the token server initialized as: privacypass.NewTokenServer()
and only get the hostname for the freepaymenthandler. How would I go about passing the public key to the client and server?
This is an implementation specific decision - security-wise the only requirement is that both the client and the server agree on the public key.
You may want to investigate the tokenboard integration test which is an end-to-end test of the privacy pass functionality: https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/applications/tokenboard
We use a modified version of that in Cwtch itself:
How Cwtch Tokenboard Clients are implemented (https://git.openprivacy.ca/cwtch.im/cwtch/src/branch/master/protocol/connections/tokenboardclientapp.go)
And the server side: https://git.openprivacy.ca/cwtch.im/server/src/branch/trunk/server_tokenboard.go
On the key question:
You can extract just the public key from tokenservice: https://git.openprivacy.ca/cwtch.im/server/src/branch/trunk/server.go#L147
For Cwtch Servers we basically just package and export a set of public keys in a JSON struct: https://git.openprivacy.ca/cwtch.im/cwtch/src/branch/master/model/keyBundle.go
For historical reasons this code is part of Cwtch and not Tapir, but is generic enough that it should be able to be lifted as is with minimal modifications.
Thanks for the help! I have a good idea of where to go from here.