Skip to content

feat(crypto): rewrite verifyAccess to support asymmetric E2EE signatures (#93)#96

Open
annukumar123 wants to merge 3 commits into
Memact:mainfrom
annukumar123:feature/e2ee-crypto-verification
Open

feat(crypto): rewrite verifyAccess to support asymmetric E2EE signatures (#93)#96
annukumar123 wants to merge 3 commits into
Memact:mainfrom
annukumar123:feature/e2ee-crypto-verification

Conversation

@annukumar123

Copy link
Copy Markdown
Contributor

🎯 Overview

This PR addresses Issue #93 by upgrading the verifyAccess pipeline in the SDK from a plain JSON pass-through to a secure, asymmetric End-to-End Encryption (E2EE) cryptographic verification protocol.

🛠️ Changes Implemented

  • src/config-validation.mjs: Extended the client configuration validator schema to recognize and validate the optional, PEM-encoded privateKey property.
  • src/client.mjs: Rewrote the verifyAccess method to check for a privateKey. If present, it wraps the options payload with an automated validation timestamp, signs it using Node's native crypto engine (RSA-PSS-SHA256), and securely structures the outbound body with encrypted_payload, signature, and algo keys.
  • test/sdk.test.mjs: Added an isolated integration unit test suite that generates a mock RSA key pair to fully verify signature generation, cryptographic algorithm headers, and inner payload binding functionality.

🧪 Test Results

All 9 core tests and verification suites are passing successfully locally without errors:

✔ missing baseUrl throws (2.0578ms)
✔ capture posts to correct endpoint and fills defaults (43.4127ms)
✔ verifyAccess and runFeature post correctly (2.4922ms)
▶ UploadPanel E2EE Cryptographic Verification Suite (#93)
  ✔ verifyAccess generates cryptographic signature when privateKey configuration is set (249.8041ms)
✔ UploadPanel E2EE Cryptographic Verification Suite (#93) (250.2249ms)
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant