Cryptographic authentication is concerned with recognizing an entity as one that is in possession of a secret cryptographic key. The entity may be a device containing the key, or a user owning such a device. Cryptographic authentication may encompass ascertaining the identity or some attributes of the device owner asserted by an authoritative third party, or recognizing the user as a repeat visitor or as the owner of a previously established account.
Cryptographic authentication can be combined with other authentication factors for remote identity proofing using rich credentials, and for cardholder authentication.
Here we are concerned with cryptographic authentication to web applications by proof of possession of the private key component of a key pair. The zip file:
contains two applications that demonstrate the concept using the PJCL cryptographic library both on the client side and the server side:
- The web app app-mongodb.js is a proof-of-concept Node.js web app that shows how to use cryptographic authentication with a MongoDB database back-end.
- The web app app-nodb.js is a simpler Node.js app that has the same functionality and the same front-end as app-mongo-db.js but emulates the database using JavaScript objects.
Note. Both files have been updated to change the name of the constant securityStrength to rbgSecurityStrength.
This series of blog posts discusses several aspects of app-mongodb.js:
- Cryptographic authentication with Node.js and MongoDB
- Credential Registration for Cryptographic Authentication with Node.js and MongoDB
- Login Session Maintenance in Node.js using Express and Handlebars
- Random Bit Generation with Full Entropy and Configurable Prediction Resistance in a Node.js Application
An earlier cryptographic authentication demo can be found in the PJCL page.