Cryptographic authentication is concerned with recognizing an entity as one that is in possession of a secret cryptographic key. The entity may be a device containing the key, or a user owning such a device. Cryptographic authentication may encompass ascertaining the identity or some attributes of the device owner asserted by an authoritative third party, or recognizing the user as a repeat visitor or as the owner of a previously established account.
Here we are concerned with cryptographic authentication to web applications by proof of possession of the private key component of a key pair. The zip file:
contains two applications that demonstrate the concept using the PJCL cryptographic library both on the client side and the server side:
- The web app app-mongodb.js is a proof-of-concept Node.js web app that shows how to use cryptographic authentication with a MongoDB database back-end.
Note. Both files have been updated to change the name of the constant securityStrength to rbgSecurityStrength.
This series of blog posts discusses several aspects of app-mongodb.js:
- Cryptographic authentication with Node.js and MongoDB
- Credential Registration for Cryptographic Authentication with Node.js and MongoDB
- Login Session Maintenance in Node.js using Express and Handlebars
- Random Bit Generation with Full Entropy and Configurable Prediction Resistance in a Node.js Application
An earlier cryptographic authentication demo can be found in the PJCL page.