Skip to content

Latest commit

 

History

History
64 lines (44 loc) · 1.55 KB

readme.md

File metadata and controls

64 lines (44 loc) · 1.55 KB

Connect-pgp

A middleware for Connect.js signing HTTP responses.

Usage

var connect = require('connect');
var pgpsign = require('connect-pgp');

// This is your super signing own function!
function doSign(msg, callback) {
  // Do signing stuff...
  callback(err, pgpSignedMessage);
}

// New connect app
var app = connect();

// Now signing HTTP requests!
app.use(pgpsign(doSign));

Triggering

Middleware triggers on HTTP header:

"Accept: multipart/signed"

then answers:

  HTTP/1.1 200 OK
  Content-Type: multipart/signed; boundary=bar; micalg=pgp-sha1; protocol="application/pgp-signature"

  --bar
  Content-Type: text/plain; charset=iso-8859-1
  Content-Transfer-Encoding: quoted-printable
  
& This is the body content.
& 
& Every word and every space in the body content body will be
& signed, even the two fields "Content-Type" and "Content-Transfer-Encoding"
& above, with the new line before this body content.

  --bar
  Content-Type: application/pgp-signature
  
  -----BEGIN PGP MESSAGE-----
  Version: 2.6.2

  iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
  jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
  uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
  HOxEa44b+EI=
  =ndaj
  -----END PGP MESSAGE-----
  
  --bar--

N.B.: the part of the response with '&' is what is signed.

License

This software is provided under MIT license.