How to authorise an app to send messages on our behalf

Sometimes you want to send messages from an app. This can come in handy when using tooling for instance. Suppose you have a number of apps running that will send emails for notification or transactional purposes. You want to use your "info@myapp!" address for this.

Normally, sending emails would mean we need to copy the private key to each app in order to let it send mail. This could be tricky, as now your private key is published at multiple places.

So instead, we use an authorization key system and works the following way:

Each app generate a keypair
The public key gets signed by the account holder (the account you want to send on behalf of)
The signed public key (the "signature"), gets sent with a message together with the apps public key and the account holder hash. However, the message will be signed & encrypted using the private key of the app, not the private key of the account holder.

When decrypting a message, the following will happen:

if a message is sent by an authorised app, it will first check if the signature is valid by computing the signature with the account holder public key.
if this is true, the authorised app public key, also sent along with the message, can be trusted to verify the signature of the header and for decrypting the message.

BitMaelum Logo

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to authorise an app to send messages on our behalf

Clone this wiki locally