Skip to content

Key server flow

Jump to bottom
Joshua Thijssen edited this page Sep 13, 2020 · 2 revisions

This should be pretty much the flow of the keyserver:

key-server:
POST hash(john@acme-inc!)
	public-key
	server
	<authorization-signature>
	<mutate-signature>
	
Does hash exist?
Yes:
	mutate-signature present and correct?
	Yes:
		Update account
		return 200: update ok
	No:
		return 401: no create without mutate-signature
No:
	Without organisation? -- ISSUE: We only have a sha256 hash, no info if the address is part of an organisation!!!
	Yes:
		Create account
		return 201: creation ok
	No:
		check authorization-signature
		get info from organisation hash (org-@organisation!)
		verify authorization-signature: sha256(hash + server) verify with pubkey organisation
		Correct:
			is server allowed?
			no:
				return 401: not allowed for this server
			yes:
				create account
				return 201: creation ok
		Incorrect:
			return 401: incorrect authorization
Clone this wiki locally