Overview
Key System
Overview
The Key Management System leverages the secp256k1
elliptic curve cryptographic algorithm, utilizing key pairs that consist of a public key and a private key. The public key is shareable and used to derive wallet addresses or verify signatures, while the private key is confidential and grants complete access to the user’s assets and permissions.
Private Key
Each private key is a 256-bit scalar, encoded as 32 bytes. In hexadecimal format, this is represented as 64 characters, exemplifying strong cryptographic security. For instance: 0x12345678901234567890123456789012334567890123456789012345678901234
This key must be stored securely to prevent unauthorized access to the user's digital assets.
Public Key
The system supports the full serialization of public keys, which are 65 bytes in length. Unlike compressed public keys, which are 33 bytes, the full public keys include both the x-coordinate and the y-coordinate, providing higher security at the cost of increased data size. Our protocol mandates the use of the full public key to enhance security and interoperability within the network.
P2P Encryption Principle
Password Generation
The password generation process leverages Elliptic Curve Diffie-Hellman (ECDH) to ensure secure key exchange:
A's private key and B's public key are combined via ECDH to generate the shared secret
AB
.Similarly, B's private key and A's public key through ECDH produce the shared secret
BA
.Both operations result in the identical shared secret (
AB = BA
), enabling A and B to derive a shared password (S = AB = BA) that only they can access.
Encryption and Decryption
For data confidentiality, the system employs AES-256-CBC, a symmetric encryption standard:
A encrypts the message (M) using the derived password (AB) along with a random salt via AES-256-CBC, resulting in the encrypted output (M+).
B decrypts the encrypted message (M+) using the same password (BA) and salt through AES-256-CBC, recovering the original message (M).
TUN Construction Process
Follow these steps to establish a secure TUN (Tunneling) protocol environment:
Retrieve node information including the node's IP, port, and public key from the node list.
Establish a WebSocket connection using
ws://ip:port/xpp
.Upon successful WebSocket connection, you will immediately receive a string representing the TUN protocol's local IP.
Configure the local virtual network interface to complete the TUN setup.
Monitor the WebSocket for incoming data. Decrypt any data using the node's public key and your local private key via AES, then forward it to the TUN network card.
Any outgoing data read from the TUN network card should be encrypted using the node's public key and your local private key through AES, and subsequently sent over the WebSocket.
HTTP Interface
Register Account via Invitation Code
URL
http://node.aeronyx.network:10113/power/recv_invitation
Arguments
pubkey
: Requester's public key.timestamp
: Current request time (ms). The request will fail if the difference with the server time exceeds 15 seconds.code
: Invitation code.sign
: Signature, a hexadecimal result of signing the SHA256 hash of thetimestamp
string using the private key corresponding to the public key. It's similar toSign(sha256(str(timestamp)))
.
Return
Get Node List (GET)
URL
http://node.aeronyx.network:10113/power/get_node2
Arguments
pubkey
: The public key of the requester. This key is used to identify and authenticate the request.timestamp
: The current request time in milliseconds. The request is considered valid only if the time difference between this timestamp and the server's current time does not exceed 15 seconds.sign
: The signature, represented as a hexadecimal string. This is obtained by signing the SHA256 hash of thetimestamp
string with the private key corresponding to the public key provided. The signature process can be described by:Sign(sha256(str(timestamp)))
.
Return
The response is a JSON object with the following structure:
Get Node List by Passcode (GET)
URL
Access the API through this endpoint: http://node.aeronyx.network:10113/power/get_node_by_passcode
Arguments
This endpoint requires the following parameters:
pubkey
: The public key of the requester, used for identifying and verifying the sender.passcode
: A specific passcode required to access the node list.timestamp
: The current request time in milliseconds. It is critical that the client's clock is synchronized, as a timestamp difference greater than 15 seconds from the server's time will cause the request to fail.sign
: A signature, provided as a hexadecimal string. This is the result of signing the SHA256 hash of thetimestamp
string using the private key associated with the provided public key. The signing process can be described as:Sign(sha256(str(timestamp)))
.
Return
The response format is a JSON object structured as follows:
Get Protocol Text (GET)
URL
https://aeronyx.network/api/v1/cms/article?navigation_second_id=1&article_id=1
Return
Login to Node (GET)
URL
http://[Node IP]:[Node Port]/rpc/login
Arguments
pubkey
: Requester's public key. timestamp
: Current request time (ms). The request will fail if the difference with the server time exceeds 15 seconds. sign
: Signature, a hexadecimal result of signing the SHA256 hash of the timestamp
string using the private key corresponding to the public key. It's similar to Sign(sha256(str(timestamp)))
.
Return
Demo
We plan to write a series of sample codes to help developers access AeroNyx
CXX demo Completed
Python demo Under development...
Nodejs demo Under development...
Rust demo Under development...
Demo
We plan to write a series of sample codes to help developers access AeroNyx
Read the code in Github
CXX demo Completed
Python demo Under development...
Nodejs demo Under development...
Rust demo Under development...
Last updated