GithubHelp home page GithubHelp logo

suntobright / keyless-solution Goto Github PK

View Code? Open in Web Editor NEW
16.0 4.0 11.0 8.66 MB

The solution of keyless proxy.

Makefile 0.04% Shell 0.35% HTML 0.01% C 74.92% C++ 1.81% Perl 5.48% Vim Script 0.44% Roff 0.02% XS 0.09% DIGITAL Command Language 0.01% Objective-C 0.71% Perl 6 13.03% Prolog 1.55% Assembly 1.29% M4 0.19% eC 0.02% Module Management System 0.01% Emacs Lisp 0.02% Python 0.01%
keyless nginx openssl proxy

keyless-solution's Introduction

Keyless solution

The solution of keyless proxy.

The traditional proxy for SSL

SSL is widely used these years to provide secure communication links between clients and servers. Usually, to provide proxy service for these organizations' source servers, the proxy server has to keep the organizations' private keys. When a client is requesting the proxy server, the proxy server uses the private key to initialize a SSL link with the client as if it is the source server.

Since the proxy provider is usually a CDN (Content Delivery Network) company, there will be a security issue when distributing the private keys among the proxy servers.

The keyless proxy

Some organizations demand a higher secure level and won't trust the private keys to others. To provide proxy service to these organizations, CDN companies could use the keyless proxy. These organizations needn't share the private key with CDN companies. Instead, they have to distribute some keyless servers to provide keyless service for the usage of CDN companies.

When a client is requesting a proxy server, the server will try to initialize a SSL link with the client. During the SSL handshaking, some data needs to be processed with the private key. The proxy server will send these data to a keyless server, and the keyless server will use the private key to manipulate the data and respond with the outcome. The proxy server will complete the SSL handshaking with the outcome as if it is the source server.

This project is aimed to provide a demo solution for the keyless proxy, which is well-explained in the technical blog.

Components

To realize keyless proxy, there will be three components needed as follow:

  • Keyless Server, which is used to provide the keyless service. CloudFlare has published the source code of the keyless server in C and Go.
  • Proxy Server, which will request the keyless service and complete the SSL handshaking. Since a lot of companies use Nginx + lua as their business layer, I will modify the Nginx as the proxy server.
  • OpenSSL support, which will break down the SSL handshaking and wait the proxy server for the data processed by private key. To break down the SSL handshaking, OpenSSL needs some modification.

Note

The first version of the project is not finished yet. Since it's a part-time entertainment for me, I couldn't guarantee the develop progress. But I have realized it once before, so it should be soon.

Contact

Feel free to contact me via e-mail if you have any questions.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.