Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add info on encrypting requests and disabling signature validation in sandbox to DESCRIPTION.md #117

Merged
merged 5 commits into from
Dec 20, 2019
Merged

Add info on encrypting requests and disabling signature validation in sandbox to DESCRIPTION.md #117

merged 5 commits into from
Dec 20, 2019

Conversation

lexym
Copy link
Contributor

@lexym lexym commented Dec 18, 2019

No description provided.

@lexym lexym requested a review from andrederoos December 18, 2019 15:53
@lexym lexym changed the title Add an instruction on encrypting requests to DESCRIPTION.md Add info on encrypting requests and disabling signature validation in sandbox to DESCRIPTION.md Dec 18, 2019
@lexym lexym requested review from FNG21 and removed request for andrederoos December 20, 2019 08:19
FNG21
FNG21 reviewed Dec 20, 2019
View reviewed changes
DESCRIPTION.md Outdated
@@ -500,6 +500,30 @@ If you get an error telling you "The request signature is invalid", please check
- You use the data to sign to create a SHA256 hash signature.
- You have base64 encoded the SHA256 hash signature before adding it to the request under `X-Bunq-Client-Signature`.

**Note:** Though request signing is a must on production, you can choose to disable it on sandbox to simplify the testing. Here's how it works:

1. Set the `X-Bunq-Client-Signature-Validation-Policy` header of the request to `IGNORE_ONLY_FOR_TESTING`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now X-Bunq-Client-Signature :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True. Fixed it!

FNG21
FNG21 reviewed Dec 20, 2019
View reviewed changes
DESCRIPTION.md Outdated

Here is how to encrypt a request:
1. Generate a random [Initialization Vector](https://en.wikipedia.org/wiki/Initialization_vector) (IV) of 16 bytes.
1. Generate a random [Advanced Encryption Standard](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) (AES) key of 32 bytes.
Copy link
Contributor

@FNG21 FNG21 Dec 20, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is my bad, since I told you wrong, but lets make it 256 bits (32 bytes) since in terms of encryption we should always talk in bits. (it is practically the same since 32bytes == 256bits, but makes more sense like this)

(Thats what AES-256-CBC a few lines down comes from) :)

@lexym lexym merged commit 50f4429 into master Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FNG21 FNG21 FNG21 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lexym @FNG21