ADTPS is a unified system for securing ADTP Connections, similar to HTTPS.
It utilizes RSA to ensure that even if an attacker is listening from the moment a connection opens, the connection remains only readable by the server and client.
Step 1 (Client->Server)
{
"version": "ADTP/2.0",
"method": "read",
"headers": {
"request-content-type": "text/plain",
},
"uri": "/ADTPS/server-public-key",
"content": ""
}
This requests that the server returns its RSA public key.
Next, the server responds with an RSA public key.
Step 1 (Server->Client)
{
"version": "ADTP/2.0",
"status": "ok",
"headers": {
"content-type": "text/plain",
},
"content": "[SERVER PUBLIC KEY]"
}
Next, the client sends its RSA public key.
Step 2 (Client->Server)
{
"version": "ADTP/2.0",
"method": "read",
"headers": {
"content-type": "text/plain",
},
"uri": "/ADTPS/client-public-key",
"content": "[CLIENT PUBLIC KEY]"
}
Now, with public keys exchanged, the server responds with an ok status.
Next, the client generates an AES-GCM-256 Key. It encrypts this with the server's public key and sends it to the server.
From this point on, all content fields are encrypted with the AES-GCM-256 key and a randomly generated nonce. The nonce is encrypted with the server's public key if being sent from the client, and the clients public key if being sent from the server. It is then sent as a header.
"headers": { "nonce": "[ENCRYPTED NONCE]" }
Now your connection is encrypted!