{"id":335,"date":"2023-12-27T05:21:15","date_gmt":"2023-12-27T05:21:15","guid":{"rendered":"https:\/\/www.bhoomabrsr.com\/blog\/?p=335"},"modified":"2023-12-27T19:57:22","modified_gmt":"2023-12-27T19:57:22","slug":"how-to-gain-server-side-trust-on-the-client-side-dpop-rfc-9449","status":"publish","type":"post","link":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/2023\/12\/27\/how-to-gain-server-side-trust-on-the-client-side-dpop-rfc-9449\/","title":{"rendered":"How to Gain Server-Side Trust on the Client-Side? DPoP (RFC 9449)"},"content":{"rendered":"\n<p>Verifying client identity is crucial in data transmission, commonly achieved through <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc8705\">mutual Transport Layer Security (mTLS i.e. RFC 8705)<\/a>, where both client and server authenticate using digital certificates. However, obtaining client TLS certificates can be complex. <br><br><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc9449\">The DPoP (Demonstration of Proof of Possession &#8211; RFC 9449)<\/a> specification, uses cryptographic key pairs instead of TLS certificates, simplifying the process. It securely links a token to a specific HTTP request and client by including a DPoP proof (typically a JWT with a cryptographic signature) with each access token request. This method enhances security against token theft and allows dynamic key generation, operating at the application level.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">RFC 9449 vs RFC 8705<\/h3>\n\n\n\n<p>RFC 9449 (DPoP) simplifies authentication by letting clients generate a private and public key pair, eliminating the need for a TLS certificate. In contrast, RFC 8705 (mTLS) requires TLS certificates for bidirectional authentication, posing challenges in certificate distribution to clients.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Challenges with DPoP:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Securely storing and distributing public keys:<\/strong>&nbsp;Ensuring clients can register and update their keys securely without risk of unauthorized access or manipulation.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Feature<\/th><th>DPoP (RFC 9449)<\/th><th>mTLS (RFC 8705)<\/th><th>Token Binding (RFC 8471)<\/th><\/tr><\/thead><tbody><tr><td>Authentication<\/td><td>Client-side signature using key pairs<\/td><td>Client-side TLS certificate<\/td><td>Client-side cryptographic token<\/td><\/tr><tr><td>Integration Layer<\/td><td>Application layer<\/td><td>Transport layer (HTTPS)<\/td><td>Application layer<\/td><\/tr><tr><td>Complexity level<\/td><td>Simpler key management<\/td><td>Requires TLS certificate infrastructure<\/td><td>Browser support is limited<\/td><\/tr><tr><td>Protection<\/td><td>Token theft, replay, unauthorized usage<\/td><td>Man-in-the-middle attacks, eavesdropping<\/td><td>Token theft, replay<\/td><\/tr><tr><td>Performance<\/td><td>Less overhead than mTLS<\/td><td>Some overhead due to TLS handshake<\/td><td>Negligible overhead<\/td><\/tr><tr><td>Flexibility<\/td><td>Can be used with various authentication flows<\/td><td>Tied to TLS-based connections<\/td><td>Can be used with different protocols<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"791\" src=\"https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-1024x791.png\" alt=\"\" class=\"wp-image-343\" srcset=\"https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-1024x791.png 1024w, https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-300x232.png 300w, https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-768x594.png 768w, https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-1536x1187.png 1536w, https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-2048x1583.png 2048w, https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-940x726.png 940w, https:\/\/www.bhoomabrsr.com\/blog\/wp-content\/uploads\/2023\/12\/dpop-2-518x400.png 518w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">1. Client: Generate Key pair using Web Crypto API (https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Web_Crypto_API)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Private keys can be non-extractable for more security.<\/li>\n\n\n\n<li>For demonstration purposes, the encryption algorithm is fixed, and the JWK format is not utilized.&nbsp;<\/li>\n\n\n\n<li>You can execute code snippets in the browser console to view them in action.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: jscript; title: ; notranslate\" title=\"\">\nconst payload = { &quot;key&quot;: &quot;abcd&quot; };\nasync function generateKeyPair() {\n    const keyPair = await window.crypto.subtle.generateKey(\n        {\n            name: &quot;RSASSA-PKCS1-v1_5&quot;,\n            modulusLength: 2048,\n            publicExponent: new Uint8Array(&#x5B;1, 0, 1]),\n            hash: { name: &quot;SHA-256&quot; },\n        },\n        true,\n        &#x5B;&quot;sign&quot;, &quot;verify&quot;]\n    );\n    return keyPair;\n}\nconst keys =  await generateKeyPair()\nconsole.log(keys);\n<\/pre><\/div>\n\n\n<h4 class=\"wp-block-heading\">2. Client: Sign a request using the Private key<\/h4>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n\/\/gen signature\nasync function signData(privateKey, data) {\n    const encoder = new TextEncoder();\n    const encodedData = encoder.encode(data);\n    const signature = await window.crypto.subtle.sign(\n        &quot;RSASSA-PKCS1-v1_5&quot;,\n        privateKey,\n        encodedData\n    );\n\n    return signature;\n}\nconst signature = await signData(keys.privateKey, payload);\nconsole.log(signature);\n<\/pre><\/div>\n\n\n<h4 class=\"wp-block-heading\">3. Server: Signature Verification on the server side<\/h4>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n\/\/verify signature\nconst receivedPayload = { &quot;key&quot;: &quot;abcd&quot; };\nasync function verifySignature(publicKey, signature, data) {\n  const encoder = new TextEncoder();\n  const encodedData = encoder.encode(data);\n\n  const isValid = await window.crypto.subtle.verify(\n    {\n      name: &quot;RSASSA-PKCS1-v1_5&quot;,\n      hash: { name: &quot;SHA-256&quot; },\n    },\n    publicKey,\n    signature,\n    encodedData\n  );\n\n  return isValid;\n}\nconst isValid = await verifySignature(keys.publicKey, sigV4, receivedPayload);\nconsole.log(isValid);\n<\/pre><\/div>\n\n\n<h4 class=\"wp-block-heading\">4. Server: process data and send back requested data if the signature is valid<\/h4>\n","protected":false},"excerpt":{"rendered":"<p>Verifying client identity is crucial in data transmission, commonly achieved through mutual Transport Layer Security (mTLS i.e. RFC 8705), where both client and server authenticate using digital certificates. However, obtaining client TLS certificates can be&hellip; <a href=\"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/2023\/12\/27\/how-to-gain-server-side-trust-on-the-client-side-dpop-rfc-9449\/\">More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,33,34,1,20],"tags":[45],"class_list":["post-335","post","type-post","status-publish","format-standard","hentry","category-csrf","category-specifications","category-standards","category-uncategorized","category-web-security","tag-dpop"],"_links":{"self":[{"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=335"}],"version-history":[{"count":6,"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/335\/revisions"}],"predecessor-version":[{"id":344,"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/335\/revisions\/344"}],"wp:attachment":[{"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bhoomabrsr.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}