Saphe Implementation - Server Side

Any server-side implementation will need to create a Saphe-data response to be returned to the user.

The format of the Saphe-data response is as follows:

--- Start of header ---

  • magic value [4 bytes] // the 4-char string 'SAPH'
  • status code [1 bytes] // can be 'X' (SapheData), 'Y' (invalid user) or 'Z' (blocked user)

--- Start of SapheData part ---

  • encrypted buffer size [4 bytes, little endian]
  • server challenge [16 bytes]
  • initialization vector (IV) [16 bytes]
  • plain hmac [20 bytes]
  • Encrypted buffer:
    • source ip [4 bytes, little endian]
    • requested url size [2 bytes, little endian]
    • requested url [requested url size]
    • authentication url size [2 bytes, little endian]
    • authentication url [authentication url size]
    • phishing report url size [2 bytes, little endian] // optional - size can be 0
    • phishing report url [phishing report url size]

Note that the SapheData part is expected as a hex-string!

The source code in SapheData.h supplies functions for creating the SapheData part:

  • CalculateEncryptedPartSize calculates the total size of the SapheData part from the three given URLs (requested, authentication, phishing report)
  • CreateEncryptedPart creates the actual SapheData part. This includes key derivation, SHA-1 HMAC calculation and AES-CFB encryption.

The following code shows an example of such implementation:

Back to implementation documentation page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License