{"id":13827367,"url":"https://github.com/keygen-sh/example-node-response-signature-verification","last_synced_at":"2025-07-09T03:31:57.078Z","repository":{"id":30868957,"uuid":"126201167","full_name":"keygen-sh/example-node-response-signature-verification","owner":"keygen-sh","description":"An example implementation of verifying response signatures using cryptography to prevent tampering with cache payloads, replay attacks and MITM attacks.","archived":false,"fork":false,"pushed_at":"2022-06-25T03:36:34.000Z","size":8,"stargazers_count":4,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-08-04T09:06:41.124Z","etag":null,"topics":["code-sample","ed25519","keygen","license-keys","licensing","mitm-attacks","platform-example","rsa-cryptography","software-licensing"],"latest_commit_sha":null,"homepage":"https://keygen.sh","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keygen-sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-21T15:35:05.000Z","updated_at":"2024-08-04T09:06:41.125Z","dependencies_parsed_at":"2022-08-03T15:15:50.968Z","dependency_job_id":null,"html_url":"https://github.com/keygen-sh/example-node-response-signature-verification","commit_stats":null,"previous_names":["keygen-sh/example-node-response-signature-verification","keygen-sh/example-signature-verification"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keygen-sh%2Fexample-node-response-signature-verification","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keygen-sh%2Fexample-node-response-signature-verification/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keygen-sh%2Fexample-node-response-signature-verification/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keygen-sh%2Fexample-node-response-signature-verification/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keygen-sh","download_url":"https://codeload.github.com/keygen-sh/example-node-response-signature-verification/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225481528,"owners_count":17481175,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-sample","ed25519","keygen","license-keys","licensing","mitm-attacks","platform-example","rsa-cryptography","software-licensing"],"created_at":"2024-08-04T09:01:54.704Z","updated_at":"2024-11-20T06:31:41.921Z","avatar_url":"https://github.com/keygen-sh.png","language":"JavaScript","funding_links":[],"categories":["\u003ca id=\"42f9e068b6511bcbb47d6b2b273097da\"\u003e\u003c/a\u003e未分类"],"sub_categories":["\u003ca id=\"3bd67ee9f322e2c85854991c85ed6da0\"\u003e\u003c/a\u003e投毒\u0026\u0026Poisoning"],"readme":"# Example Signature Verification\nThis is an example of [verifying response signatures](https://keygen.sh/docs/api#signatures)\nusing your Keygen account's unique Ed25519 public key. You can find your public keys\nwithin [your account's settings page](https://app.keygen.sh/settings).\n\nVerifying response signatures will help prevent man-in-the-middle and replay\nattacks, where the attacker redirects traffic from your licensing server\n(e.g. Keygen) to their own locally controlled server. Other examples are\nwhen you have cached an API response locally and want to verify its integrity\n(i.e. it has not been tampered with).\n\n## Running the example\n\nFirst up, configure a few environment variables:\n\n```bash\n# Your Keygen account's Ed25519 verify key\nexport KEYGEN_VERIFY_KEY=\"YOUR_KEYGEN_ED25519_VERIFY_KEY\"\n\n# Keygen product token (don't share this!)\nexport KEYGEN_PRODUCT_TOKEN=\"YOUR_KEYGEN_PRODUCT_TOKEN\"\n\n# Your Keygen account ID\nexport KEYGEN_ACCOUNT_ID=\"YOUR_KEYGEN_ACCOUNT_ID\"\n```\n\nYou can either run each line above within your terminal session before\nstarting the app, or you can add the above contents to your `~/.bashrc`\nfile and then run `source ~/.bashrc` after saving the file.\n\nNext, install dependencies with [`yarn`](https://yarnpkg.comg):\n\n```\nyarn\n```\n\nThen run the script with the route you want to fetch:\n\n```\nyarn start '/licenses/442160c6-20d2-44a7-883d-245e38f651fd'\nyarn start '/users/dbe63060-eee7-4c87-98fa-f133fb8131fa'\nyarn start '/machines?page[number]=1\u0026page[size]=5'\n```\n\nThe above commands will only succeed if the signature verification is\nsuccessful, so be sure to copy your public key correctly. You can find\nyour public key within [your account's settings page](https://app.keygen.sh/settings).\n\n## Questions?\n\nReach out at [support@keygen.sh](mailto:support@keygen.sh) if you have any\nquestions or concerns!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeygen-sh%2Fexample-node-response-signature-verification","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeygen-sh%2Fexample-node-response-signature-verification","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeygen-sh%2Fexample-node-response-signature-verification/lists"}