-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcomm.iuml
46 lines (42 loc) · 1.44 KB
/
comm.iuml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
@startuml
title Two-way encryption using ECIES
actor user
participant UI
participant Backend
user -> UI: Load Page
activate UI
UI -> Backend: GET /pubkey (SERVER_PKEY: server public key)
activate Backend
note right: SERVER_PKEY = Backend Public key\nSERVER_SKEY = Backend Private key
Backend --> Backend: Get SERVER_PKEY from storage
Backend -> UI: SERVER_PKEY(in compressed base64 format(35 base64 chars))
deactivate Backend
UI --> UI: Persist SERVER_PKEY in localStorage
UI --> UI: Generate key pair UI_SKEY, UI_PKEY (stored in-memory)
note left: UI_PKEY = UI Public key\nUI_SKEY = UI Private key
UI -> user: WebPage content
deactivate UI
note over UI, Backend: Only SERVER_PKEY, UI_PKEY are shared across network.\nSERVER_SKEY, UI_SKEY always remains with owner
user -> UI: GET /hello
activate UI
UI -> Backend: GET /hello (headers {x-pub-key : UI_PKEY})
activate Backend
Backend --> Backend: Encrypt response with UI_PKEY
Backend -> UI: Encrypted payload
deactivate Backend
UI --> UI: Decrypt payload with UI_SKEY
UI -> user: Response
deactivate UI
user -> UI: POST /data
activate UI
UI --> UI: encrypt payload body with SERVER_PKEY
UI -> Backend: POST /data (headers {x-pub-key : UI_PKEY}, body: encrypted)
activate Backend
Backend --> Backend: decrypt payload with SERVER_SKEY
Backend --> Backend: encrypt response with UI_PKEY
Backend -> UI: Encrypted payload
deactivate Backend
UI --> UI: Decrypt payload with UI_SKEY
UI -> user: Response
deactivate UI
@enduml