340
edits
m (reduce replay possibilities) |
|||
Line 86: | Line 86: | ||
== Misc Commands == | == Misc Commands == | ||
=== ENCRYPT === | === ENCRYPT === | ||
Will cause all future messages from the server, except the first (the reply to the ENCRYPT command itself), to be encrypted (128 bit AES). The client will also have to encrypt all future requests sent to the server. All non-encrypted messages will be discarded by the server. The encryption key is the MD5 hash of a special (new/to be added) password defined in the users profile. A normal AUTH message is still necessary to authenticate and should follow the ENCRYPT command once the API has acknowledged the encryption. | Will cause all future messages from the server, except the first (the reply to the ENCRYPT command itself), to be encrypted (128 bit AES). The client will also have to encrypt all future requests sent to the server. All non-encrypted messages will be discarded by the server. The encryption key is the MD5 hash of a special (new/to be added) password defined in the users profile concatenated with the salt string as given in the reply to the ENCRYPT message. A normal AUTH message is still necessary to authenticate and should follow the ENCRYPT command once the API has acknowledged the encryption. | ||
'''Command String:''' | '''Command String:''' | ||
Line 92: | Line 92: | ||
'''Possible Replies:''' | '''Possible Replies:''' | ||
* XXX ENCRYPTION ENABLED | * XXX {str salt} ENCRYPTION ENABLED | ||
* XXX NO SUCH USER | * XXX NO SUCH USER | ||
* XXX ENCRYPTION PASSWORD NOT DEFINED | * XXX ENCRYPTION PASSWORD NOT DEFINED | ||
Line 104: | Line 104: | ||
* a logout (the logout message needs to be correctly encrypted) or timeout will disable the encryption | * a logout (the logout message needs to be correctly encrypted) or timeout will disable the encryption | ||
* in order to minimize server load, encryption should be disabled by default and should have to be enabled manually by the user in the configuration options. | * in order to minimize server load, encryption should be disabled by default and should have to be enabled manually by the user in the configuration options. | ||
* the encryption key is md5(special_api_password_of_user+salt) | |||
[[Category:Development]] | [[Category:Development]] |