Access messages are created by Agents and includes sufficient information to authenticate and start using a service.
Access to service is granted after Agent receives notification of new channel was created for his offering:
event LogChannelCreated(address indexed _agent, address indexed _client, bytes32 indexed offering_hash, uint192 _deposit)
When Client receives Ethereum event
LogChannelCreated , he knows that he should shortly try to contact Agent and get
access message. Client queries Agent for
access message, providing
channel key compliant with smart contract method:
function getKey(address _client_address, address _agent_address, uint32 _open_block_number, bytes32 _offering_hash)
Agent than retrieves
access message from database and passed it to Client.
access message is always encrypted using Client's public key, thus can be decrypted only by intended Client. Client's public key is reconstructed from
createChannel Ethereum transaction.
Access message (aka endpoint message) is created by Agent according to
After Agent receives event
LogChannelCreated he should process order and give access to Client for a service.
Access message is generated and then stored in
Privatix core database ready to be passed to Client on demand.
Client queries Agent for
access message via one of
Access message received from Agent (job
Then in job
Agent's signature verified
b. Message payload is decrypted
c. Matching access template is found in local database
d. Access message is validated to comply with
access template schema
Access is granted and maybe consumed by Client. Usually processed by Client's adapter.
Fill endpoint template (JSON)
Encrypt message payload using ECIES Ethereum implementation ecies.Encrypt()
Generate keccak-256 hash of encrypted message payload (as raw bytes)
Sign hash with private key using Ethereum crypto package
Keccak-256 hash of access message is used to uniquely identify access message. Hash is performed on whole offering message (already encrypted and signed).
Split message encrypted payload by removing last 64 bytes of message
Generate keccak-256 hash of message payload
Use Ethereum crypto package
SigToPub() function to retrieve Agent's public key
Compare provided in offering Agent's public key to that from step (3)
Decrypt encrypted message payload using ecies.Decrypt()
Validate message payload to corresponding template JSON scheme