All signed data in zot is accomplished by performing an RSA sign operation using the private key of the initiator. The binary result is then base64url encoded for transport.
**Zot encryption**
Encryption is currently provided by AES256CBC, though additional algorithms MAY be supported. A 32-octet key and 16-octet initialisation vector are randomly generated. The desired data is then encrypted using these generated strings and the result base64url encoded. Then we build an array:
data: the base64url encoded encrypted data
alg: The chosen algorithm, in this case the string 'aes256cbc'.
key: The randomly generated key, RSA encrypted using the recipients public key, and the result base64url encoded
iv: The randomly generated IV, RDSA encrypted using the recipient's public key, and the result base64url encoded
**The zot basic packet**
Used for initiating a dialogue with another zot site. This packet MAY be encrypted. The presence of an array element 'iv' indicates encryption has been applied. When sending an 'auth_check' packet type, this packet MUST be encrypted, using the public key of the destination site (the site key, as opposed to a sender key).
Type: is the message type. One of 'notify', 'purge' refresh' 'force_refresh', 'auth_check', 'ping' or 'pickup'. The packet contents vary by message type. Here we will describe the 'notify' packet.
Sender is an array of four components.
The guid of the sender is typically a 64 character base64url encoded string. This is generated when an identity is created and an attempt is made that it be unique; though this isn't required.
The guid_sig is the RSA signature of the guid, signed by the sender's private key.
url is the base url of the location this post is originating from.
url_sig is the RSA signature of url, signed by the sender's private key.
These four elements provide a portable identity. We can contact the URL provided and download a zot info packet to obtain the public key of the sender, and use that to verify the sender guid and the posting URL signatures.
callback is a string to be appended onto the url which identifies the zot communications endpoint on this system. It is typically the string "/post".
version is the zot protocol identifier, to allow future protocol revisions to co-exist.
secret is a 64-char string which is randomly generated by the sending site.
secret_sig is the RSA signature of the secret, signed with the sender's private key.