webpadlock

Web Padlock Local Server

This should be running in the user workstation/laptop.

Run this local agent

From binary

Go to latest release and download these files:

Put all of them in the same folder and run server.exe.

From source

You will need Python 3.

Install requirements:

pip install -r requirements.txt

If you have got Python2 and Python3, remember to use pip3 command to install requirements.

Run server.py.

python server.py

Same, you might need to launch python3 command instead of just python.

API endpoints

Root (/)

Return a json with metadata. See below metadata claim.

Device information (/deviceinfo)

Return a JWT with information, signed with private key. Need at least one URL parameter. But it is indifferent. For example:

http://127.0.0.1:3000/deviceinfo?nonce=ggg&timestamp=yyy

Will return the following JWT.

JWT header

The header contains the algorithm (RSA, SHA-256) and the host certificate chain. Being the first certificate the one used in signing operation. The certificate’s CN must match the hostname. And its private key must not be user readable.

{
  "alg": "RS256",
  "x5c": ["MIIDa...8C7t"]
}

JWT claims

The claims have three parts:

Example:

{
  "metadata": {
    "name": "Web Padlock",
    "response-id": "OhRtVffSGMdvoePjmEoxdYNdMRoxMERatUkfKMwu",
    "version": {
      "mayor": "1",
      "minor": "0"
    }
  },
  "requestdata": {
    "nonce": "ggg",
    "timestamp": "yyy"
  },
  "systeminfo": {
    "hostname": "workstation001",
    "osname": "Windows",
    "osrelease": "8.1",
    "osversion": "6.3.9600",
    "user": "user001"
  }
}

TODO