The “config” verb is used for configuring or viewing an @sign’s block/allow list.
‘from’ verb functionality is determined by using the configurations of ‘config’ verb.
If an atsign is in block list, secondary server won’t allow it for authentication.
The @sign should be authenticated using cram/pkam verb prior to use the 'config' verb.
configuration syntax: block:add/remove:@sign list.
view syntax: block:show.
The cram verb is used to authenticate the @sign to the secondary server. On successful request, binds the @sign to the secondary server. The secret is appended to the challenge (response of from verb) and gives a SHA512 digest which serves as an input to the CRAM verb.
On successful cram verb request, the @sign is successfully authenticated to the secondary server and allows user to Add/Update, Delete and lookup the keys in their respective secondary servers.
We use “cram” authentication for the first time and will create a public/private key pair for pkam authentication for subsequent logins.
A malformed request closes the @sign client connection.
Syntax: cram:
Delete verb deletes a key from @sign's secondary server.
The @sign should be authenticated using the cram/pkam verb prior using the delete verb.
A malformed request closes the @sign client connection.
A delete request must contain the distinguished name of the key to be deleted.
Enroll verb enables a new app or client to request new enrollment to a secondary server
Secondary server will notify the new enrollment request to already enrolled apps which have access to __manage namespace.
The enrolled app which receives the notification may approve or reject the enrollment request.
Syntax
enroll:request:appName:
The “from” verb is used to tell the secondary server what @sign you claim to be, and the secondary server will respond with a challenge.
The challenge will be in the form of a full @ address and a cookie to place at that address. Before giving the challenge it will verify the client SSL certificate.
The client SSL certificate has to match the FQDN list in the root server for that @sign in either the CN or SAN fields in the certificate
Keys verb is specifically used to update security keys to the secondary keystore.
e.g. syntax to update default encryption public key
keys:put:public:keyName:encryptionPublicKey:namespace:__global:keyType:rsa2048:<encryption_public_key>
e.g. syntax to update encryption private key encrypted using apkam public key
keys:put:private:keyName:encryptionPrivateKey:namespace:__global:appName:
The "llookup" verb can be used to locally lookup keys stored on the secondary server. To perform local look up, the user should be successfully authenticated using cram/pkam verb.
A malformed request closes the @sign client connection.
Syntax: llookup:
The “lookup” verb allows the lookup of a particular address in the @ handles namespace. The “lookup” verb provides public lookups and specific key look ups when authenticated as a particular @ handle using the “from” and “pol” verbs.
If a lookup is valid the resulting information is returned with the data: header and a carriage return and a further @ prompt ready for further commands.
The @sign should be authenticated using the cram verb prior to use the lookup verb
Syntax: lookup:
Monitor verb is used to stream incoming connections from the secondary server to the client.
The “monitor:” verb is used to monitor either all or specific notification events that are sent using the “notify:” verb.
Optionally pass a regex to stream only notifications that match the regex.
e.g. monitor or monitor .wavi
The “notify” verb allows to notify the another @sign.
The @sign should be authenticated using the cram/pkam verb prior to use the notify verb.
A malformed request does not close the @sign client connection.
The “notify:all” allows to notify multiple @sign's at the same time .
The @sign should be authenticated using the cram/pkam verb prior to use the notify verb.
A malformed request closes the @sign client connection.
The “notify:list” verb displays all the notifications received by the @sign .
The @sign should be authenticated using the cram/pkam verb prior to use the notify verb.
A malformed request does not close the @sign client connection.
The “notify:remove” verb deletes the notification from Notification keystore.
The @sign should be authenticated using the cram/pkam verb prior to use the notify verb.
A malformed request does not close the @sign client connection.
The “notify:status” is used to get the notification status using notificationId
The notification status can be either delivered, errored, queued or expired.
The @sign should be authenticated using the cram/pkam verb prior to use the notify:status verb.
A malformed request does not close the @sign client connection.
The pkam( Public Key Authentication Mechanism) verb is used to authenticate the @sign to the secondary server. This is similar to how ssh authentication works. On successful request, binds the @sign to the secondary server.
On successful pkam verb request, the @sign is successfully authenticated to the secondary server and allows user to Add/Update, Delete and lookup the keys in their respective secondary servers.
The "plookup" verb, provides a proxied public lookups for a resolver that perhaps is behind a firewall. This will allow a resolver to contact a @ server and have the @ server lookup both public @sign's information.
This will be useful in large enterprise environments where they would want all lookups going through a single secondary server for the entity or where a single port needs to be opened through a firewall to lookup @signs.
The @sign should be authenticated prior to using the plookup verb.
A malformed request closes the @sign client connection.
The "scan" verb scans the available keys for you at the public level. If the key has a '_' character has it first character, then it is omitted from the scan list, although it can still be looked up if known.
The scan verb when used by unauthenticated @sign user, scans for keys that are available to you at your current state.
The scan when used by an authenticated user, scans all the available keys on the secondary server.
stats verb used to get all the available metrics
Syntax: stats
example: Number of active inbound/outbound connections, last commit ID etc.
These are the available metrics
'1' - Number of active inbound connections
'2' - Number of active outbound connections
'3' - Last Commit Id
'4' - Total Secondary storage size
'5' - Most Visited AtSign
'6' - Most Visited AtKeys
'7' - Secondary Server Version,
'8' - Last log in date time,
'9' - Total Disk Size
'10' - Last login datetime with PKAM
'11' - Notification count
Syntax: stats - List all the available metrics
We can provide specific metrics id's as a comma separated list
e.g. stats:1,2,3
stats:10
The "sync" verb is used to fetch all the keys after a given commit sequence number from the commit log on the server
Optionally pass a regex to fetch only keys that match the regex
Syntax: sync:<from_commit_seq>:
The "sync" verb is used to fetch all the keys after a given commit sequence number from the commit log on the server
Optionally pass a regex to fetch only keys that match the regex
Syntax: sync:from:<from_commit_seq>:limit:<10>:
The update verb adds/updates the keys in the secondary server. The update verb is used to set public responses and specific responses for a particular authenticated users after using the pol verb.
The @sign should be authenticated using cram verb prior to use the update verb.
A malformed request closes the @sign client connection.
The update meta verb updates the metadata of the keys in the secondary server. The update meta verb is used to set/update metadata of a key.
The @sign should be authenticated using cram verb prior to use the update meta verb.
A malformed request closes the @sign client connection.
