Eden Progress: Setting up the Database, Encryption, and Authentication
Apr 11, 2017
Update (2022/10/14): I haven't bothered to work on this project for quite a long time, but am keeping this blog post up for archival purposes.
The decision was made early on to have Eden be a centralized system. A server will handle most of the functionality for Eden, acting as the brain. Clients will connect to the server, waiting for messages and commands. When these clients connect to the server, it is important to make sure the clients can prove their identity by authenticating.
With the Eden server using TLS already, I figured I may as well use TLS for client authentication. To do this, I have the Eden client generate and save a self-signed ECDSA TLS certificate and key. The TLS certificate is given to the server so it can authenticate TLS connections from the client.
To store the data on the Eden server, I decided to set up a MySQL database. All of the sensitive data in the database is encrypted with AES256-GCM to keep it safe.
Thanks to these systems, only authorized clients can connect to the server and only someone with the decryption key of the database could decrypt it.
Now that the server and client code are at a point where the server and client can connect to each other and the server can connect to other services, I can begin working on a the syntax of a general command language in order to give Eden instructions, like setting up appointments or playing music.