Security considerations

Aarambh signs all API requests using the ED25519 digital signature scheme. The signature is included in the request as part of the Authorization header.

Header Format

Signature keyId="{subscriber_id}|{unique_key_id}|ed25519",algorithm="ed25519",created=' \
             f'"{created}",expires="{expires}",headers="(created) (expires) digest",signature="{signature}"

• keyId: Identifier of the public key used to verify the signature (provided during onboarding).

• signature: Base64-encoded ED25519 signature of the request.

Signature Validation Guidelines for Network Participants (NPs)

1. Extract the relevant request data (e.g., signature,expires,created).

2. Reconstruct the original message used for signing, based on Aarambh's signing specification (details shared during onboarding).

3. Verify the signature using the ED25519 algorithm and the corresponding public key identified by keyId.

4. Reject the request if signature validation fails; proceed only if it passes.

🔐 Public keys for signature validation will be securely shared with NPs during the onboarding process.