AVS Security

How AVS Security Works

The AVS Security component within the AVS-SDK is designed to provide secure handling of node credentials, authentication, and data encryption. With AVS Security, you can generate and validate access tokens for nodes, as well as encrypt and decrypt sensitive data. This guide introduces the AVS Security setup and functionality, ensuring that your node interactions and data remain secure.

Importing and Using AVS Security

To incorporate AVS Security into your application, begin by importing it from the AVS-SDK. Here’s an example of how to do this:

const AVSSecurity = require('avs-sdk').AVSSecurity; // Import AVSSecurity from avs-sdk

After importing, create an instance of AVSSecurity by providing a secret key. This key will be used to generate tokens and encrypt data, ensuring secure node operations. Let’s explore each function in detail.

AVS Security: Functions and Usage Overview

The AVS Security module in the AVS-SDK offers a range of tools to securely manage node credentials, authenticate requests, and handle data encryption. Here’s a breakdown of the available functions and how they can be used to protect your nodes.

Available Functions

Constructor - AVSSecurity(secretKey)

  • Purpose: Creates an instance of AVSSecurity with a specified secret key, which is used to generate tokens and encrypt/decrypt data.

  • Usage: This constructor is the starting point for setting up AVSSecurity. Each instance will require a unique secretKey for secure operations.

  • Example:

    const security = new AVSSecurity('yourSecretKey');

    Here, security is an instance of AVSSecurity configured with a secret key, ready to manage credentials and secure data.

Generate Node Credentials - generateNodeCredentials()

  • Purpose: Creates a unique identifier (nodeId) and a secure access token for a node, used to authenticate node requests.

  • Usage: Use generateNodeCredentials to assign credentials to a new node.

  • Example:

    const credentials = security.generateNodeCredentials();
console.log(credentials); // { nodeId: 'uniqueNodeId', accessToken: 'secureToken' }

  • What to Expect: This function generates a nodeId and a corresponding accessToken that expires in 24 hours. The token is used to verify the node’s identity securely.

Validate Request - validateRequest(token)

  • Purpose: Verifies an incoming request by checking the validity of its access token.

  • Usage: Use validateRequest to authenticate requests to your node, ensuring only authorized nodes can interact.

  • Example:

    try {
    const nodeData = security.validateRequest('someAccessToken');
    console.log('Node validated:', nodeData);
} catch (error) {
    console.error(error.message); // Outputs 'Invalid authentication token' if the token is invalid
}

  • What to Expect: If the token is valid, the function returns the token’s associated node data. Otherwise, an error is thrown, indicating the token is invalid.

Encrypt Data - encryptData(data)

  • Purpose: Encrypts sensitive data using AES-256-GCM encryption, ensuring data remains secure during transmission or storage.

  • Usage: Call encryptData with any data you wish to protect.

  • Example:

    const encrypted = security.encryptData({ sensitiveInfo: 'secretData' });
console.log(encrypted); // { encrypted: 'cipherText', iv: 'initializationVector' }

  • What to Expect: This function returns an object with the encrypted data (encrypted) and the initialization vector (iv) needed for decryption.

Decrypt Data - decryptData(encryptedData, iv)

  • Purpose: Decrypts previously encrypted data using the AES-256-GCM method, making it readable again.

  • Usage: Use decryptData to access the original data by providing the encrypted data and its initialization vector.

  • Example:

    const decrypted = security.decryptData(encrypted.encrypted, encrypted.iv);
console.log(decrypted); // Original data object

  • What to Expect: This function returns the decrypted, original data, ensuring you can securely access information that was previously encrypted.

Putting It All Together

With AVS Security, you can easily manage node authentication and data encryption to ensure secure communication within your decentralized system. Here’s a full example demonstrating the usage of AVS Security functions:

const AVSSecurity = require('avs-sdk').AVSSecurity;

const security = new AVSSecurity('yourSecretKey');
const credentials = security.generateNodeCredentials(); // Generate credentials for a new node

try {
    const nodeData = security.validateRequest(credentials.accessToken); // Validate the node's access token
    console.log('Validated Node:', nodeData);

    const encrypted = security.encryptData({ sensitiveInfo: 'secretData' }); // Encrypt data
    const decrypted = security.decryptData(encrypted.encrypted, encrypted.iv); // Decrypt data
    console.log('Decrypted Data:', decrypted); // Outputs the original data
} catch (error) {
    console.error(error.message); // Handle any validation errors
}

Summary of Functionality

  • AVSSecurity(secretKey): Initializes an AVSSecurity instance with a secret key for secure operations.

  • generateNodeCredentials(): Generates a unique node ID and access token, authenticating nodes within your system.

  • validateRequest(token): Verifies an access token, ensuring that only authorized nodes can interact.

  • encryptData(data): Encrypts sensitive data, protecting it during transfer and storage.

  • decryptData(encryptedData, iv): Decrypts previously encrypted data, allowing access to the original information.

The AVS Security module is an essential layer in the AVS-SDK, making it straightforward to implement robust authentication and data encryption within decentralized services.

PreviousAVS MonitorNextAVS Load Balancer

Last updated