Challenge approval

If the user approves the challenge request, the PKSA must create a challenge_ack_data object

The structure of the challenge_ack_data is:


    pubkey: string,
    challenge: string
  • pubkey: the account public key

  • challenge: the signed challenge

The PKSA will then encrypt the challenge_ack_data object using the encryption key previously shared with the APP (auth_key).

Finally, the PKSA then inform the HAS of the user's approval by sending the following message:


    cmd: "challenge_ack",
    uuid: string,
    data: string,
    pok: string
  • uuid: the challenge_req request identifier

  • data: challenge_ack_data encrypted with the auth_key and converted to Base64

  • pok: the uuid encrypted using the account private key and the HAS server public key (see Proof of Key)

Last updated