Challenge approval

If the user approves the challenge request, the PKSA must create a challenge_ack_data object
The structure of the challenge_ack_data is:


pubkey: string,
challenge: string
  • pubkey: the account public key
  • challenge: the signed challenge
The PKSA will then encrypt the challenge_ack_data object using the encryption key previously shared with the APP (auth_key).
Finally, the PKSA then inform the HAS of the user's approval by sending the following message:


cmd: "challenge_ack",
uuid: string,
data: string,
pok: string
  • uuid: the challenge_req request identifier
  • data: challenge_ack_data encrypted with the auth_key and converted to Base64
  • pok: the uuid encrypted using the account private key and the HAS server public key (see Proof of Key)