Signing Layer

The protocol specification is only relevant as background information or if you want to make your own Nabto WebRTC Signaling protocol implementation, e.g. for a currently unsupported target platform or app framework. For most applications, the standard implementations provided by Nabto through the available SDKs are sufficient - see the Applications guide.

The Nabto WebRTC Signaling protocol is split into four layers, this document is about the Signing layer:

  • WebRTC Signaling layer
  • Signing layer
  • Reliability layer
  • Routing layer

The signing layer can be modified to fit the application in question. This section describes the signing layer as implemented in the Nabto provided helper functions.

This layer is responsible for signing and verifying messages. When a message is generated in the higher layer, it is encoded into a JWT and sent to the Reliability Layer. The JWT can be signed in two ways: using a shared secret or using a NONE signature.

Using the shared secret allows the peer to authorize the other peer. If the other peer is to have unauthorized access or if authorization is based on the Signaling service token validation, the message is still encoded into a JWT for consistency but is signed using a NONE signature without any added security.

To guard against replay attacks, the Signing layer includes a sequence number. To link this sequence number to the current session the message contain a signerNonce and a verifierNonce. In the first roundtrip between the client and device, (the exhange of SETUP_REQUEST, SETUP_RESPONSE) the nonces are exchanged. This means that the initial SETUP_REQUEST from the client is possible to replay, but not later messages from the client or device as they include nonces from both peers.

When receiving a message, the receiver verifies the nonces and the sequence number. The sequence numbers starts from 0.

The signing layer has two different messages JWT and none.

Messages signed using JWT:

{
  type: "JWT",
  jwt: "x.y.z" // jwt string
}

Message without a signature:

{
  type: "NONE",
  message: json
}

A JWT has the following signature.

{
  alg: "HS256",
  kid?: string,
}
{
  message: json,
  messageSeq: number,
  signerNonce: string,
  verifierNonce?: string
}