Hi Folks,
Thanks to input here, I'm stuck in to shared sessions. I've found it easy to request a shared session, and to get the contents of that shared session via the API.
My stumbling block is decryption of the encrypted session key - I'm having to use the tool in the Tessitura Admin to decrypt so that I can test.
I know there is a full code sample, but it's not in languages we are currently running on the server I am working on. Is there documentation somewhere of the steps required to encrypt and decrypt (decrypt is key really - I don't need to be able to encrypt I don't think)? I can get a bit of an idea in the PHP code, but my PHP isn't that good - my efforts today have been miss rather than hit and miss!
I'd welcome any input!
Thanks,
Dan
Greetings, Daniel Brown! At True Tickets, we put together some documentation that we provide to our clients' custom website integrators that I think might help you out.
Also included is a web page utility (which uses native browser APIs) that you can use to test your encrypted session key to make sure it can be decrypted successfully.
Cheers,
DGomez
True Tickets - Tessitura Integration - Seamless Authentication Cookie Requirements - 2023-03-16.pdf
true-tickets-seamless-auth-cookie-decrypter.zip
Thanks DGomez
That's the most broken down I've seen it, clear and really useful. I'm far more used to JavaScript so should find it easier to understand thanks to your decryption sample too.
I'm going to focus on everything else I have to do for launch first, and come back to this last - but I think this should give me a massive help!
Hey DGomez, just to say thanks - I've used you JavaScript as the basis for a new webpage. My app sends a post request to this, the response being the decrypted string. This would be insecure if public facing, so the page is blocked to external access and can only be requested from within the server.
It's a bit hacky, but making use of native JavaScript saved installing a load of new encryption components on the server, so it's a quick solution for the rush I'm in now!
Thanks for everything you sent, it was really helpful - once the pressure is off in terms of launch date, I will use it to build a more elegant approach :)
Hi Daniel,
If you're looking at implementing your own decryption code in JS then you'd need something like this
// Values you'll need to get from TNEW admin * hmacLength * hmacKey * blockSize * passphrase * salt * encryptionKeyIterations * encryptionKeyLength
let encryptedSessionKey = 'xxxx'; // with base64 encoding (as we pass it via URL parameter)encryptedSessionKey = Buffer.from(encryptedSessionKey, 'base64');let hmac = ciphertext.slice(0, hmacLength); // slice hmac based on hmac lengthlet encryptedMessage = ciphertext.slice(hmacLength); // slice encrypted message (iv + encrypted bytes)let newMac = crypto.createHmac('sha256', hmacKey); // create a new HMAC based on encrypted message newMac.update(encryptedMessage, 'binary');newMac = newMac.digest('hex');if (hmac.toString('hex') !== newMac.toString('hex')) { throw 'Hmac failure';}let iv = encryptedMessage.slice(0, blockSize); // slice iv from encrypted messagelet encryptedBytes = encryptedMessage.slice(blockSize); // slice encrypted bytes from encrypted messagelet encryptionKey = crypto.pbkdf2Sync(passphrase, salt, encryptionKeyIterations, encryptionKeyLength, 'sha1');// derive key using PBKDF2let decipher = crypto.createDecipheriv('aes-256-cbc', encryptionKey, iv);// create cbc decipher with key and ivlet decrypted = decipher.update(encryptedBytes);// deciper encrypted bytesdecrypted = Buffer.concat([decrypted, decipher.final()]);// This should give you a string with the session key and datetime stamp separated with a pipereturn decrypted.toString();