Replies: 4 comments 5 replies
-
This may help: https://web.dev/articles/push-notifications-web-push-protocol#the_payload_encryption |
Beta Was this translation helpful? Give feedback.
-
Looking at RFC 8188 you need to generate some of the keys using hash_hkdf() |
Beta Was this translation helpful? Give feedback.
-
I have picked up this after receiving some new intel about how to decrypt the notification payload. The server the PHP app is running on is accessible, I have tested this with some online tools. |
Beta Was this translation helpful? Give feedback.
-
What are these values? Are they base64 URL Safe encoded values?
For p256dh, if you have it in
It should be:
|
Beta Was this translation helpful? Give feedback.
-
I'm building a PHP Web Push notification Listener for Mastodon.
I successfully created a subscription by sending the following post data to the Mastodon subscription API uri
When I mention, or send a DM to the account the subscription is set up for, the PHP script receives a POST request with a notification. The notification payload is picked up by using
file_get_contents("php://input")
. This is binary data.My question now is how do I decrypt this binary data. I have tried converting the payload to hex first, and then feeding it to
openssl_decrypt()
but I'm not sure what keys to use and so I'm kinda in the dark here. Any help is appreciated.Update:
Here's a copy of the POST headers received by the Web Push Notification from Mastodon
The actual values of the keys is replaced with some words, because of security. Dots [.], identifiers [xx=] and semicolons[;] are left in place.
openssl_decrypt()
uses the following parameters:Now the challenge is to map the keys from the headers to these parameters, in combination with a private key that was submitted during the subscription. Any help with this is appreciated.
Beta Was this translation helpful? Give feedback.
All reactions