Goal

In developing a larger deploy toolset for sites on shared servers I found myself in need of a library that can use openssl key pairs to sign and verify requests. This would allow a public server to receive requests but only take action on requests sent using a specific key which is not publicly accessible.

Process

1. Researched existing Clojure libraries but found mostly general encryption libs
2. Researched existing java solutions
3. Found a tutorial on signing and verifying signed requests (jackpot! 💰)
4. Implemented Clojure solution
5. Wrote unit tests
6. Created PHP test server to receive and verify the signed requests

Discoveries

• Learned how signing and verifying signed requests work
• Learned how to generate key pairs using openssl CLI
• Learned how to convert key pairs to pem format which is what the Java API expects