Getting Started with Veridot

Welcome to Veridot! This guide will help you get up and running with secure, distributed token verification in your applications.

What is Veridot?

Veridot is a multi-language library that enables secure token verification in distributed systems using:

  • Ephemeral asymmetric cryptography - No shared secrets
  • Distributed metadata propagation - Public keys shared via Kafka or databases
  • High-performance verification - Sub-millisecond token validation

Choose Your Language

☕ Java

Production-ready with Spring Boot integration

  • Maven/Gradle support
  • Multiple broker implementations
  • Enterprise monitoring hooks
Java Guide →

🟢 Node.js

TypeScript-first with automatic key management

  • npm package available
  • LMDB for fast local storage
  • Environment-based configuration
Node.js Guide →

Quick Installation

Java (Maven)

<dependencies>
    <dependency>
        <groupId>io.github.cyfko</groupId>
        <artifactId>veridot-core</artifactId>
        <version>2.0.1</version>
    </dependency>
    <dependency>
        <groupId>io.github.cyfko</groupId>
        <artifactId>veridot-kafka</artifactId>
        <version>2.0.1</version>
    </dependency>
</dependencies>

Java (Gradle)

dependencies {
    implementation 'io.github.cyfko:veridot-core:2.0.1'
    implementation 'io.github.cyfko:veridot-kafka:2.0.1'
}

Node.js

npm install dverify
# or
yarn add dverify

Architecture Overview

graph TB
    A[Service A<br/>Signer] --> B[Metadata Broker<br/>Kafka/Database]
    B --> C[Service B<br/>Verifier]
    B --> D[Service C<br/>Verifier]
    
    A --> |1. Generate Keys| A
    A --> |2. Sign Token| E[Client]
    A --> |3. Publish Metadata| B
    E --> |4. Send Token| C
    C --> |5. Verify Token| C

How it Works

  1. Key Generation: Each service generates ephemeral RSA/ECDSA key pairs
  2. Token Signing: Services sign data with private keys and return tokens
  3. Metadata Distribution: Public keys are shared via brokers (Kafka/Database)
  4. Token Verification: Other services verify tokens using distributed public keys
  5. Key Rotation: Automatic rotation ensures forward security

Basic Example

Java

// Initialize with Kafka broker
Properties props = new Properties();
props.setProperty("bootstrap.servers", "localhost:9092");
props.setProperty("embedded.db.path", "./veridot-keys");

MetadataBroker broker = KafkaMetadataBrokerAdapter.of(props);
GenericSignerVerifier veridot = new GenericSignerVerifier(broker);

// Sign data
UserData data = new UserData("john.doe@example.com");
BasicConfigurer config = BasicConfigurer.builder()
    .useMode(TokenMode.jwt)
    .trackedBy(12345L)
    .validity(3600) // 1 hour
    .build();

String token = veridot.sign(data, config);

// Verify token (in another service)
UserData verified = veridot.verify(token, 
    BasicConfigurer.deserializer(UserData.class));

Node.js

import { DVerify } from 'dverify';

const dverify = new DVerify();

// Sign data
const { token } = await dverify.sign({
    userId: 123,
    role: 'admin'
}, 3600);

// Verify token
const result = await dverify.verify(token);
if (result.valid) {
    console.log('User:', result.data);
}

Prerequisites

For Java

  • Java 17 or higher
  • Maven 3.6+ or Gradle 7+
  • Kafka cluster (for distributed deployment)

For Node.js

  • Node.js 16 or higher
  • npm or yarn
  • Kafka cluster (for distributed deployment)

Next Steps