HashTransit v0.2.0-beta — some security bug fixes

Enhance OpenSSL command for self-signed cert

Updated OpenSSL command to include SHA256 and subject alternative names.

HashTransit v0.1.0-beta — initial public release

Overview

First public beta release of HashTransit – a lightweight C++ library that adds
HMAC-based authentication, replay protection and optional AEAD encryption on top
of HTTP/HTTPS for machine-to-machine (M2M) communication.

This release is intended for internal use, PoCs and early adopters.

Features in v0.1.0-beta

• Three security modes

  • Mode A: HTTP + HMAC (auth + integrity + anti-replay, plaintext body)
  • Mode B: HTTP + HMAC + AEAD (AES-256-GCM / ChaCha20-Poly1305 over the body)
  • Mode C: HTTPS (TLS) + HMAC (defense-in-depth for public APIs)

• Security model

  • HMAC-SHA256 signatures over a canonical request string
  • Per-request nonces and timestamp window for replay protection
  • Request-level confidentiality in Mode B (AEAD over HTTP body)
  • Multi-layer rate limiting (per IP + per key)

• Key management

  • File-based PSK backend (key_id -> 256-bit PSK)
  • Redis-based PSK backend with connection pool and in-memory cache

• Components

  • libht_server.a – server-side library (ht/)
  • libht_client.a – client-side library (ht_cl/)
  • Sample applications:
    • ht_server_basic – demo HTTP/HTTPS server
    • ht_client_cli – CLI client with benchmark mode

• Operational features

  • Canonical logging with redacted secrets
  • Basic error mapping (401/429/404/500)
  • Simple benchmark mode to measure RPS and latency

Status

• Protocol and APIs are beta and may still change before v1.0.0.
• Suitable for:
  • internal integration,
  • PoC deployments,
  • early feedback and security review.