Improve auth documentation

author: Yigit Sever 2021-04-16 13:56:45 +0300
committer: Yigit Sever 2021-04-16 13:56:45 +0300
commit: 109ae1f771ec5e8a5a9510c3b09fad579dab5ed7 (patch)
tree: e5fc87e27e955ec2df1c5ee2a539433fc4d65054 /site/content/register_docs.md
parent: b7cd484a869600e181dd06522befbfd091a7a488 (diff)
download: gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.tar.gz
gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.tar.bz2
gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.zip
1 files changed, 15 insertions, 11 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
index 83aef7f..a387838 100644
--- a/site/content/register_docs.md
+++ b/site/content/register_docs.md
@@ -4,36 +4,40 @@ description = "Register Documentation"
 weight = 3
 +++
-POST request to /register endpoint
+POST request to `/register` endpoint
 Lets a user to authenticate themselves to the system.
 Only people who are enrolled to the class can open Gradecoin accounts.
 This is enforced with your Student ID and a one time password you will receive.
 # Authentication Process
- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page.
- You pick a short temporary key (`k_temp`)
+> The bytes you are sending over the network are all Base64 Encoded
- Create a JSON object (`auth_plaintext`) with your `metu_id` and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem)
+- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page. Download and load it it to your client.
+- Create a JSON object (`P_AR`) with your `metu_id` ("e"+`6 chars`) and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem)
 ```json
 {
-    "student_id": "e12345",
+    "student_id": "e123456",
    "passwd": "15 char secret",
    "public_key": "---BEGIN PUBLIC KEY..."
 }
 ```
- Pick a random IV.
+- Pick a short temporary key (`k_temp`)
- Encrypt the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext`. Encode this with base64.
+- Pick a random IV (`iv`).
- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme
+- Encrypt the serialized string of `P_AR` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64.
-using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base 64.
+- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64.
+- Base64 encode the IV (`iv`) as well.
 - The payload JSON object (`auth_request`) can be serialized now:
 ```json
 {
-    "c": "auth_ciphertext",
+    "c": "C_AR",
-    "iv": "hexadecimal",
+    "iv": "iv",
    "key": "key_ciphertext"
 }
 ```
 If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
+You can now sign JWTs to send authorized transaction requests.
author	Yigit Sever	2021-04-16 13:56:45 +0300
committer	Yigit Sever	2021-04-16 13:56:45 +0300
commit	109ae1f771ec5e8a5a9510c3b09fad579dab5ed7 (patch)
tree	e5fc87e27e955ec2df1c5ee2a539433fc4d65054 /site/content/register_docs.md
parent	b7cd484a869600e181dd06522befbfd091a7a488 (diff)
download	gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.tar.gz gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.tar.bz2 gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.zip

diff --git a/site/content/register_docs.md b/site/content/register_docs.md index 83aef7f..a387838 100644 --- a/site/content/register_docs.md +++ b/site/content/register_docs.md
@@ -4,36 +4,40 @@ description = "Register Documentation"
4	weight = 3	4	weight = 3
5	+++	5	+++
6		6
7	POST request to /register endpoint	7	POST request to `/register` endpoint
8		8
9	Lets a user to authenticate themselves to the system.	9	Lets a user to authenticate themselves to the system.
10	Only people who are enrolled to the class can open Gradecoin accounts.	10	Only people who are enrolled to the class can open Gradecoin accounts.
11	This is enforced with your Student ID and a one time password you will receive.	11	This is enforced with your Student ID and a one time password you will receive.
12		12
13	# Authentication Process	13	# Authentication Process
14	- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page.	14
15	- You pick a short temporary key (`k_temp`)	15	> The bytes you are sending over the network are all Base64 Encoded
16	- Create a JSON object (`auth_plaintext`) with your `metu_id` and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem)	16
		17	- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page. Download and load it it to your client.
		18	- Create a JSON object (`P_AR`) with your `metu_id` ("e"+`6 chars`) and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem)
17	```json	19	```json
18	{	20	{
19	"student_id": "e12345",	21	"student_id": "e123456",
20	"passwd": "15 char secret",	22	"passwd": "15 char secret",
21	"public_key": "---BEGIN PUBLIC KEY..."	23	"public_key": "---BEGIN PUBLIC KEY..."
22	}	24	}
23	```	25	```
24		26
25	- Pick a random IV.	27	- Pick a short temporary key (`k_temp`)
26	- Encrypt the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext`. Encode this with base64.	28	- Pick a random IV (`iv`).
27	- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme	29	- Encrypt the serialized string of `P_AR` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64.
28	using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base 64.	30	- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64.
		31	- Base64 encode the IV (`iv`) as well.
29	- The payload JSON object (`auth_request`) can be serialized now:	32	- The payload JSON object (`auth_request`) can be serialized now:
30		33
31	```json	34	```json
32	{	35	{
33	"c": "auth_ciphertext",	36	"c": "C_AR",
34	"iv": "hexadecimal",	37	"iv": "iv",
35	"key": "key_ciphertext"	38	"key": "key_ciphertext"
36	}	39	}
37	```	40	```
38		41
39	If your authentication process was valid, you will be given access and your public key fingerprint that is your address.	42	If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
		43	You can now sign JWTs to send authorized transaction requests.