aboutsummaryrefslogtreecommitdiffstats
path: root/site/content/register_docs.md
diff options
context:
space:
mode:
authorYigit Sever2021-04-16 15:30:59 +0300
committerYigit Sever2021-04-16 15:30:59 +0300
commit0f67c6c79325078ad71f666915c065d15d417814 (patch)
treefc6c453e11cc5a599d98e61abc2fb9abfe078b17 /site/content/register_docs.md
parenta59cfa83f5a45564548ce553a524c448f818f4e3 (diff)
downloadgradecoin-0f67c6c79325078ad71f666915c065d15d417814.tar.gz
gradecoin-0f67c6c79325078ad71f666915c065d15d417814.tar.bz2
gradecoin-0f67c6c79325078ad71f666915c065d15d417814.zip
Improve register documentation
Diffstat (limited to 'site/content/register_docs.md')
-rw-r--r--site/content/register_docs.md21
1 files changed, 16 insertions, 5 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
index a387838..523ed57 100644
--- a/site/content/register_docs.md
+++ b/site/content/register_docs.md
@@ -8,7 +8,7 @@ POST request to `/register` endpoint
8 8
9Lets a user to authenticate themselves to the system. 9Lets a user to authenticate themselves to the system.
10Only people who are enrolled to the class can open Gradecoin accounts. 10Only people who are enrolled to the class can open Gradecoin accounts.
11This is enforced with your Student ID and a one time password you will receive. 11This is enforced with your Student ID (e123456) and a one time password you will receive.
12 12
13# Authentication Process 13# Authentication Process
14 14
@@ -24,11 +24,22 @@ This is enforced with your Student ID and a one time password you will receive.
24} 24}
25``` 25```
26 26
27## Cipher Initialization
28
29> Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)
30
27- Pick a short temporary key (`k_temp`) 31- Pick a short temporary key (`k_temp`)
28- Pick a random IV (`iv`). 32- Pick a random IV [1](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)) [2](https://en.wikipedia.org/wiki/Initialization_vector) (`iv`).
29- Encrypt the serialized string of `P_AR` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64. 33
30- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64. 34## Encryption
35- Encrypt the serialized string of `P_AR` with 128 bit block [AES](https://en.wikipedia.org/wiki/Initialization_vector) in [CBC](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC) mode with [Pkcs7 padding](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding) using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64.
36- The temporary key you have picked `k_temp` is encrypted using RSA with [OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding) padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64.
31- Base64 encode the IV (`iv`) as well. 37- Base64 encode the IV (`iv`) as well.
38
39{% tidbit() %}
40The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard.
41{% end %}
42
32- The payload JSON object (`auth_request`) can be serialized now: 43- The payload JSON object (`auth_request`) can be serialized now:
33 44
34```json 45```json
@@ -40,4 +51,4 @@ This is enforced with your Student ID and a one time password you will receive.
40``` 51```
41 52
42If your authentication process was valid, you will be given access and your public key fingerprint that is your address. 53If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
43You can now sign JWTs to send authorized transaction requests. 54You can now sign [JWTs](@/JWT.md) to send authorized transaction requests.