diff options
| author | Yigit Sever | 2021-04-19 18:21:06 +0300 |
|---|---|---|
| committer | Yigit Sever | 2021-04-19 18:21:06 +0300 |
| commit | df6fa5f322fc972b3894e720f2c406eb2d8f5f5a (patch) | |
| tree | 4864006b54c512dea971d0c50efcacca65b12c6e /site/content/register_docs.md | |
| parent | d1b2e4bbd8f1ec5fe40c3d8c85ea4d13c8bfd755 (diff) | |
| download | gradecoin-df6fa5f322fc972b3894e720f2c406eb2d8f5f5a.tar.gz gradecoin-df6fa5f322fc972b3894e720f2c406eb2d8f5f5a.tar.bz2 gradecoin-df6fa5f322fc972b3894e720f2c406eb2d8f5f5a.zip | |
Moving site to separate repo
Diffstat (limited to 'site/content/register_docs.md')
| -rw-r--r-- | site/content/register_docs.md | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md deleted file mode 100644 index 974fe37..0000000 --- a/site/content/register_docs.md +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | +++ | ||
| 2 | title = "Register" | ||
| 3 | description = "Register Documentation" | ||
| 4 | weight = 3 | ||
| 5 | +++ | ||
| 6 | |||
| 7 | POST request to `/register` endpoint | ||
| 8 | |||
| 9 | Lets a user to authenticate themselves to the system. | ||
| 10 | Only people who are enrolled to the class can open Gradecoin accounts. | ||
| 11 | This is enforced with your Student ID (e123456) and a one time password you will receive. | ||
| 12 | |||
| 13 | # Authentication Process | ||
| 14 | |||
| 15 | > The bytes you are sending over the network are all Base64 Encoded | ||
| 16 | |||
| 17 | - Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page and [here](/gradecoin.pub). Download and load it it to your client. | ||
| 18 | - Create a JSON object (`P_AR`) with your `metu_id` ("e"+`6 chars`) and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem) | ||
| 19 | ```json | ||
| 20 | { | ||
| 21 | "student_id": "e123456", | ||
| 22 | "passwd": "15 char secret", | ||
| 23 | "public_key": "---BEGIN PUBLIC KEY..." | ||
| 24 | } | ||
| 25 | ``` | ||
| 26 | |||
| 27 | ## Cipher Initialization | ||
| 28 | |||
| 29 | > Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters) | ||
| 30 | |||
| 31 | - Pick a short temporary key (`k_temp`) | ||
| 32 | - Pick a random IV [1](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)) [2](https://en.wikipedia.org/wiki/Initialization_vector) (`iv`). | ||
| 33 | |||
| 34 | ## Encryption | ||
| 35 | - Encrypt the serialized string of `P_AR` with 128 bit block [AES](https://en.wikipedia.org/wiki/Initialization_vector) in [CBC](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC) mode with [Pkcs7 padding](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding) using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64. | ||
| 36 | - The temporary key you have picked `k_temp` is encrypted using RSA with [OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding) padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64. | ||
| 37 | - Base64 encode the IV (`iv`) as well. | ||
| 38 | |||
| 39 | {% tidbit() %} | ||
| 40 | The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard. | ||
| 41 | {% end %} | ||
| 42 | |||
| 43 | - The payload JSON object (`auth_request`) can be serialized now: | ||
| 44 | |||
| 45 | ```json | ||
| 46 | { | ||
| 47 | "c": "C_AR", | ||
| 48 | "iv": "iv", | ||
| 49 | "key": "key_ciphertext" | ||
| 50 | } | ||
| 51 | ``` | ||
| 52 | |||
| 53 | If your authentication process was valid, you will be given access and your public key fingerprint that is your address. | ||
| 54 | You can now sign [JWTs](@/JWT.md) to send authorized transaction requests. | ||