aboutsummaryrefslogtreecommitdiffstats
path: root/site/content
diff options
context:
space:
mode:
authorYigit Sever2021-04-16 13:56:45 +0300
committerYigit Sever2021-04-16 13:56:45 +0300
commit109ae1f771ec5e8a5a9510c3b09fad579dab5ed7 (patch)
treee5fc87e27e955ec2df1c5ee2a539433fc4d65054 /site/content
parentb7cd484a869600e181dd06522befbfd091a7a488 (diff)
downloadgradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.tar.gz
gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.tar.bz2
gradecoin-109ae1f771ec5e8a5a9510c3b09fad579dab5ed7.zip
Improve auth documentation
Diffstat (limited to 'site/content')
-rw-r--r--site/content/register_docs.md26
1 files changed, 15 insertions, 11 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
index 83aef7f..a387838 100644
--- a/site/content/register_docs.md
+++ b/site/content/register_docs.md
@@ -4,36 +4,40 @@ description = "Register Documentation"
4weight = 3 4weight = 3
5+++ 5+++
6 6
7POST request to /register endpoint 7POST request to `/register` endpoint
8 8
9Lets a user to authenticate themselves to the system. 9Lets a user to authenticate themselves to the system.
10Only people who are enrolled to the class can open Gradecoin accounts. 10Only people who are enrolled to the class can open Gradecoin accounts.
11This is enforced with your Student ID and a one time password you will receive. 11This is enforced with your Student ID and a one time password you will receive.
12 12
13# Authentication Process 13# Authentication Process
14- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page. 14
15- You pick a short temporary key (`k_temp`) 15> The bytes you are sending over the network are all Base64 Encoded
16- Create a JSON object (`auth_plaintext`) with your `metu_id` and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem) 16
17- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page. Download and load it it to your client.
18- Create a JSON object (`P_AR`) with your `metu_id` ("e"+`6 chars`) and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem)
17```json 19```json
18{ 20{
19 "student_id": "e12345", 21 "student_id": "e123456",
20 "passwd": "15 char secret", 22 "passwd": "15 char secret",
21 "public_key": "---BEGIN PUBLIC KEY..." 23 "public_key": "---BEGIN PUBLIC KEY..."
22} 24}
23``` 25```
24 26
25- Pick a random IV. 27- Pick a short temporary key (`k_temp`)
26- Encrypt the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext`. Encode this with base64. 28- Pick a random IV (`iv`).
27- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme 29- Encrypt the serialized string of `P_AR` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64.
28using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base 64. 30- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64.
31- Base64 encode the IV (`iv`) as well.
29- The payload JSON object (`auth_request`) can be serialized now: 32- The payload JSON object (`auth_request`) can be serialized now:
30 33
31```json 34```json
32{ 35{
33 "c": "auth_ciphertext", 36 "c": "C_AR",
34 "iv": "hexadecimal", 37 "iv": "iv",
35 "key": "key_ciphertext" 38 "key": "key_ciphertext"
36} 39}
37``` 40```
38 41
39If your authentication process was valid, you will be given access and your public key fingerprint that is your address. 42If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
43You can now sign JWTs to send authorized transaction requests.