diff options
author | Yigit Sever | 2021-04-16 15:30:59 +0300 |
---|---|---|
committer | Yigit Sever | 2021-04-16 15:30:59 +0300 |
commit | 20609a19fdb7fb1a81db77233858cf229b57465c (patch) | |
tree | 7a02e1109f83bad6ad1c400c27b4dd682b884d81 /site/content | |
parent | d7296597158f46fcaff0094f2b28e8bad9752909 (diff) | |
download | gradecoin-20609a19fdb7fb1a81db77233858cf229b57465c.tar.gz gradecoin-20609a19fdb7fb1a81db77233858cf229b57465c.tar.bz2 gradecoin-20609a19fdb7fb1a81db77233858cf229b57465c.zip |
Improve register documentation
Diffstat (limited to 'site/content')
-rw-r--r-- | site/content/register_docs.md | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md index a387838..523ed57 100644 --- a/site/content/register_docs.md +++ b/site/content/register_docs.md | |||
@@ -8,7 +8,7 @@ POST request to `/register` endpoint | |||
8 | 8 | ||
9 | Lets a user to authenticate themselves to the system. | 9 | Lets a user to authenticate themselves to the system. |
10 | Only people who are enrolled to the class can open Gradecoin accounts. | 10 | Only people who are enrolled to the class can open Gradecoin accounts. |
11 | This is enforced with your Student ID and a one time password you will receive. | 11 | This is enforced with your Student ID (e123456) and a one time password you will receive. |
12 | 12 | ||
13 | # Authentication Process | 13 | # Authentication Process |
14 | 14 | ||
@@ -24,11 +24,22 @@ This is enforced with your Student ID and a one time password you will receive. | |||
24 | } | 24 | } |
25 | ``` | 25 | ``` |
26 | 26 | ||
27 | ## Cipher Initialization | ||
28 | |||
29 | > Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters) | ||
30 | |||
27 | - Pick a short temporary key (`k_temp`) | 31 | - Pick a short temporary key (`k_temp`) |
28 | - Pick a random IV (`iv`). | 32 | - Pick a random IV [1](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)) [2](https://en.wikipedia.org/wiki/Initialization_vector) (`iv`). |
29 | - Encrypt the serialized string of `P_AR` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64. | 33 | |
30 | - The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64. | 34 | ## Encryption |
35 | - Encrypt the serialized string of `P_AR` with 128 bit block [AES](https://en.wikipedia.org/wiki/Initialization_vector) in [CBC](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC) mode with [Pkcs7 padding](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding) using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64. | ||
36 | - The temporary key you have picked `k_temp` is encrypted using RSA with [OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding) padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64. | ||
31 | - Base64 encode the IV (`iv`) as well. | 37 | - Base64 encode the IV (`iv`) as well. |
38 | |||
39 | {% tidbit() %} | ||
40 | The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard. | ||
41 | {% end %} | ||
42 | |||
32 | - The payload JSON object (`auth_request`) can be serialized now: | 43 | - The payload JSON object (`auth_request`) can be serialized now: |
33 | 44 | ||
34 | ```json | 45 | ```json |
@@ -40,4 +51,4 @@ This is enforced with your Student ID and a one time password you will receive. | |||
40 | ``` | 51 | ``` |
41 | 52 | ||
42 | If your authentication process was valid, you will be given access and your public key fingerprint that is your address. | 53 | If your authentication process was valid, you will be given access and your public key fingerprint that is your address. |
43 | You can now sign JWTs to send authorized transaction requests. | 54 | You can now sign [JWTs](@/JWT.md) to send authorized transaction requests. |