aboutsummaryrefslogtreecommitdiffstats
path: root/site/content
diff options
context:
space:
mode:
authoralpaylan2021-04-16 15:31:48 +0300
committeralpaylan2021-04-16 15:31:48 +0300
commitd9bd31d24d248e0923d08ac02252ec5c0b77a50c (patch)
tree34033b88f5979411cbec5c410030786ad5a78968 /site/content
parent10e424b775bcf60c91710486b292fc91dba4fcc9 (diff)
parent20609a19fdb7fb1a81db77233858cf229b57465c (diff)
downloadgradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.tar.gz
gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.tar.bz2
gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.zip
Merge remote-tracking branch 'origin/main'
# Conflicts: # site/public/search_index.en.js
Diffstat (limited to 'site/content')
-rw-r--r--site/content/register_docs.md21
1 files changed, 16 insertions, 5 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
index a387838..523ed57 100644
--- a/site/content/register_docs.md
+++ b/site/content/register_docs.md
@@ -8,7 +8,7 @@ POST request to `/register` endpoint
8 8
9Lets a user to authenticate themselves to the system. 9Lets a user to authenticate themselves to the system.
10Only people who are enrolled to the class can open Gradecoin accounts. 10Only people who are enrolled to the class can open Gradecoin accounts.
11This is enforced with your Student ID and a one time password you will receive. 11This is enforced with your Student ID (e123456) and a one time password you will receive.
12 12
13# Authentication Process 13# Authentication Process
14 14
@@ -24,11 +24,22 @@ This is enforced with your Student ID and a one time password you will receive.
24} 24}
25``` 25```
26 26
27## Cipher Initialization
28
29> Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)
30
27- Pick a short temporary key (`k_temp`) 31- Pick a short temporary key (`k_temp`)
28- Pick a random IV (`iv`). 32- Pick a random IV [1](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)) [2](https://en.wikipedia.org/wiki/Initialization_vector) (`iv`).
29- Encrypt the serialized string of `P_AR` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64. 33
30- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64. 34## Encryption
35- Encrypt the serialized string of `P_AR` with 128 bit block [AES](https://en.wikipedia.org/wiki/Initialization_vector) in [CBC](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC) mode with [Pkcs7 padding](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding) using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64.
36- The temporary key you have picked `k_temp` is encrypted using RSA with [OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding) padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64.
31- Base64 encode the IV (`iv`) as well. 37- Base64 encode the IV (`iv`) as well.
38
39{% tidbit() %}
40The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard.
41{% end %}
42
32- The payload JSON object (`auth_request`) can be serialized now: 43- The payload JSON object (`auth_request`) can be serialized now:
33 44
34```json 45```json
@@ -40,4 +51,4 @@ This is enforced with your Student ID and a one time password you will receive.
40``` 51```
41 52
42If your authentication process was valid, you will be given access and your public key fingerprint that is your address. 53If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
43You can now sign JWTs to send authorized transaction requests. 54You can now sign [JWTs](@/JWT.md) to send authorized transaction requests.