Merge remote-tracking branch 'origin/main'

# Conflicts: # site/public/search_index.en.js
author: alpaylan 2021-04-16 15:31:48 +0300
committer: alpaylan 2021-04-16 15:31:48 +0300
commit: d9bd31d24d248e0923d08ac02252ec5c0b77a50c (patch)
tree: 34033b88f5979411cbec5c410030786ad5a78968 /site/public/register-docs
parent: 10e424b775bcf60c91710486b292fc91dba4fcc9 (diff)
parent: 20609a19fdb7fb1a81db77233858cf229b57465c (diff)
download: gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.tar.gz
gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.tar.bz2
gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.zip
1 files changed, 30 insertions, 6 deletions
diff --git a/site/public/register-docs/index.html b/site/public/register-docs/index.html
index 810f4ec..9d9c91d 100644
--- a/site/public/register-docs/index.html
+++ b/site/public/register-docs/index.html
@@ -27,6 +27,7 @@
    <link rel="stylesheet" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;juice.css">
    
 <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css" />
+<link rel="stylesheet" href="/site.css" />
 </head>
@@ -76,6 +77,16 @@
                </div>
                
                
+                <div class="toc-item-child">
+                    <a class="subtext" href="https://gradecoin.xyz/register-docs/#cipher-initialization"><small>- Cipher Initialization</small></a>
+                </div>
+                
+                <div class="toc-item-child">
+                    <a class="subtext" href="https://gradecoin.xyz/register-docs/#encryption"><small>- Encryption</small></a>
+                </div>
+                
+                
+                
            </div>
        </div>
        
@@ -87,7 +98,7 @@
 <p>POST request to <code>/register</code> endpoint</p>
 <p>Lets a user to authenticate themselves to the system.
 Only people who are enrolled to the class can open Gradecoin accounts.
-This is enforced with your Student ID and a one time password you will receive.</p>
+This is enforced with your Student ID (e123456) and a one time password you will receive.</p>
 <h1 id="authentication-process">Authentication Process</h1>
 <blockquote>
 <p>The bytes you are sending over the network are all Base64 Encoded</p>
@@ -102,13 +113,26 @@ This is enforced with your Student ID and a one time password you will receive.<
    &quot;</span><span style="color:#009854;">passwd</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">15 char secret</span><span style="color:#545052;">&quot;,
    &quot;</span><span style="color:#009854;">public_key</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">---BEGIN PUBLIC KEY...</span><span style="color:#545052;">&quot;
 }
-</span></code></pre>
+</span></code></pre><h2 id="cipher-initialization">Cipher Initialization</h2>
+<blockquote>
+<p>Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)</p>
+</blockquote>
 <ul>
 <li>Pick a short temporary key (<code>k_temp</code>)</li>
-<li>Pick a random IV (<code>iv</code>).</li>
+<li>Pick a random IV <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)">1</a> <a href="https://en.wikipedia.org/wiki/Initialization_vector">2</a> (<code>iv</code>).</li>
-<li>Encrypt the serialized string of <code>P_AR</code> with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (<code>k_temp</code>), the result is <code>C_AR</code>. Encode this with base64.</li>
+</ul>
-<li>The temporary key you have picked <code>k_temp</code> is encrypted using RSA with OAEP padding scheme using SHA-256 with <code>gradecoin_public_key</code>, giving us <code>key_ciphertext</code>. Encode this with base64.</li>
+<h2 id="encryption">Encryption</h2>
+<ul>
+<li>Encrypt the serialized string of <code>P_AR</code> with 128 bit block <a href="https://en.wikipedia.org/wiki/Initialization_vector">AES</a> in <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC">CBC</a> mode with <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding">Pkcs7 padding</a> using the temporary key (<code>k_temp</code>), the result is <code>C_AR</code>. Encode this with base64.</li>
+<li>The temporary key you have picked <code>k_temp</code> is encrypted using RSA with <a href="https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding">OAEP</a> padding scheme using SHA-256 with <code>gradecoin_public_key</code>, giving us <code>key_ciphertext</code>. Encode this with base64.</li>
 <li>Base64 encode the IV (<code>iv</code>) as well.</li>
+</ul>
+<blockquote class="tidbit">
+    <p>
+    The available tools and libraries might warn you about how using the primitives given above are &quot;hazardous&quot;. They are, crypto is hard.
+    </p>
+</blockquote>
+<ul>
 <li>The payload JSON object (<code>auth_request</code>) can be serialized now:</li>
 </ul>
 <pre style="background-color:#ffffff;">
@@ -119,7 +143,7 @@ This is enforced with your Student ID and a one time password you will receive.<
 }
 </span></code></pre>
 <p>If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
-You can now sign JWTs to send authorized transaction requests.</p>
+You can now sign <a href="https://gradecoin.xyz/jwt/">JWTs</a> to send authorized transaction requests.</p>
        </div>
author	alpaylan	2021-04-16 15:31:48 +0300
committer	alpaylan	2021-04-16 15:31:48 +0300
commit	d9bd31d24d248e0923d08ac02252ec5c0b77a50c (patch)
tree	34033b88f5979411cbec5c410030786ad5a78968 /site/public/register-docs
parent	10e424b775bcf60c91710486b292fc91dba4fcc9 (diff)
parent	20609a19fdb7fb1a81db77233858cf229b57465c (diff)
download	gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.tar.gz gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.tar.bz2 gradecoin-d9bd31d24d248e0923d08ac02252ec5c0b77a50c.zip