aboutsummaryrefslogtreecommitdiffstats
path: root/site/public/register-docs
diff options
context:
space:
mode:
authorYigit Sever2021-04-19 18:21:06 +0300
committerYigit Sever2021-04-19 18:21:06 +0300
commitdf6fa5f322fc972b3894e720f2c406eb2d8f5f5a (patch)
tree4864006b54c512dea971d0c50efcacca65b12c6e /site/public/register-docs
parentd1b2e4bbd8f1ec5fe40c3d8c85ea4d13c8bfd755 (diff)
downloadgradecoin-df6fa5f322fc972b3894e720f2c406eb2d8f5f5a.tar.gz
gradecoin-df6fa5f322fc972b3894e720f2c406eb2d8f5f5a.tar.bz2
gradecoin-df6fa5f322fc972b3894e720f2c406eb2d8f5f5a.zip
Moving site to separate repo
Diffstat (limited to 'site/public/register-docs')
-rw-r--r--site/public/register-docs/index.html198
1 files changed, 0 insertions, 198 deletions
diff --git a/site/public/register-docs/index.html b/site/public/register-docs/index.html
deleted file mode 100644
index 53d86dd..0000000
--- a/site/public/register-docs/index.html
+++ /dev/null
@@ -1,198 +0,0 @@
1<!DOCTYPE html>
2<html lang="en">
3
4<head>
5 <meta charset="UTF-8">
6 <title>Register | Gradecoin </title>
7 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
8 <style>
9 :root {
10 /* Primary theme color */
11 --primary-color: #F8D12F;
12 /* Primary theme text color */
13 --primary-text-color: #1E2329;
14 /* Primary theme link color */
15 --primary-link-color: #2F57F7;
16 /* Secondary color: the background body color */
17 --secondary-color: #FAFAFA;
18 --secondary-text-color: #303030;
19 /* Highlight text color of table of content */
20 --toc-highlight-text-color: #d46e13;
21 }
22</style>
23
24 <link href="https://fonts.googleapis.com/css?family=Alfa+Slab+One&display=swap" rel="stylesheet">
25 <link href="https://fonts.googleapis.com/css?family=Fira+Sans:400,500,600&display=swap" rel="stylesheet">
26 <link rel="stylesheet" href="/normalize.css">
27 <link rel="stylesheet" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;juice.css">
28
29<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css" />
30<link rel="stylesheet" href="/site.css" />
31
32</head>
33
34<body>
35
36<header class="box-shadow">
37
38
39<a href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;">
40 <div class="logo">
41 <img src="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;gradecoin.png" alt="logo">
42 Gradecoin
43 </div>
44</a>
45
46<nav>
47
48 <a class="nav-item subtitle-text" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;register-docs&#x2F;">Register</a>
49
50 <a class="nav-item subtitle-text" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;jwt&#x2F;">JWT</a>
51
52 <a class="nav-item subtitle-text" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;transaction-docs&#x2F;">Transactions</a>
53
54 <a class="nav-item subtitle-text" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;block-docs&#x2F;">Blocks</a>
55
56 <a class="nav-item subtitle-text" href="https:&#x2F;&#x2F;gradecoin.xyz&#x2F;misc-docs&#x2F;">Misc</a>
57
58
59
60 <a class="nav-item subtitle-text" href="https:&#x2F;&#x2F;github.com&#x2F;zhuowei&#x2F;nft_ptr#why">why?</a>
61
62
63</nav>
64
65</header>
66
67
68 <main>
69
70
71
72
73
74 <div class="toc">
75 <div class="toc-sticky">
76
77 <div class="toc-item">
78 <a class="subtext" href="https://gradecoin.xyz/register-docs/#authentication-process">Authentication Process</a>
79 </div>
80
81
82 <div class="toc-item-child">
83 <a class="subtext" href="https://gradecoin.xyz/register-docs/#cipher-initialization"><small>- Cipher Initialization</small></a>
84 </div>
85
86 <div class="toc-item-child">
87 <a class="subtext" href="https://gradecoin.xyz/register-docs/#encryption"><small>- Encryption</small></a>
88 </div>
89
90
91
92 </div>
93 </div>
94
95
96
97 <div class="content text">
98
99<div class="heading-text">Register Documentation</div>
100<p>POST request to <code>/register</code> endpoint</p>
101<p>Lets a user to authenticate themselves to the system.
102Only people who are enrolled to the class can open Gradecoin accounts.
103This is enforced with your Student ID (e123456) and a one time password you will receive.</p>
104<h1 id="authentication-process">Authentication Process</h1>
105<blockquote>
106<p>The bytes you are sending over the network are all Base64 Encoded</p>
107</blockquote>
108<ul>
109<li>Gradecoin's Public Key (<code>gradecoin_public_key</code>) is listed on our Moodle page and <a href="/gradecoin.pub">here</a>. Download and load it it to your client.</li>
110<li>Create a JSON object (<code>P_AR</code>) with your <code>metu_id</code> (&quot;e&quot;+<code>6 chars</code>) and <code>public key</code> in base64 (PEM) format (<code>S_PK</code>) <a href="https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem">reference</a></li>
111</ul>
112<pre style="background-color:#ffffff;">
113<code class="language-json" data-lang="json"><span style="color:#545052;">{
114 &quot;</span><span style="color:#009854;">student_id</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">e123456</span><span style="color:#545052;">&quot;,
115 &quot;</span><span style="color:#009854;">passwd</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">15 char secret</span><span style="color:#545052;">&quot;,
116 &quot;</span><span style="color:#009854;">public_key</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">---BEGIN PUBLIC KEY...</span><span style="color:#545052;">&quot;
117}
118</span></code></pre><h2 id="cipher-initialization">Cipher Initialization</h2>
119<blockquote>
120<p>Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)</p>
121</blockquote>
122<ul>
123<li>Pick a short temporary key (<code>k_temp</code>)</li>
124<li>Pick a random IV <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)">1</a> <a href="https://en.wikipedia.org/wiki/Initialization_vector">2</a> (<code>iv</code>).</li>
125</ul>
126<h2 id="encryption">Encryption</h2>
127<ul>
128<li>Encrypt the serialized string of <code>P_AR</code> with 128 bit block <a href="https://en.wikipedia.org/wiki/Initialization_vector">AES</a> in <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC">CBC</a> mode with <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding">Pkcs7 padding</a> using the temporary key (<code>k_temp</code>), the result is <code>C_AR</code>. Encode this with base64.</li>
129<li>The temporary key you have picked <code>k_temp</code> is encrypted using RSA with <a href="https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding">OAEP</a> padding scheme using SHA-256 with <code>gradecoin_public_key</code>, giving us <code>key_ciphertext</code>. Encode this with base64.</li>
130<li>Base64 encode the IV (<code>iv</code>) as well.</li>
131</ul>
132<blockquote class="tidbit">
133 <p>
134 The available tools and libraries might warn you about how using the primitives given above are &quot;hazardous&quot;. They are, crypto is hard.
135 </p>
136</blockquote>
137<ul>
138<li>The payload JSON object (<code>auth_request</code>) can be serialized now:</li>
139</ul>
140<pre style="background-color:#ffffff;">
141<code class="language-json" data-lang="json"><span style="color:#545052;">{
142 &quot;</span><span style="color:#009854;">c</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">C_AR</span><span style="color:#545052;">&quot;,
143 &quot;</span><span style="color:#009854;">iv</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">iv</span><span style="color:#545052;">&quot;,
144 &quot;</span><span style="color:#009854;">key</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">key_ciphertext</span><span style="color:#545052;">&quot;
145}
146</span></code></pre>
147<p>If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
148You can now sign <a href="https://gradecoin.xyz/jwt/">JWTs</a> to send authorized transaction requests.</p>
149
150
151 </div>
152
153
154
155 </main>
156
157
158<footer>
159Built For ⁂ CENG489 ⁂ Introduction to Computer Security
160</footer>
161
162</body>
163<script>
164 function highlightNav(heading) {
165 let pathname = location.pathname;
166 document.querySelectorAll(".toc a").forEach((item) => {
167 item.classList.remove("active");
168 });
169 document.querySelector(".toc a[href$='" + pathname + "#" + heading + "']").classList.add("active");
170 }
171
172 let currentHeading = "";
173 window.onscroll = function () {
174 let h = document.querySelectorAll("h1,h2,h3,h4,h5,h6");
175 let elementArr = [];
176
177 h.forEach(item => {
178 if (item.id !== "") {
179 elementArr[item.id] = item.getBoundingClientRect().top;
180 }
181 });
182 elementArr.sort();
183 for (let key in elementArr) {
184 if (!elementArr.hasOwnProperty(key)) {
185 continue;
186 }
187 if (elementArr[key] > 0 && elementArr[key] < 300) {
188 if (currentHeading !== key) {
189 highlightNav(key);
190 currentHeading = key;
191 }
192 break;
193 }
194 }
195 }
196</script>
197
198</html>