1 files changed, 42 insertions, 0 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
new file mode 100644
index 0000000..45571fb
--- /dev/null
+++ b/site/content/register_docs.md
@@ -0,0 +1,42 @@
+++
+title = "Register"
+description = "Register Documentation"
+weight = 3
+++
+POST request to /register endpoint
+Lets a [`User`] (=student) to authenticate themselves to the system
+This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
+the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
+# Authentication Process
+- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
+- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here
+- Student picks a short temporary key (`k_temp`)
+- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
+{
+    student_id: "e12345",
+    passwd: "15 char secret"
+    public_key: "---BEGIN PUBLIC KEY..."
+}
+- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
+- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
+using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
+- The payload JSON object (`auth_request`) can be JSON serialized now:
+{
+    c: "auth_ciphertext"
+    key: "key_ciphertext"
+}
+## Gradecoin Side
+- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
+- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
+auth_plaintext
+- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
+- We then verify the payload and calculate the User fingerprint
+- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`

diff --git a/site/content/register_docs.md b/site/content/register_docs.md new file mode 100644 index 0000000..45571fb --- /dev/null +++ b/site/content/register_docs.md
@@ -0,0 +1,42 @@
	1	+++
	2	title = "Register"
	3	description = "Register Documentation"
	4	weight = 3
	5	+++
	6
	7	POST request to /register endpoint
	8	Lets a [`User`] (=student) to authenticate themselves to the system
	9	This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
	10	the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
	11
	12	# Authentication Process
	13	- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
	14	- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here
	15
	16	- Student picks a short temporary key (`k_temp`)
	17	- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
	18	{
	19	student_id: "e12345",
	20	passwd: "15 char secret"
	21	public_key: "---BEGIN PUBLIC KEY..."
	22	}
	23
	24	- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
	25	- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
	26	using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
	27	- The payload JSON object (`auth_request`) can be JSON serialized now:
	28	{
	29	c: "auth_ciphertext"
	30	key: "key_ciphertext"
	31	}
	32
	33	## Gradecoin Side
	34
	35	- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
	36	- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
	37	auth_plaintext
	38	- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
	39	- We then verify the payload and calculate the User fingerprint
	40	- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
	41
	42