diff options
Diffstat (limited to 'site/public/register-docs/index.html')
-rw-r--r-- | site/public/register-docs/index.html | 75 |
1 files changed, 27 insertions, 48 deletions
diff --git a/site/public/register-docs/index.html b/site/public/register-docs/index.html index e3170f9..9a9b0c0 100644 --- a/site/public/register-docs/index.html +++ b/site/public/register-docs/index.html | |||
@@ -75,12 +75,6 @@ | |||
75 | </div> | 75 | </div> |
76 | 76 | ||
77 | 77 | ||
78 | <div class="toc-item-child"> | ||
79 | <a class="subtext" href="https://gradecoin.xyz/register-docs/#gradecoin-side"><small>- Gradecoin Side</small></a> | ||
80 | </div> | ||
81 | |||
82 | |||
83 | |||
84 | </div> | 78 | </div> |
85 | </div> | 79 | </div> |
86 | 80 | ||
@@ -89,53 +83,38 @@ | |||
89 | <div class="content text"> | 83 | <div class="content text"> |
90 | 84 | ||
91 | <div class="heading-text">Register Documentation</div> | 85 | <div class="heading-text">Register Documentation</div> |
92 | <p>POST request to /register endpoint | 86 | <p>POST request to /register endpoint</p> |
93 | Lets a [<code>User</code>] (=student) to authenticate themselves to the system | 87 | <p>Lets a user to authenticate themselves to the system. |
94 | This <code>request</code> can be rejected if the payload is malformed (=not authenticated properly) or if | 88 | Only people who are enrolled to the class can open Gradecoin accounts. |
95 | the [<code>AuthRequest.user_id</code>] of the <code>request</code> is not in the list of users that can hold a Gradecoin account</p> | 89 | This is enforced with your Student ID and a one time password you will receive.</p> |
96 | <h1 id="authentication-process">Authentication Process</h1> | 90 | <h1 id="authentication-process">Authentication Process</h1> |
97 | <ul> | 91 | <ul> |
98 | <li> | 92 | <li>Gradecoin's Public Key (<code>gradecoin_public_key</code>) is listed on our Moodle page.</li> |
99 | <p>Gradecoin's Public Key (<code>gradecoin_public_key</code>) is listed on moodle.</p> | 93 | <li>You pick a short temporary key (<code>k_temp</code>)</li> |
100 | </li> | 94 | <li>Create a JSON object (<code>auth_plaintext</code>) with your <code>metu_id</code> and <code>public key</code> in base64 (PEM) format (<code>S_PK</code>) <a href="https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem">reference</a></li> |
101 | <li> | ||
102 | <p>Gradecoin's Private Key (<code>gradecoin_private_key</code>) is loaded here</p> | ||
103 | </li> | ||
104 | <li> | ||
105 | <p>Student picks a short temporary key (<code>k_temp</code>)</p> | ||
106 | </li> | ||
107 | <li> | ||
108 | <p>Creates a JSON object (<code>auth_plaintext</code>) with their <code>metu_id</code> and <code>public key</code> in base64 (PEM) format (<code>S_PK</code>): | ||
109 | { | ||
110 | student_id: "e12345", | ||
111 | passwd: "15 char secret" | ||
112 | public_key: "---BEGIN PUBLIC KEY..." | ||
113 | }</p> | ||
114 | </li> | ||
115 | <li> | ||
116 | <p>Encrypts the serialized string of <code>auth_plaintext</code> with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (<code>k_temp</code>), the result is <code>auth_ciphertext</code> TODO should this be base64'd?</p> | ||
117 | </li> | ||
118 | <li> | ||
119 | <p>The temporary key student has picked <code>k_temp</code> is encrypted using RSA with OAEP padding scheme | ||
120 | using sha256 with <code>gradecoin_public_key</code> (TODO base64? same as above), giving us <code>key_ciphertext</code></p> | ||
121 | </li> | ||
122 | <li> | ||
123 | <p>The payload JSON object (<code>auth_request</code>) can be JSON serialized now: | ||
124 | { | ||
125 | c: "auth_ciphertext" | ||
126 | key: "key_ciphertext" | ||
127 | }</p> | ||
128 | </li> | ||
129 | </ul> | 95 | </ul> |
130 | <h2 id="gradecoin-side">Gradecoin Side</h2> | 96 | <pre style="background-color:#ffffff;"> |
97 | <code class="language-json" data-lang="json"><span style="color:#545052;">{ | ||
98 | "</span><span style="color:#009854;">student_id</span><span style="color:#545052;">": "</span><span style="color:#009854;">e12345</span><span style="color:#545052;">", | ||
99 | "</span><span style="color:#009854;">passwd</span><span style="color:#545052;">": "</span><span style="color:#009854;">15 char secret</span><span style="color:#545052;">", | ||
100 | "</span><span style="color:#009854;">public_key</span><span style="color:#545052;">": "</span><span style="color:#009854;">---BEGIN PUBLIC KEY...</span><span style="color:#545052;">" | ||
101 | } | ||
102 | </span></code></pre> | ||
131 | <ul> | 103 | <ul> |
132 | <li>Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with <code>gradecoin_private_key</code> as the key and auth_request.key <code>key</code> as the ciphertext, receiving <code>temp_key</code> (this is the temporary key chosen by stu</li> | 104 | <li>Pick a random IV.</li> |
133 | <li>With <code>temp_key</code>, we can AES 128 Cbc Pkcs7 decrypt the <code>auth_request.c</code>, giving us | 105 | <li>Encrypt the serialized string of <code>auth_plaintext</code> with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (<code>k_temp</code>), the result is <code>auth_ciphertext</code>. Encode this with base64.</li> |
134 | auth_plaintext</li> | 106 | <li>The temporary key you have picked <code>k_temp</code> is encrypted using RSA with OAEP padding scheme |
135 | <li>The <code>auth_plaintext</code> String can be deserialized to [<code>AuthRequest</code>]</li> | 107 | using SHA-256 with <code>gradecoin_public_key</code>, giving us <code>key_ciphertext</code>. Encode this with base 64.</li> |
136 | <li>We then verify the payload and calculate the User fingerprint</li> | 108 | <li>The payload JSON object (<code>auth_request</code>) can be serialized now:</li> |
137 | <li>Finally, create the new [<code>User</code>] object, insert to users HashMap <code><fingerprint, User></code></li> | ||
138 | </ul> | 109 | </ul> |
110 | <pre style="background-color:#ffffff;"> | ||
111 | <code class="language-json" data-lang="json"><span style="color:#545052;">{ | ||
112 | "</span><span style="color:#009854;">c</span><span style="color:#545052;">": "</span><span style="color:#009854;">auth_ciphertext</span><span style="color:#545052;">", | ||
113 | "</span><span style="color:#009854;">iv</span><span style="color:#545052;">": "</span><span style="color:#009854;">hexadecimal</span><span style="color:#545052;">", | ||
114 | "</span><span style="color:#009854;">key</span><span style="color:#545052;">": "</span><span style="color:#009854;">key_ciphertext</span><span style="color:#545052;">" | ||
115 | } | ||
116 | </span></code></pre> | ||
117 | <p>If your authentication process was valid, you will be given access and your public key fingerprint that is your address.</p> | ||
139 | 118 | ||
140 | 119 | ||
141 | </div> | 120 | </div> |