- Gradecoin
- POST request to /register endpoint
-Lets a [User] (=student) to authenticate themselves to the system
-This request can be rejected if the payload is malformed (=not authenticated properly) or if
-the [AuthRequest.user_id] of the request is not in the list of users that can hold a Gradecoin account
Authentication Process
--
-
-
-
Gradecoin's Public Key (
-gradecoin_public_key) is listed on moodle.
- -
-
Gradecoin's Private Key (
-gradecoin_private_key) is loaded here
- -
-
Student picks a short temporary key (
-k_temp)
- -
-
Creates a JSON object (
-auth_plaintext) with theirmetu_idandpublic keyin base64 (PEM) format (S_PK): -{ -student_id: "e12345", -passwd: "15 char secret" -public_key: "---BEGIN PUBLIC KEY..." -}
- -
-
Encrypts the serialized string of
-auth_plaintextwith 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp), the result isauth_ciphertextTODO should this be base64'd?
- -
-
The temporary key student has picked
-k_tempis encrypted using RSA with OAEP padding scheme -using sha256 withgradecoin_public_key(TODO base64? same as above), giving uskey_ciphertext
- -
-
The payload JSON object (
-auth_request) can be JSON serialized now: -{ -c: "auth_ciphertext" -key: "key_ciphertext" -}
-
Gradecoin Side
--
-
- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with
gradecoin_private_keyas the key and auth_request.keykeyas the ciphertext, receivingtemp_key(this is the temporary key chosen by stu
- - With
temp_key, we can AES 128 Cbc Pkcs7 decrypt theauth_request.c, giving us -auth_plaintext
- - The
auth_plaintextString can be deserialized to [AuthRequest]
- - We then verify the payload and calculate the User fingerprint -
- Finally, create the new [
User] object, insert to users HashMap<fingerprint, User>
-