From 77b99f7d3a8747f562f2b8f1e8df551aafea1b28 Mon Sep 17 00:00:00 2001 From: Yigit Sever Date: Thu, 15 Apr 2021 13:35:06 +0300 Subject: Remove lorems and inpsumses --- site/content/register_docs.md | 51 ++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 27 deletions(-) (limited to 'site/content/register_docs.md') diff --git a/site/content/register_docs.md b/site/content/register_docs.md index 45571fb..83aef7f 100644 --- a/site/content/register_docs.md +++ b/site/content/register_docs.md @@ -5,38 +5,35 @@ weight = 3 +++ POST request to /register endpoint -Lets a [`User`] (=student) to authenticate themselves to the system -This `request` can be rejected if the payload is malformed (=not authenticated properly) or if -the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account -# Authentication Process -- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle. -- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here +Lets a user to authenticate themselves to the system. +Only people who are enrolled to the class can open Gradecoin accounts. +This is enforced with your Student ID and a one time password you will receive. -- Student picks a short temporary key (`k_temp`) -- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`): +# Authentication Process +- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page. +- You pick a short temporary key (`k_temp`) +- Create a JSON object (`auth_plaintext`) with your `metu_id` and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem) +```json { - student_id: "e12345", - passwd: "15 char secret" - public_key: "---BEGIN PUBLIC KEY..." + "student_id": "e12345", + "passwd": "15 char secret", + "public_key": "---BEGIN PUBLIC KEY..." } +``` + +- Pick a random IV. +- Encrypt the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext`. Encode this with base64. +- The temporary key you have picked `k_temp` is encrypted using RSA with OAEP padding scheme +using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base 64. +- The payload JSON object (`auth_request`) can be serialized now: -- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd? -- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme -using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext` -- The payload JSON object (`auth_request`) can be JSON serialized now: +```json { - c: "auth_ciphertext" - key: "key_ciphertext" + "c": "auth_ciphertext", + "iv": "hexadecimal", + "key": "key_ciphertext" } +``` -## Gradecoin Side - -- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu -- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us -auth_plaintext -- The `auth_plaintext` String can be deserialized to [`AuthRequest`] -- We then verify the payload and calculate the User fingerprint -- Finally, create the new [`User`] object, insert to users HashMap `` - - +If your authentication process was valid, you will be given access and your public key fingerprint that is your address. -- cgit v1.2.3-70-g09d2