From 81ebd267c89011ca65cd5cfe382e10fabd9017ac Mon Sep 17 00:00:00 2001
From: Yigit Sever
Date: Mon, 19 Apr 2021 18:21:06 +0300
Subject: Moving site to separate repo

---
 site/content/JWT.md              | 41 -----------------
 site/content/_index.md           | 98 ----------------------------------------
 site/content/block_docs.md       | 43 ------------------
 site/content/misc_docs.md        | 17 -------
 site/content/register_docs.md    | 54 ----------------------
 site/content/transaction_docs.md | 52 ---------------------
 6 files changed, 305 deletions(-)
 delete mode 100644 site/content/JWT.md
 delete mode 100644 site/content/_index.md
 delete mode 100644 site/content/block_docs.md
 delete mode 100644 site/content/misc_docs.md
 delete mode 100644 site/content/register_docs.md
 delete mode 100644 site/content/transaction_docs.md

(limited to 'site/content')

diff --git a/site/content/JWT.md b/site/content/JWT.md
deleted file mode 100644
index 46da1a2..0000000
--- a/site/content/JWT.md
+++ /dev/null
@@ -1,41 +0,0 @@
-+++
-title = "JWT"
-description = "JSON Web Token Documentation"
-weight = 4
-+++
-
-> JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests.
-
-# How?
-
-JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization:
-- block proposal
-- transaction proposal.
-
-They are send alongside the JSON request body in the `Header`;
-
-```html
-Authorization: Bearer aaaaaa.bbbbbb.ccccc
-```
-
-Gradecoin uses 3 fields for the JWTs;
-
-```json
-{
-"tha": "Hash of the payload, check invididual references",
-"iat": "Issued At, Unix Time",
-"exp": "Expiration Time, epoch"
-}
-```
-
-- `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations.
-- `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format
-- `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time)
-
-# Algorithm
-We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/).
-
-# References
-- [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519)
-- [JWT Debugger](https://jwt.io/)
-
diff --git a/site/content/_index.md b/site/content/_index.md
deleted file mode 100644
index d0be673..0000000
--- a/site/content/_index.md
+++ /dev/null
@@ -1,98 +0,0 @@
-+++
-title = "Gradecoin"
-sort_by = "weight"
-+++
-
-# Welcome to Gradecoin!
-
-Blockchains are incredibly simple yet can appear very complicated, we will see how they work and practice programming _production_ cryptography code.
-
-This server is the sandbox for the PA1, it's currently running the Gradecoin application. Gradecoin is the faux currency we will use to simulate a blockchain network. At the end of the simulation, the amount of Gradecoin you hold will be your PA1 grade.
-
-**A quick summary**: authenticate yourself to the system using public key encryption.
-Craft [Transaction](@/transaction_docs.md) proposals and tag them using [JWTs](@/JWT.md).
-When there are enough transactions then you can propose [Blocks](@/block_docs.md) in the same way.
-Blocks need to be _mined_ beforehand using Proof-of-work, or brute force.
-
-Gradecoin offers 3 endpoints at [/register](/register), [/block](/block) and [/transaction](/transaction). You can only send GET requests to /block and /transaction without authorization.
-The server is programmed in [RESTful](https://www.service-architecture.com/articles/web-services/representational_state_transfer_rest.html) architecture, there are no `DELETE`, `PUT` or `UPDATE` operations, though.
-
-Gradecoin uses a Proof-of-work block accepting mechanism. It uses single round [Blake2s](https://www.blake2.net/) hashing which produces 256-bit (64 hexadecimal characters) output. The [target](https://wiki.bitcoinsv.io/index.php/Target) hash is _24 bits_ or _6 hexadecimal characters_ of 0. During testing, I could mine a block on average around 4-6 minutes.
-
-> We're expecting you to use existing tools and implementations. Standards are hard. [Don't roll your own crypto](https://www.reddit.com/r/crypto/comments/2coqsy/dont_roll_your_own/). Feel free to ask questions. Collaborate.
-
-You might ask,
-
-> But if nobody has any Gradecoin then how do we have transactions?
-
-There is a bank! Their public key is `31415926535897932384626433832795028841971693993751058209749445923` and they have some amount of Gradecoin preloaded. It's also the only account that you can send transactions requests _to_ yourself.
-
-# Coinbase
-The first transactions of a block is called the `coinbase`. They are the **author** of the block proposal and if the block is accepted then they get compensated for their efforts with some Gradecoin.
-
-# Public Key Signatures
-Gradecoin uses 2048 bit RSA keypairs.
-
-# Services
-## /register
-- Create your own 2048 bit RSA `keypair`
-- Download `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
-- Encrypt your [JSON](https://www.json.org/json-en.html) wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
-- Your public key is now in our database and can be used to sign your JWT's during requests
-- For more information, check the [register](@/register_docs.md) page
-
-## /transaction
-- You can offer a [Transaction](@/transaction_docs.md) with a POST request
-    - The request should have `Authorization`
-    - The request header should be signed by the Public Key of the `by` field in the transaction
-- Fetch the list of `Transaction`s with a GET request
-- For more information, check our [transaction](@/transaction_docs.md) page
-
-## /block
-- Offer a [Block](@/block_docs.md) with a POST request
-    - The request should have `Authorization`
-    - The `transaction_list` of the block should be a subset of pending transactions, available on [/transaction](/transaction)
-- Fetch the last accepted `Block` with a GET request
-- For more information, check our [block](@/block_docs.md) page
-
-    `Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
-
-## /user
-- Meant to be used in the browser, you can see the current list of users and their balance here
-
-# Questions
-## This all sound complicated!
-- I've drawn inspiration from [actual Bitcoin transactions](https://explorer.bitcoin.com/btc) and [warp](https://github.com/seanmonstar/warp/blob/master/examples/todos.rs). The simplicity of the system is how little interfaces it has.
-- Don't know where to start? Gradecoin uses RESTful API; simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
-- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519).
-- Remember that you are absolutely encouraged to grab off-the-shelf implementations for every cryptography primitive you will use. You can start by finding a code snippet to generate a RSA keypair?
-- Check out [misc](@/misc_docs.md) for everything else you might be curious about.
-
-## How do you actually earn Gradecoin?
-- Register yourself to at [/register](@/register_docs.md)
-- Create transactions at [/transaction](@/transaction_docs.md)
-- Create blocks to commit transactions at [/block](@/block_docs.md)
-- See how everyone is doing and find people to trade with at [/user](/user)
-
-## I found a bug!
-Thank you! Please [let me know](mailto:yigit@ceng.metu.edu.tr) so we can solve it.
-
-## I hacked the server!
-That wasn't supposed to happen :( I did not place any intentional vulnerabilities to the system so if you cracked something, it was not intended. Please don't abuse it and let me know so I can patch it.
-
-## Submission?
-At the end of the _simulation_, your Gradecoin balance will be your grade. I will also expect a unique client programmed in either;
-- c
-- c++
-- perl
-- rust
-- python
-- random assortment of bash scripts
-
-If your favourite programming language is missing please let me know 🤷?
-
-## Can my friends play?
-Sadly, no. Student's who are enrolled to the class will receive one-time-passwords for authentication.
-
-## How and or Why?
-- [Built](https://xkcd.com/2314/), [with](https://lofi.cafe/) [Rust](https://xkcd.com/2418/)
diff --git a/site/content/block_docs.md b/site/content/block_docs.md
deleted file mode 100644
index 92880b6..0000000
--- a/site/content/block_docs.md
+++ /dev/null
@@ -1,43 +0,0 @@
-+++
-title = "Blocks"
-description = "Block Documentation"
-weight = 10
-+++
-
-A block that was proposed to commit Transactions in `transaction_list` to the
-ledger with a nonce that made `hash` valid; 6 zeroes at the left hand side of the
-hash (24 bytes).
-
-We are _mining_ using [blake2s](https://www.blake2.net/) algorithm, which produces 256 bit hashes. Hash/second is roughly {{ exp(num="20x10", exponent="3") }} on my machine, a new block can be mined in around 4-6 minutes.
-
-# Requests
-
-## GET
-A HTTP `GET` request to [/block](/block) endpoint will return the latest mined block.
-
-## POST
-
-A HTTP `POST` request with Authorization using JWT will allow you to propose your own blocks.
-
-# Fields
-```
-transaction_list: [array of Fingerprints]
-nonce: unsigned 32-bit integer
-timestamp: ISO 8601 <date>T<time>
-hash: String
-```
-
-# Mining
-The _mining_ process for the hash involves;
-- Creating a temporary JSON object with `transaction_list`, `timestamp` and `nonce` values
-- Serializing it
-- Calculating blake2s hash of the serialized string
-
-If the resulting hash is valid, then you can create a `Block` JSON object with the found `nonce` and `hash`.
-
-# Hash
-
-```tha``` field in [jwt documentation](/jwt) in fact stands for "The Hash", in the case of a post request for a block, you need to use hash field of the block.
-
-
-[ISO 8601 Reference](https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations)
diff --git a/site/content/misc_docs.md b/site/content/misc_docs.md
deleted file mode 100644
index 90ea514..0000000
--- a/site/content/misc_docs.md
+++ /dev/null
@@ -1,17 +0,0 @@
-+++
-title = "Misc"
-description = "Documentation about everything else"
-weight = 10
-+++
-
-We thought it might be good to explain some concepts you might have questions about.
-
-# Fingerprint
-
-## Definition
-
-A fingerprint is a 256 bit 64 character hexadecimal user identifier for users. Fingerprints are used in defining users in [transactions](@/transaction_docs.md) and [blocks](@/block_docs.md).
-
-## Fingerprint Generation
-
-A user's finger print is generated via applying SHA256 sum of the user's public RSA key.
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
deleted file mode 100644
index 974fe37..0000000
--- a/site/content/register_docs.md
+++ /dev/null
@@ -1,54 +0,0 @@
-+++
-title = "Register"
-description = "Register Documentation"
-weight = 3
-+++
-
-POST request to `/register` endpoint
-
-Lets a user to authenticate themselves to the system.
-Only people who are enrolled to the class can open Gradecoin accounts.
-This is enforced with your Student ID (e123456) and a one time password you will receive.
-
-# Authentication Process
-
-> The bytes you are sending over the network are all Base64 Encoded
-
-- Gradecoin's Public Key (`gradecoin_public_key`) is listed on our Moodle page and [here](/gradecoin.pub). Download and load it it to your client.
-- Create a JSON object (`P_AR`) with your `metu_id` ("e"+`6 chars`) and `public key` in base64 (PEM) format (`S_PK`) [reference](https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem)
-```json
-{
-    "student_id": "e123456",
-    "passwd": "15 char secret",
-    "public_key": "---BEGIN PUBLIC KEY..."
-}
-```
-
-## Cipher Initialization
-
-> Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)
-
-- Pick a short temporary key (`k_temp`)
-- Pick a random IV [1](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)) [2](https://en.wikipedia.org/wiki/Initialization_vector) (`iv`).
-
-## Encryption
-- Encrypt the serialized string of `P_AR` with 128 bit block [AES](https://en.wikipedia.org/wiki/Initialization_vector) in [CBC](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC) mode with [Pkcs7 padding](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding) using the temporary key (`k_temp`), the result is `C_AR`. Encode this with base64.
-- The temporary key you have picked `k_temp` is encrypted using RSA with [OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding) padding scheme using SHA-256 with `gradecoin_public_key`, giving us `key_ciphertext`. Encode this with base64.
-- Base64 encode the IV (`iv`) as well.
-
-{% tidbit() %}
-The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard.
-{% end %}
-
-- The payload JSON object (`auth_request`) can be serialized now:
-
-```json
-{
-    "c": "C_AR",
-    "iv": "iv",
-    "key": "key_ciphertext"
-}
-```
-
-If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
-You can now sign [JWTs](@/JWT.md) to send authorized transaction requests.
diff --git a/site/content/transaction_docs.md b/site/content/transaction_docs.md
deleted file mode 100644
index 05c1534..0000000
--- a/site/content/transaction_docs.md
+++ /dev/null
@@ -1,52 +0,0 @@
-+++
-title = "Transactions"
-description = "Transaction documentation"
-weight = 6
-+++
-
-A transaction request between `source` and `target` to move `amount` Gradecoin.
-
-# Requests
-
-## GET
-A HTTP `GET` request to [/transaction](/transaction) endpoint will return the current list of pending transactions.
-
-## POST
-
-A HTTP `POST` request with Authorization using JWT to [/transaction](/transactions) will allow you to propose your own transactions.
-
-# Fields
-```
-by: Fingerprint
-source: Fingerprint
-target: Fingerprint
-amount: unsigned 16 bit integer
-timestamp: ISO 8601 <date>T<time>
-```
-
-# Hash
-
-`tha` field in [jwt documentation](@/JWT.md) in fact stands for "The Hash", in the case of a post request for a transaction, you need the Md5 hash of the serialized JSON representation of transaction. The resulting JSON string should look something like;
-
-```
-{"by":"foo","source":"bar","target":"baz","amount":2,"timestamp":"2021-04-18T21:49:00"}
-```
-
-Or; without any whitespace, separated with `:` and `,`.
-
-# Bank
-
-There is a `bank` account with Fingerprint `31415926535897932384626433832795028841971693993751058209749445923`
-
-{% tidbit() %}
-First 64 digits of Pi
-{% end %}
-
-This is the only account that will let you _withdraw_ from them.
-
-```
-by: this has to be your Fingerprint
-source: this can be either you or the bank
-target: this can be a valid fingerprint or yourself if source is the bank
-...
-```
-- 
cgit v1.2.3-70-g09d2