From 6ddfaebe3ed45edb01d8c188fc5449b366ddcf55 Mon Sep 17 00:00:00 2001 From: Yigit Sever Date: Thu, 15 Apr 2021 13:35:06 +0300 Subject: Remove lorems and inpsumses --- site/public/register-docs/index.html | 75 +++++++++++++----------------------- 1 file changed, 27 insertions(+), 48 deletions(-) (limited to 'site/public/register-docs') diff --git a/site/public/register-docs/index.html b/site/public/register-docs/index.html index e3170f9..9a9b0c0 100644 --- a/site/public/register-docs/index.html +++ b/site/public/register-docs/index.html @@ -75,12 +75,6 @@ -
POST request to /register endpoint
-Lets a [User
] (=student) to authenticate themselves to the system
-This request
can be rejected if the payload is malformed (=not authenticated properly) or if
-the [AuthRequest.user_id
] of the request
is not in the list of users that can hold a Gradecoin account
POST request to /register endpoint
+Lets a user to authenticate themselves to the system. +Only people who are enrolled to the class can open Gradecoin accounts. +This is enforced with your Student ID and a one time password you will receive.
Gradecoin's Public Key (gradecoin_public_key
) is listed on moodle.
Gradecoin's Private Key (gradecoin_private_key
) is loaded here
Student picks a short temporary key (k_temp
)
Creates a JSON object (auth_plaintext
) with their metu_id
and public key
in base64 (PEM) format (S_PK
):
-{
-student_id: "e12345",
-passwd: "15 char secret"
-public_key: "---BEGIN PUBLIC KEY..."
-}
Encrypts the serialized string of auth_plaintext
with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp
), the result is auth_ciphertext
TODO should this be base64'd?
The temporary key student has picked k_temp
is encrypted using RSA with OAEP padding scheme
-using sha256 with gradecoin_public_key
(TODO base64? same as above), giving us key_ciphertext
The payload JSON object (auth_request
) can be JSON serialized now:
-{
-c: "auth_ciphertext"
-key: "key_ciphertext"
-}
gradecoin_public_key
) is listed on our Moodle page.k_temp
)auth_plaintext
) with your metu_id
and public key
in base64 (PEM) format (S_PK
) reference
+{
+ "student_id": "e12345",
+ "passwd": "15 char secret",
+ "public_key": "---BEGIN PUBLIC KEY..."
+}
+
gradecoin_private_key
as the key and auth_request.key key
as the ciphertext, receiving temp_key
(this is the temporary key chosen by stutemp_key
, we can AES 128 Cbc Pkcs7 decrypt the auth_request.c
, giving us
-auth_plaintextauth_plaintext
String can be deserialized to [AuthRequest
]User
] object, insert to users HashMap <fingerprint, User>
auth_plaintext
with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp
), the result is auth_ciphertext
. Encode this with base64.k_temp
is encrypted using RSA with OAEP padding scheme
+using SHA-256 with gradecoin_public_key
, giving us key_ciphertext
. Encode this with base 64.auth_request
) can be serialized now:
+{
+ "c": "auth_ciphertext",
+ "iv": "hexadecimal",
+ "key": "key_ciphertext"
+}
+
+If your authentication process was valid, you will be given access and your public key fingerprint that is your address.