+ Gradecoin
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Register Documentation
+POST request to /register endpoint
+Lets a user to authenticate themselves to the system. +Only people who are enrolled to the class can open Gradecoin accounts. +This is enforced with your Student ID and a one time password you will receive.
+Authentication Process
+-
+
- Gradecoin's Public Key (
gradecoin_public_key) is listed on our Moodle page.
+ - You pick a short temporary key (
k_temp)
+ - Create a JSON object (
auth_plaintext) with yourmetu_idandpublic keyin base64 (PEM) format (S_PK) reference
+
+{
+ "student_id": "e12345",
+ "passwd": "15 char secret",
+ "public_key": "---BEGIN PUBLIC KEY..."
+}
+
+-
+
- Pick a random IV. +
- Encrypt the serialized string of
auth_plaintextwith 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp), the result isauth_ciphertext. Encode this with base64.
+ - The temporary key you have picked
k_tempis encrypted using RSA with OAEP padding scheme +using SHA-256 withgradecoin_public_key, giving uskey_ciphertext. Encode this with base 64.
+ - The payload JSON object (
auth_request) can be serialized now:
+
+{
+ "c": "auth_ciphertext",
+ "iv": "hexadecimal",
+ "key": "key_ciphertext"
+}
+
+If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
+ + +