+ + + + + +

+ +

+ Authentication Process +

+ + +

+ - Gradecoin Side +

+ + + +

+ +

POST request to /register endpoint +Lets a [User] (=student) to authenticate themselves to the system +This request can be rejected if the payload is malformed (=not authenticated properly) or if +the [AuthRequest.user_id] of the request is not in the list of users that can hold a Gradecoin account

Authentication Process

+
Gradecoin's Public Key (gradecoin_public_key) is listed on moodle.
+
+
Gradecoin's Private Key (gradecoin_private_key) is loaded here
+
+
Student picks a short temporary key (k_temp)
+
+
Creates a JSON object (auth_plaintext) with their metu_id and public key in base64 (PEM) format (S_PK): +{ +student_id: "e12345", +passwd: "15 char secret" +public_key: "---BEGIN PUBLIC KEY..." +}
+
+
Encrypts the serialized string of auth_plaintext with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp), the result is auth_ciphertext TODO should this be base64'd?
+
+
The temporary key student has picked k_temp is encrypted using RSA with OAEP padding scheme +using sha256 with gradecoin_public_key (TODO base64? same as above), giving us key_ciphertext
+
+
The payload JSON object (auth_request) can be JSON serialized now: +{ +c: "auth_ciphertext" +key: "key_ciphertext" +}
+

Gradecoin Side

Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with gradecoin_private_key as the key and auth_request.key key as the ciphertext, receiving temp_key (this is the temporary key chosen by stu
With temp_key, we can AES 128 Cbc Pkcs7 decrypt the auth_request.c, giving us +auth_plaintext
The auth_plaintext String can be deserialized to [AuthRequest]
We then verify the payload and calculate the User fingerprint
Finally, create the new [User] object, insert to users HashMap <fingerprint, User>

+ + +

+ + + +