Gradecoin
POST request to /register endpoint
Lets a [User] (=student) to authenticate themselves to the system
This request can be rejected if the payload is malformed (=not authenticated properly) or if
the [AuthRequest.user_id] of the request is not in the list of users that can hold a Gradecoin account
Authentication Process
-
Gradecoin's Public Key (
gradecoin_public_key) is listed on moodle. -
Gradecoin's Private Key (
gradecoin_private_key) is loaded here -
Student picks a short temporary key (
k_temp) -
Creates a JSON object (
auth_plaintext) with theirmetu_idandpublic keyin base64 (PEM) format (S_PK): { student_id: "e12345", passwd: "15 char secret" public_key: "---BEGIN PUBLIC KEY..." } -
Encrypts the serialized string of
auth_plaintextwith 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp), the result isauth_ciphertextTODO should this be base64'd? -
The temporary key student has picked
k_tempis encrypted using RSA with OAEP padding scheme using sha256 withgradecoin_public_key(TODO base64? same as above), giving uskey_ciphertext -
The payload JSON object (
auth_request) can be JSON serialized now: { c: "auth_ciphertext" key: "key_ciphertext" }
Gradecoin Side
- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with
gradecoin_private_keyas the key and auth_request.keykeyas the ciphertext, receivingtemp_key(this is the temporary key chosen by stu - With
temp_key, we can AES 128 Cbc Pkcs7 decrypt theauth_request.c, giving us auth_plaintext - The
auth_plaintextString can be deserialized to [AuthRequest] - We then verify the payload and calculate the User fingerprint
- Finally, create the new [
User] object, insert to users HashMap<fingerprint, User>