Gradecoin
Register Documentation
POST request to /register endpoint
Lets a user to authenticate themselves to the system. Only people who are enrolled to the class can open Gradecoin accounts. This is enforced with your Student ID and a one time password you will receive.
Authentication Process
- Gradecoin's Public Key (
gradecoin_public_key) is listed on our Moodle page. - You pick a short temporary key (
k_temp) - Create a JSON object (
auth_plaintext) with yourmetu_idandpublic keyin base64 (PEM) format (S_PK) reference
{
"student_id": "e12345",
"passwd": "15 char secret",
"public_key": "---BEGIN PUBLIC KEY..."
}
- Pick a random IV.
- Encrypt the serialized string of
auth_plaintextwith 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp), the result isauth_ciphertext. Encode this with base64. - The temporary key you have picked
k_tempis encrypted using RSA with OAEP padding scheme using SHA-256 withgradecoin_public_key, giving uskey_ciphertext. Encode this with base 64. - The payload JSON object (
auth_request) can be serialized now:
{
"c": "auth_ciphertext",
"iv": "hexadecimal",
"key": "key_ciphertext"
}
If your authentication process was valid, you will be given access and your public key fingerprint that is your address.