Authentication Process

- Cipher Initialization

- Encryption

POST request to /register endpoint

Lets a user to authenticate themselves to the system. Only people who are enrolled to the class can open Gradecoin accounts. This is enforced with your Student ID (e123456) and a one time password you will receive.

Authentication Process

The bytes you are sending over the network are all Base64 Encoded

Gradecoin's Public Key (gradecoin_public_key) is listed on our Moodle page. Download and load it it to your client.
Create a JSON object (P_AR) with your metu_id ("e"+6 chars) and public key in base64 (PEM) format (S_PK) reference

{
    "student_id": "e123456",
    "passwd": "15 char secret",
    "public_key": "---BEGIN PUBLIC KEY..."
}

Cipher Initialization

Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)

Pick a short temporary key (k_temp)
Pick a random IV 1 2 (iv).

Encryption

Encrypt the serialized string of P_AR with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp), the result is C_AR. Encode this with base64.
The temporary key you have picked k_temp is encrypted using RSA with OAEP padding scheme using SHA-256 with gradecoin_public_key, giving us key_ciphertext. Encode this with base64.
Base64 encode the IV (iv) as well.

The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard.

The payload JSON object (auth_request) can be serialized now:

{
    "c": "C_AR",
    "iv": "iv",
    "key": "key_ciphertext"
}

If your authentication process was valid, you will be given access and your public key fingerprint that is your address. You can now sign JWTs to send authorized transaction requests.