1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Register | Gradecoin </title>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<style>
:root {
/* Primary theme color */
--primary-color: #F8D12F;
/* Primary theme text color */
--primary-text-color: #1E2329;
/* Primary theme link color */
--primary-link-color: #2F57F7;
/* Secondary color: the background body color */
--secondary-color: #FAFAFA;
--secondary-text-color: #303030;
/* Highlight text color of table of content */
--toc-highlight-text-color: #d46e13;
}
</style>
<link href="https://fonts.googleapis.com/css?family=Alfa+Slab+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Fira+Sans:400,500,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/normalize.css">
<link rel="stylesheet" href="https://gradecoin.xyz/juice.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css" />
<link rel="stylesheet" href="/site.css" />
</head>
<body>
<header class="box-shadow">
<a href="https://gradecoin.xyz/">
<div class="logo">
<img src="https://gradecoin.xyz/gradecoin.png" alt="logo">
Gradecoin
</div>
</a>
<nav>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/register-docs/">Register</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/jwt/">JWT</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/transaction-docs/">Transactions</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/block-docs/">Blocks</a>
<a class="nav-item subtitle-text" href="https://github.com/zhuowei/nft_ptr#why">why?</a>
</nav>
</header>
<main>
<div class="toc">
<div class="toc-sticky">
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/register-docs/#authentication-process">Authentication Process</a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/register-docs/#cipher-initialization"><small>- Cipher Initialization</small></a>
</div>
<div class="toc-item-child">
<a class="subtext" href="https://gradecoin.xyz/register-docs/#encryption"><small>- Encryption</small></a>
</div>
</div>
</div>
<div class="content text">
<div class="heading-text">Register Documentation</div>
<p>POST request to <code>/register</code> endpoint</p>
<p>Lets a user to authenticate themselves to the system.
Only people who are enrolled to the class can open Gradecoin accounts.
This is enforced with your Student ID (e123456) and a one time password you will receive.</p>
<h1 id="authentication-process">Authentication Process</h1>
<blockquote>
<p>The bytes you are sending over the network are all Base64 Encoded</p>
</blockquote>
<ul>
<li>Gradecoin's Public Key (<code>gradecoin_public_key</code>) is listed on our Moodle page. Download and load it it to your client.</li>
<li>Create a JSON object (<code>P_AR</code>) with your <code>metu_id</code> ("e"+<code>6 chars</code>) and <code>public key</code> in base64 (PEM) format (<code>S_PK</code>) <a href="https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem">reference</a></li>
</ul>
<pre style="background-color:#ffffff;">
<code class="language-json" data-lang="json"><span style="color:#545052;">{
"</span><span style="color:#009854;">student_id</span><span style="color:#545052;">": "</span><span style="color:#009854;">e123456</span><span style="color:#545052;">",
"</span><span style="color:#009854;">passwd</span><span style="color:#545052;">": "</span><span style="color:#009854;">15 char secret</span><span style="color:#545052;">",
"</span><span style="color:#009854;">public_key</span><span style="color:#545052;">": "</span><span style="color:#009854;">---BEGIN PUBLIC KEY...</span><span style="color:#545052;">"
}
</span></code></pre><h2 id="cipher-initialization">Cipher Initialization</h2>
<blockquote>
<p>Since we are working with AES-128, both key and IV should be 128 bits (or 16 hexadecimal characters)</p>
</blockquote>
<ul>
<li>Pick a short temporary key (<code>k_temp</code>)</li>
<li>Pick a random IV <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV)">1</a> <a href="https://en.wikipedia.org/wiki/Initialization_vector">2</a> (<code>iv</code>).</li>
</ul>
<h2 id="encryption">Encryption</h2>
<ul>
<li>Encrypt the serialized string of <code>P_AR</code> with 128 bit block <a href="https://en.wikipedia.org/wiki/Initialization_vector">AES</a> in <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC">CBC</a> mode with <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding">Pkcs7 padding</a> using the temporary key (<code>k_temp</code>), the result is <code>C_AR</code>. Encode this with base64.</li>
<li>The temporary key you have picked <code>k_temp</code> is encrypted using RSA with <a href="https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding">OAEP</a> padding scheme using SHA-256 with <code>gradecoin_public_key</code>, giving us <code>key_ciphertext</code>. Encode this with base64.</li>
<li>Base64 encode the IV (<code>iv</code>) as well.</li>
</ul>
<blockquote class="tidbit">
<p>
The available tools and libraries might warn you about how using the primitives given above are "hazardous". They are, crypto is hard.
</p>
</blockquote>
<ul>
<li>The payload JSON object (<code>auth_request</code>) can be serialized now:</li>
</ul>
<pre style="background-color:#ffffff;">
<code class="language-json" data-lang="json"><span style="color:#545052;">{
"</span><span style="color:#009854;">c</span><span style="color:#545052;">": "</span><span style="color:#009854;">C_AR</span><span style="color:#545052;">",
"</span><span style="color:#009854;">iv</span><span style="color:#545052;">": "</span><span style="color:#009854;">iv</span><span style="color:#545052;">",
"</span><span style="color:#009854;">key</span><span style="color:#545052;">": "</span><span style="color:#009854;">key_ciphertext</span><span style="color:#545052;">"
}
</span></code></pre>
<p>If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
You can now sign <a href="https://gradecoin.xyz/jwt/">JWTs</a> to send authorized transaction requests.</p>
</div>
</main>
<footer>
Built For ⁂ CENG489 ⁂ Introduction to Computer Security
</footer>
</body>
<script>
function highlightNav(heading) {
let pathname = location.pathname;
document.querySelectorAll(".toc a").forEach((item) => {
item.classList.remove("active");
});
document.querySelector(".toc a[href$='" + pathname + "#" + heading + "']").classList.add("active");
}
let currentHeading = "";
window.onscroll = function () {
let h = document.querySelectorAll("h1,h2,h3,h4,h5,h6");
let elementArr = [];
h.forEach(item => {
if (item.id !== "") {
elementArr[item.id] = item.getBoundingClientRect().top;
}
});
elementArr.sort();
for (let key in elementArr) {
if (!elementArr.hasOwnProperty(key)) {
continue;
}
if (elementArr[key] > 0 && elementArr[key] < 300) {
if (currentHeading !== key) {
highlightNav(key);
currentHeading = key;
}
break;
}
}
}
</script>
</html>
|
