Author Topic: Keyhotee ID authentication  (Read 3991 times)

0 Members and 1 Guest are viewing this topic.

Offline saymasay

  • Newbie
  • *
  • Posts: 2
    • View Profile

Offline bytemaster

Are you already using the SQRL (https://www.grc.com/sqrl/sqrl.htm) interface, and if not would it be possible to do so?  That should accelerate adoption since others are already pushing it, and from my very brief investigation it looks like it should be possible.

I'm pushing SQRL but is it possible to use it?

SqRL uses a one-time key pair and assumes the private key lives on your phone.  I suspect there will be a way to combine the techniques.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
Are you already using the SQRL (https://www.grc.com/sqrl/sqrl.htm) interface, and if not would it be possible to do so?  That should accelerate adoption since others are already pushing it, and from my very brief investigation it looks like it should be possible.

I'm pushing SQRL but is it possible to use it?
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Troglodactyl

  • Hero Member
  • *****
  • Posts: 960
    • View Profile
Are you already using the SQRL (https://www.grc.com/sqrl/sqrl.htm) interface, and if not would it be possible to do so?  That should accelerate adoption since others are already pushing it, and from my very brief investigation it looks like it should be possible.

Offline rysgc

  • Sr. Member
  • ****
  • Posts: 289
    • View Profile
    • DACZine.com
That's great, whenever the testing url/ip is available please do let me know.
DACZine.com - Receive all the latest DAC and BitShares community news straight to your inbox. Signup here or Submit news

Offline bytemaster

method="lookup_name"
params=["bytemaster"]
result=
{
   "last_update"  : ${SECONDS_1970}
   "master_key"  : "HEX"
   "active_key"    : "HEX"
   "revoked"       : true | false
    "age"            : # of first block in which the name was registered
    "repute"        : points associated with name
    "name_hash" : "HEX 8-byte hash of name"
     "name"        : "If known, the reverse of the name_hash"
}

method = "verify_signature"
params = ["sha256 digest hex", "hex ecc compact signature" ]
result    = ["hex ECC PUBLIC KEY"]

method = "sign_message"
params = ["name", "256 digest hex" ]
result    = "hex ecc compact signature"


Server will generate a random challenge.
Client will combine the random challenge with random data and sign the result
Client will send random data + random challenge + signature + keyhotee ID to Server
Server will lookup keyhotee ID,  call verify_signature and check that the active_key == result of verify signature.

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline bytemaster

Is there any word on how authentication of users based on their Keyhotee ID would go? I'm planning on building a couple of services were users can sign in only with their Keyhotee ID. It would be great if there's an authentication api available at launch and if not I'm happy to write one which can be easily accessed by others. I understand the general authentication concepts that a browser plugin authenticates with the server , but I'm not quite sure how this translates in real life and when to expect this feature.

We have a JSON-RPC API that you can use with Keyhotee.  I will publish some details here.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline rysgc

  • Sr. Member
  • ****
  • Posts: 289
    • View Profile
    • DACZine.com
Is there any word on how authentication of users based on their Keyhotee ID would go? I'm planning on building a couple of services were users can sign in only with their Keyhotee ID. It would be great if there's an authentication api available at launch and if not I'm happy to write one which can be easily accessed by others. I understand the general authentication concepts that a browser plugin authenticates with the server , but I'm not quite sure how this translates in real life and when to expect this feature.
« Last Edit: December 20, 2013, 09:48:17 pm by GodsCreation »
DACZine.com - Receive all the latest DAC and BitShares community news straight to your inbox. Signup here or Submit news