BitShares Forum
Other => Graveyard => Keyhotee => Topic started by: rysgc on December 20, 2013, 09:00:36 pm
-
Is there any word on how authentication of users based on their Keyhotee ID would go? I'm planning on building a couple of services were users can sign in only with their Keyhotee ID. It would be great if there's an authentication api available at launch and if not I'm happy to write one which can be easily accessed by others. I understand the general authentication concepts that a browser plugin authenticates with the server , but I'm not quite sure how this translates in real life and when to expect this feature.
-
Is there any word on how authentication of users based on their Keyhotee ID would go? I'm planning on building a couple of services were users can sign in only with their Keyhotee ID. It would be great if there's an authentication api available at launch and if not I'm happy to write one which can be easily accessed by others. I understand the general authentication concepts that a browser plugin authenticates with the server , but I'm not quite sure how this translates in real life and when to expect this feature.
We have a JSON-RPC API that you can use with Keyhotee. I will publish some details here.
-
method="lookup_name"
params=["bytemaster"]
result=
{
"last_update" : ${SECONDS_1970}
"master_key" : "HEX"
"active_key" : "HEX"
"revoked" : true | false
"age" : # of first block in which the name was registered
"repute" : points associated with name
"name_hash" : "HEX 8-byte hash of name"
"name" : "If known, the reverse of the name_hash"
}
method = "verify_signature"
params = ["sha256 digest hex", "hex ecc compact signature" ]
result = ["hex ECC PUBLIC KEY"]
method = "sign_message"
params = ["name", "256 digest hex" ]
result = "hex ecc compact signature"
Server will generate a random challenge.
Client will combine the random challenge with random data and sign the result
Client will send random data + random challenge + signature + keyhotee ID to Server
Server will lookup keyhotee ID, call verify_signature and check that the active_key == result of verify signature.
-
That's great, whenever the testing url/ip is available please do let me know.
-
Are you already using the SQRL (https://www.grc.com/sqrl/sqrl.htm) interface, and if not would it be possible to do so? That should accelerate adoption since others are already pushing it, and from my very brief investigation it looks like it should be possible.
-
Are you already using the SQRL (https://www.grc.com/sqrl/sqrl.htm) interface, and if not would it be possible to do so? That should accelerate adoption since others are already pushing it, and from my very brief investigation it looks like it should be possible.
I'm pushing SQRL but is it possible to use it?
-
Are you already using the SQRL (https://www.grc.com/sqrl/sqrl.htm) interface, and if not would it be possible to do so? That should accelerate adoption since others are already pushing it, and from my very brief investigation it looks like it should be possible.
I'm pushing SQRL but is it possible to use it?
SqRL uses a one-time key pair and assumes the private key lives on your phone. I suspect there will be a way to combine the techniques.
-
great!