imdario / blind-ca

Secp256k1 blind signature certification authority boilerplate

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

blind-ca

Vocdoni blind-ca is a modular RPC backend for client authentication and signature retreival.

Currently it supports ECDSA and ECDSA_BLIND signature types.

Its design makes very easy to write new authentication handlers such as the ones found in the handlers/ directory.

The API is very simple (there exist only two methods: auth and sign) and follows the same standard of all Vocdoni components.

Authentication and token retreival

Query

{
  "id": "req-12345678",
  "request": {
    "method": "auth",
    "signatureType": "ECDSA" | "ECDSA_BLIND", // one of the currently supported types
    "authData": ["John Smith","18-10-2001"], // optional authentication specific data if the CA requires it
  }
}

Reply

{
  "id": "req-12345678",          // id of the originating request
  "response": {
    "request": "req-12345678",   // request id here as well
    "ok": true,                  // whetever there has been an error or not
    "error": "a possible error", // if error, the message
    "reply": "welcome John",     // optional reply, depends on the specific CA implementation
    "token": "0x123456789",      // hexadecimal string with the token (and R point if blind signature request)
  }
}

CA signature

Query

{
  "id": "req-12345678",
  "request": {
    "method": "sign",
    "signatureType": "ECDSA" | "ECDSA_BLIND", // must be the same type of the authentication step
    "token": "0x123456789",       // hexadecimal string with the token (and R point if blind signature request)
    "messageHash": "0x1234",      // if blind signature, the message hash to sign
    "message": "base64",          // if ecdsa signature, the message to sign (will be hashed)
  }
}

Reply

{
  "id": "req-12345678",          // id of the originating request
  "response": {
    "request": "req-12345678",   // request id here as well
    "ok": true,                  // whetever there has been an error or not
    "error": "a possible error", // if error, the message
    "caSignature": "0x1234567",  // hexadecimal string containing the CA signature proof
  }
}

Usage

$ go run . --loglevel=debug --handler=uniqueIp

2021-02-04T14:08:34+01:00       INFO    vocdoni-blind-ca/main.go:45     logger construction succeeded at level debug and output stdout
2021-02-04T14:08:34+01:00       INFO    vocdoni-blind-ca/main.go:52     new private key generated: 1ca5cdddfef01ab0a5bc1b7b71b13bdbcef963c372a873feacbac01526608413
2021-02-04T14:08:34+01:00       INFO    vocdoni-blind-ca/main.go:53     CA public key: 023ce675fd2317e2015f4f10667556ca2f521e0eeef21325290d9ba3996501aa7b
2021-02-04T14:08:34+01:00       INFO    vocdoni-blind-ca/main.go:59     using ECDSA signer with address 0xBC0525b0cC3eb177a0418760A990f17a25ED8aF5
2021-02-04T14:08:34+01:00       INFO    endpoint/httpws.go:107  creating API service
2021-02-04T14:08:34+01:00       INFO    endpoint/httpws.go:162  creating proxy service, listening on 0.0.0.0:5000
2021-02-04T14:08:34+01:00       INFO    mhttp/proxy.go:133      starting go-chi http server
2021-02-04T14:08:34+01:00       INFO    mhttp/proxy.go:148      proxy ready at http://[::]:5000
2021-02-04T14:08:34+01:00       INFO    vocdoni-blind-ca/main.go:132    adding request method under /ca namespace
2021-02-04T14:08:34+01:00       DEBUG   router/router.go:66     adding new handler auth for namespace /ca
2021-02-04T14:08:34+01:00       INFO    vocdoni-blind-ca/main.go:137    adding sign method under /ca namespace
2021-02-04T14:08:34+01:00       DEBUG   router/router.go:66     adding new handler sign for namespace /ca
$ go run . --help

      --certs stringArray   list of PEM certificates to import to the HTTP(s) server
      --dataDir string      datadir for storing files and config (default "/home/p4u/.vocdoni-ca")
      --domain string       domain name for tls with letsencrypt (port 443 must be forwarded)
      --handler string      the authentication handler to use for the CA, available: {uniqueIp idCat dummy} (default "dummy")
      --key string          private CA key as hexadecimal string (leave empty for autogenerate)
      --loglevel string     log level {debug,info,warn,error} (default "info")
      --port int            port to listen (default 5000)

About

Secp256k1 blind signature certification authority boilerplate


Languages

Language:Go 96.0%Language:Shell 4.0%