Open in app

Sign in

Write

Sign in

Authentication on NESS nodes

Aleksej Sokolov
2 min readOct 28, 2021

--

Type 1 — authentication_id

For non-critical data communicating between user and node where authentication is needed.

On user side

authentication_id = sign(user_private_key, “node.url-node.nonce-username-user.nonce”)

On node side

The node takes two parameters

  1. user_name
  2. authentication_id

Then

verify(user_public_key, “node.url-node.nonce-username-user.nonce”, authentication_id)

If verification is correct the client gets succesfully logged in.

And client can do actions according to nodes policy.
No access to blockchain is required in Authorisation/Verification process, blockchain is only required once, when user generates new keys or key.

If the node changes node.nonce — the authentication_id is changed

If the user changes user.nonce — the authentication_id is changed

URL

<URL>/<service-name>/username/authentication_id

Type 2 — two way encryption

For critical data communicating between user and node between user and node where authentication is needed.

On user side

encrypted_data = encrypt(node_public_key, data)signature = sign(user_secret_key, encrypted_data)POST:	data: encrypted_data	username: username	sig: signature

On node side

IF verify(user_public_key, encrypted_data, sig)
data = decrypt(node_secret_key, encrypted_data)encrypted_data = encrypt(user_public_key, data)signature = sign(node_secret_key, encrypted_data)RESPONSE:	data: encrypted_data	sig: signature

On user side

IF verify(node_public_key, encrypted_data, signature)data = decrypt(user_secret_key, encrypted_data)

What type of encryption will we use ?
ed25519
It’s a well known standard present in libSodium (PHP, C++, JAVA) and PyNaCl (Python) https://libsodium.gitbook.io/doc/bindings_for_other_languages

Why EMER-SSL do not suit our needs ?

  1. Very complicated PKI infrastructure build for different purposes and it don’t suit our needs
  2. We have many key-pairs wich can be changed, and if we will able to put our key-pairs in certificate (which is complicated) we must generate many certificates, but why ?
  3. We have WORM standard and we don’t need other standard — INFOCARD.
  4. libSodium + JSON +HTTP + BLOCKCHAIN + WORM makes everything simple

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Blockchain
Privateness
Ssl

--

--

Aleksej Sokolov
Aleksej Sokolov

Written by Aleksej Sokolov

11 Followers
3 Following

Ideologist & Main Developer at PrivateNess

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams