Authentication on NESS nodes

Type 1 — authentication_id

For non-critical data communicating between user and node where authentication is needed.

On user side

authentication_id = sign(user_private_key, “node.url-node.nonce-username-user.nonce”)

On node side

The node takes two parameters

  1. user_name
  2. authentication_id

Then

verify(user_public_key, “node.url-node.nonce-username-user.nonce”, authentication_id)

If verification is correct the client gets succesfully logged in.

And client can do actions according to nodes policy.
No access to blockchain is required in Authorisation/Verification process, blockchain is only required once, when user generates new keys or key.

If the node changes node.nonce — the authentication_id is changed

If the user changes user.nonce — the authentication_id is changed

URL

<URL>/<service-name>/username/authentication_id

Type 2 — two way encryption

For critical data communicating between user and node between user and node where authentication is needed.

On user side

encrypted_data = encrypt(node_public_key, data)signature = sign(user_secret_key, encrypted_data)POST:	data: encrypted_data	username: username	sig: signature

On node side

IF verify(user_public_key, encrypted_data, sig)
data = decrypt(node_secret_key, encrypted_data)
encrypted_data = encrypt(user_public_key, data)signature = sign(node_secret_key, encrypted_data)RESPONSE: data: encrypted_data sig: signature

On user side

IF verify(node_public_key, encrypted_data, signature)data = decrypt(user_secret_key, encrypted_data)

What type of encryption will we use ?
ed25519
It’s a well known standard present in libSodium (PHP, C++, JAVA) and PyNaCl (Python) https://libsodium.gitbook.io/doc/bindings_for_other_languages

Why EMER-SSL do not suit our needs ?

  1. Very complicated PKI infrastructure build for different purposes and it don’t suit our needs
  2. We have many key-pairs wich can be changed, and if we will able to put our key-pairs in certificate (which is complicated) we must generate many certificates, but why ?
  3. We have WORM standard and we don’t need other standard — INFOCARD.
  4. libSodium + JSON +HTTP + BLOCKCHAIN + WORM makes everything simple

--

--

--

Ideologist & Main Developer at PrivateNess

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Gutenberg Full Width Editor with Blocks Border Plugin

Introducing Pay-As-You-Go Professional Photogrammetry for 2¢ per MP

Automating Cheminformatics with Apache Airflow — Step 1: Preparing SMILES Transformations on Large…

System for student’s knowledge

Authentication in Rails

How difficult is the shift to the cloud? It depends on who’s in your corner.

FAQ: Starlay Finance

Improving Storage QoS for HPC centers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aleksej Sokolov

Aleksej Sokolov

Ideologist & Main Developer at PrivateNess

More from Medium

Minter’s Month in Review—December 2021

Opan’s ESP32 Project, Archive 4: External Sensor

Node Express MultiThread Cluster

StakeCube Features