You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current user authentication is flawed. To authenticate, a user:
logs into Gaspar
gets a signature from the auth-server on their ID and the master chain ID
However:
there is no timeout, so anybody could take this signature and just forge any message they want to
the messages sent to the service-api are not signed in any way, so the leader can change them at will
Proposed fix for the authentication:
When a user authentifies, they create an ephemeral keypair and send the ephemeral public key to the authentication server
The authentication server checks with Gaspar that the user is who they pretend to be
The authentication server creates a certificate by signing the ephemeral public key, together with a timestamp
This certificate is only valid for a given timeframe (30 minutes? 1 hour?)
Whenever the user wants to call the service-api, they sign the whole message including all the data with their
ephemeral private key and add the certificate of the authentication server
The backend verifies the validity of the certificate by verifying the signature and the timestamp, then uses the public key in the certificate to verify the message from the user
The text was updated successfully, but these errors were encountered:
Added some security bugs found while adding the new functionalities.
They are here: #2507#2508#2509#2510
Also added some comments and fixed some typos.
The current user authentication is flawed. To authenticate, a user:
However:
Proposed fix for the authentication:
ephemeral private key and add the certificate of the authentication server
The text was updated successfully, but these errors were encountered: