Commit 2e0ee27d authored by Frauke's avatar Frauke

Decrypt private key and receive a nonce from the server for authentication

parent 54c0ae01
......@@ -38,15 +38,8 @@ For more information on this spike visit the [Indienet documentation](https://in
__0.1.0__
- Initial release
- Created a public key and an extractable private key
- Persisted the extractable unencryptedPrivateKey in IndexedDB
- Created an ephemeral symmetric key from a master password
- Encrypted the unencrypted PrivateKey
- Imported the private key as unextractable.
- Saved unextractable private key to IndexedDB.
- Transfer publicKey and encryptedPrivateKey to the server
- Made encryptedPublicKey accessible from a route on the server
- Made encryptedPrivateKey accessible from a route on the server
- Get encrypted privatekey and decrypt the key.
- Receive a nonce from the server for authentication
## License
......
......@@ -5,11 +5,11 @@ var rename = require('gulp-rename')
gulp.task('js:bundle', () => {
browserify({
entries: 'src/js/script.js',
entries: 'src/js/sign-in.js',
debug: true
})
.bundle()
.pipe(source('src/js/script.js'))
.pipe(source('src/js/sign-in.js'))
.pipe(rename({
dirname: ''
}))
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -15,6 +15,6 @@
<input type="submit" value="Create site">
</form>
<script src="js/vendor/OpenCrypto.js"></script>
<script src="js/script.js"></script>
<script src="js/sign-in.js"></script>
</body>
</html>
......@@ -2,7 +2,7 @@ const express = require('express')
const app = express()
const path = require('path')
const bodyParser = require('body-parser')
const crypto = require('crypto')
const fileUtils = require('./utils/fileUtils')
app.use(express.static(path.join(__dirname, '../public')))
......@@ -22,16 +22,14 @@ app.get('/register', (req, res) => {
})
app.post('/register', (req, res) => {
const salt = JSON.stringify({salt: req.body.salt})
const publicKey = JSON.stringify({publickKey: req.body.publicKey})
const privateKey = JSON.stringify({privateKey: req.body.privateKey})
const privateKeySalt = JSON.stringify({salt: req.body.salt, privateKey: req.body.privateKey})
const pathName = './server/files/'
const writeSalt = fileUtils.writeFile('salt.json', salt, pathName)
const writePublicKey = fileUtils.writeFile('publickey.json', publicKey, pathName)
const writePrivateKey = fileUtils.writeFile('privatekey.json', privateKey, pathName)
const writePrivateKeySalt = fileUtils.writeFile('privatekey.json', privateKeySalt, pathName)
Promise.all([writeSalt, writePublicKey, writePrivateKey]).then(() => {
Promise.all([writePublicKey, writePrivateKeySalt]).then(() => {
res.status(200).end()
}).catch((er) => {
console.log(er)
......@@ -59,4 +57,18 @@ app.get('/privatekey', (req, res) => {
})
})
app.get('/nonce', (req, res) => {
crypto.randomBytes(256, (err, buf) => {
if (err) {
res.status(500).send('Ooops, something went wrong')
console.log(err)
}
const nonce = {
nonce: buf.toString('hex')
}
res.status(200).send(JSON.stringify(nonce))
})
})
app.listen(8080)
......@@ -6,17 +6,6 @@ const indexedDB = require('./indexedDB')
const form = document.getElementById('register')
function loadedKeyPair () {
indexedDB.callOnStore('testkeystore', 'keyStore', (store) => {
const getData = store.get(1)
getData.onsuccess = (event) => {
const keys = getData.result.keys
}
})
}
loadedKeyPair()
form.addEventListener('submit', (e) => {
e.preventDefault()
var saltValue = ''
......
const crypt = new OpenCrypto()
const axios = require('axios')
const form = document.getElementById('sign-in')
form.addEventListener('submit', (e) => {
e.preventDefault()
const password = e.target.password.value
let encryptedPrivateKey = ''
axios.get('privatekey').then(function (response) {
const salt = response.data.salt
encryptedPrivateKey = response.data.privateKey
return crypt.keyFromPassphrase(password, salt, 300000)
}).then((password) => {
const privateKey = crypt.decryptPrivateKey(encryptedPrivateKey, password)
const nonce = axios.get('nonce')
return Promise.all([privateKey, nonce])
}).then((values) => {
const decryptedPrivateKey = values[0]
const nonce = values[1].data.nonce
console.log(decryptedPrivateKey)
console.log(nonce)
}).catch(function (error) {
console.log(error)
})
})
function loadedKeyPair () {
indexedDB.callOnStore('testkeystore', 'keyStore', (store) => {
const getData = store.get(1)
getData.onsuccess = (event) => {
const keys = getData.result.keys
}
})
}
//loadedKeyPair()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment