Answer the question
In order to leave comments, you need to log in
A
A
Alexander2014-07-10 11:02:20
Alexander, 2014-07-10 11:02:20
How is EDS-based authentication implemented - checking the user's EDS using the PublicKey client?
Article Authentication based on EDS
I decided to try to do it, but I can’t understand the algorithm of work on the server when checking incoming data from the client
Login, $user_xkey and $user_ykey (= PublicKey) saved in the database)
Login, $user_sign and $rnd comes from the client
In the article it says "The server checks the correctness of the digital signature ($user_sign) using the client's PublicKey stored in the database."
Could you tell me the implementation on the server side?
1 answer(s)
@art090390
A
art090390, 2014-07-10 @art090390
the client receives Sign(SHA256(RNDserver+RNDclient)), Login, RNDclient (RNDserver generated the server and sent it to the client in the previous step) the
server calculates SHA256(RNDserver+RNDclient) and thus has:
1. SHA256(RNDserver+RNDclient) data
2. signature Sign(SHA256(RNDserver+RNDclient))
now using the public key of the client, which the server finds in the database by Login, the server checks the signature,
the implementation of the signature verification function depends on the signature algorithm you have chosen, I don’t know which algorithms are implemented in the php libraries
and even
if you have $user_xkey implied by the user's private key, then you do not need to store it in the database on the server)
Similar questions
I
A
V
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question