An authentication method using Libra's Public Key and Secret Key. Use a signature by EdDSA. In the figure below, User “ALICE” pays the ticket fee to Ticket Center “BOB” with Libra and is authenticated with the signature ticket.
It is authentication based on the Libra client keys. And the processing speed is fast.
Why is it fast?the communication between Bob and Alice doesn't put a load on the Libra blockchain. For example, when if tens of thousands of people enter the stadium, libra-auth authentication can be handled only by the client-side and server-side without "transaction" of accessing the Libra network.
Make this. Client and server authentication work sample for ticket application using the libra-auth method.
First, open the ALICE page on your PC or smartphone and display the QR ticket. Next, use another smartphone to authenticate by scanning the ALICE QR code from the BOB page.
- ALICE: Buy ticket:
http://libra-auth.com/buy-ticket.html - BOB: Authenticate ticket:
https://libra-auth.com/auth-ticket.html
- test-1 QR ticket's address was broken.
https://libra-auth.com/test/buy-ticket-fake-1.html 7th in the figure below, Alice's address length was different received the server. - test-2 QR ticket with changed to Fake address was used.
https://libra-auth.com/test/buy-ticket-fake-2.html 7th in the figure below, Alice's address is another client one.
The Libra Auth method can be used not only for ticket sales authentication as in this demo but also for normal authentication tasks. Especially suitable for authentication tasks involving payments. It provides trust by the Libra blockchain ledger. However, each authentication work is fast because it is separated from the Libra Network.
If you already have a Libra account, i.e. a private key or mnemonic, you can immediately authenticate with someone else's account without payment.
By the way, mnemonics are important. I did n’t make import mnemonic this time, But with that, if Alice loses the QR ticket, She can reissue a secure QR ticket from the same address from 1 to 7. BOB can invalidate old tickets by overwriting Alice's address DB.
In another case, Alice can pass resale information to Bob. If Bob allows it, Bob and Eve will be able to issue a new QR Tiket by executing 1-7 from the transaction that Eve sent the Libra to Alice. Bob can also receive a resale fee. If you are strictly concerned about QR Ticket theft or unauthorized resale, there is a way to prove Alice at the entrance with the private key.
- ALICE: Tap or Click [ Buy ] Button. And get address each other.
And Alice send "address" and "msg" to Bob by WebSocket. e.g.msg = CryptoJS.SHA3(msg+Math.random()).toString(); wss.send(addr, msg)
- ALICE: Transffer Some Libra to BOB
- ALICE: get BOB's PublicKey from testnet transaction.
- BOB: get ALICE's PublicKey from testnet transaction and Check payment if necessary.
- BOB: Make the "sigB" by the "msg" and Bob's Private Key.
And upsert sigB, Alice address, Alice PublicKey to DB
And send "sigB" to Alice by WebSocket.
e.g.sigB = BobPriKey.sign(msg).toHex(); upsert sigB and address to DB wss.send(sigB)
- ALICE: Verify by Bob's Public Key the "sigB" and the "msg" those were received.
Well, Bob's Public Key was getting from testnet. "sigB" was send from Bob. "msg" was made by Alice.
e.g.{bool} BobPubKey.verify(msg, sigB)
- ALICE: if 6th is true then Make the "sigA" by the Alice's Private Key and the "sigB".
And Show QR code that is made by "sigA" and Alis's Address
e.g.if(res6){ sigA = AlicePriKey.sign(sigB) mkQR([sigB, Address]) } else { //goto 1 }
- BOB: Bob is received "sigA" and Alis's Address.
And find sigB from DB by Address,
And Verify the "sigB" and "sigA" by Alice's Public Key.
Well, Alice's Public Key was getting from testnet. "sigA" was scanned from Alice's smartphone. "sigB" was made by Bob.
e.g.find sigB from DB by Address {bool} AlicePubKey.verify(sigB, sigA)
- BOB: if 8th is true then login is OK.
e.g.if(res8){ // OK. Alice login is OK. } else { // Error }
- ALICE: if the sixth verify is true, That means
- Bob's Public Key and signeture "sigB" and msg were valid.
- Bob has the Private Key used in this Libra transaction.
- Therefore, 5's Bob is the person Alice paid Libra in 2's transaction.
- BOB: if the 8th verify is true,That means
- Alice's Public Key and signeture "sigA" and signeture "sigB" were valid.
- Alice has the Private Key used in 2's Libra transaction.
- And this msg was recieved from Bob to Alice at 6. So 7's Allice is the same as 6.
- Therefore, 7's Alice is the person who paid Libra to Bob in 2 transactions.
- As a result, at 9, Alice is authenticated by Bob. Entry tickets or tokens with “sigA” are valid.
'use strict';
const EdDSA = require('elliptic').eddsa; const ec = new EdDSA('ed25519'); const { SHA3 } = require('sha3');
test()
function test(){
//============================================== // Prepare Keys // Corresponds to 3 and 4 after 1 and 2 // Communication with testnet is omitted this sourse // //---------------------------------------------- // ALICE // Alice's Private Key const AlicePriKeyHex='fa127e73935678a647daf3d3af2a934dc0e9c9c39dc4ac2e69c9c3648447ff53'; // Create key pair from secret const AlicePriKey = ec.keyFromSecret(AlicePriKeyHex, 'hex');// hex string, array or Buffer // Import public key const AlicePubKeyHex = '78cd96278f49a78664faf50e9b238f3f5642360d80b3b0ce82782a4a8af3a8e9'; const AlicePubKey = ec.keyFromPublic(AlicePubKeyHex, 'hex'); //---------------------------------------------- // BOB const BobPriKeyHex='16253458330e54b08e3d492d200776d8af2d0367bbca4ca59df88985175a6069'; // Create key pair from secret const BobPriKey = ec.keyFromSecret(BobPriKeyHex, 'hex');// hex string, array or Buffer // Import public key const BobPubKeyHex = '6e6579f1f368f9a4ac6d20a11a7741ed44d1409a923fa9b213e0160d90aa0ecc'; const BobPubKey = ec.keyFromPublic(BobPubKeyHex, 'hex'); // Start testing from the 5th //============================================== // 5. BOB: Make the "sigB" by the msg hash and Bob's Private Key. // // msg = sha3Hash('hello') // mk massage hash // sigB = BobPriKey.sign(msg) // Sign with BOB's private key. // // on this test, without this wss send. // // wss.send(sigB, msg) //---------------------------------------------- // Massage const msg = (new SHA3(512)).update('msg hello').digest('hex'); //---------------------------------------------- // Sign const sigB = BobPriKey.sign(msg).toHex(); //---------------------------------------------- // Send "sigB" and msg to Alice by WebSocket // Omitted //============================================== // 6. ALICE: Verify by Bob's Public Key the signB and the msg that were received. // const res6 = BobPubKey.verify(msg, sigB); //============================================== // 7. ALICE: if 6th is true then Make the "sigA" by the Alice's Private Key and the "sigB". // //---------------------------------------------- // test for res6 if(res6===true){ console.info('8. ALICE: OK. verify(msg, sigB) is true.'); } else { console.error('8. ALICE: Error. verify(msg, sigB) is false.'); } //---------------------------------------------- // if res6 is true then Make the "sigA" let sigA; if(res6){ sigA = AlicePriKey.sign(sigB) //mkQR([sigB, Address]) } else { //goto 1 } //============================================== // 8. BOB: Verify the "sigB" and "sigA" by Alice's Public Key. const res8 = AlicePubKey.verify(sigB, sigA); //============================================== // 9. BOB: if 8th is true then Alice login is OK. //---------------------------------------------- // test for res8 if(res8===true){ console.info('9. BOB: OK. verify(sigB, sigA) is true.'); } else { console.error('9.BOB: Error. verify(sigB, sigA) is false.'); }
}
/* response */ 7. ALICE: OK. verify(msg, sigB) is true. 9. BOB: OK. verify(sigB, sigA) is true.
- perfectmak/libra-core https://github.com/perfectmak/libra-core
- bandprotocol/libra-web https://github.com/bandprotocol/libra-web
- kulapio/libra-core(kulap-libra) https://github.com/kulapio/libra-core
- LibraVista https://www.libravista.com/
- browserify/browserify https://github.com/browserify/browserify
- indutny/elliptic https://github.com/indutny/elliptic
- phusion/node-sha3 https://github.com/phusion/node-sha3
- brix/crypto-js https://github.com/brix/crypto-js
- mongoDB https://www.mongodb.com
- Automattic/mongoose https://github.com/Automattic/mongoose
- websockets/ws https://github.com/websockets/ws
- expressjs/express https://github.com/expressjs/express
- nginx/nginx https://github.com/nginx/nginx
- davidshimjs/qrcodejs https://github.com/davidshimjs/qrcodejs
- cozmo/jsQR https://github.com/cozmo/jsQR
- scan QR Icon made by Freepik from www.flaticon.com
- key Icon https://icon-rainbow.com/
- my favorite drawing tool https://www.draw.io/
- jquery https://jquery.com/
- nvm-sh/nvm https://github.com/nvm-sh/nvm
- npm https://github.com/npm
- nodejs/node https://github.com/nodejs/node
- Let’s Encrypt https://letsencrypt.org/
- Oracle VM VirtualBox https://www.virtualbox.org/
- Ubuntu 18.04.3 LTS https://ubuntu.com/download/server
- reien.top https://reien.top/