Problem: I forgot to push some files
Problem: There is no way to register PK <-> user Solution: - Implement a challenge-response registration phase to verify PK existance - Implement a registration phase given valid response - Implement a client that demonstrates registration capability Also included in this commit: - Persist the data on the filesystem (prototyping ftw!) - Encode sigs as Base64 as is done with other binary types - Add tests for said encodings, etc
Problem: README.md is outdated Solution: - Mention that we have a kdf now in README - Catch up a little bit with what we have done so far
Problem: can't send detached signatures around Solution: - Add instances for JSON serialisation for Signature type - Reuse DoAuth.Json as much as possible, but write a hacky FromJSON instance. (TODO Generalise DoAuth.Json) Next up: - Write tripping tests for this serialisation - Use this serialisation to encode Post request body in phase 2 of registration
Problem: Need B64 to send signed challenge back Solution: - Abstract away b64encode/decode for To/FromJSON instances (DoAuth.Json) - Specify the API a little bit more for DoAuth.Server - Add test to figure out what should be the logic of signing a challenge Up next: - Implement To/FromJSON instance for Signature
Problem: No HTTP server Solution: - Implement a dummy HTTP server - Reexport its `main` function from our (currently only) `app` We probably should rename our currently only app to `doauth-server`, because we'll implement a Haskell client for functional testing purposes.
Problem: real crypto is required for safe system Solution: After patching haskell-crypto libraries to allow for - Seeded signing key derivation - Detached signatures support We were finally able to - Eliminate encryption terms from PKC (because in libsodium algorithms for signing and encryption are different and picked like this for a reason) - Remove IO from everything that's really pure (or should be pure if libsodium is correct) - Pick params for pwhash that are reasonable currently
Problem: No way to generate keypairs in pkc Solution: - Use newly implemented function `seededKeypair` from `NaCl` - Use jonn's srht fork for that - Update type signatures accordingly - Update dummyPkc - Update Crypto.Client's mkKeypair / rmkKeypair
Problem: Challenges are needed to issue claims Solution: - Add DoAuth.Crypto.Server module - Implement 8-byte challenge generation with generate from Crypto.Nonce Also included in this commit: - Use git version of haskell-crypto instead of hackage (to get access to Crypto.Nonce module) - Add some more ideas to README.md, scoping the project better
Problem: no crypto for DID-esque implementation Solution: before introducing real cryptography implementation based on libsodium, add dummy cryptography interface. It's important for testing purposes, interfaced definition and to be able to later on swap one cryptographic library for another one.
Problem: auth in 2020 is broken DID looks OK Solution: - Start a prototype Haskell implementation inspired by the ideas of DID standard working draft - Aim for the prototype to be consisting of - KDF keypair generation solution - DID document storage in a central identity tracking server - Web interface demonstrating sign on - SSO demo that shows how a user can use do-auth to authenticate with two services, then each service reasons whether they want to allow the identity holder in or not These are the overall goals for the project, don't treat the words I used in this commit message as something with precise semantics, I'm still exploring DID standards and figuring out proper architecture.