Skip to content

New TEP-0012: One-Sided Passkey Authentication #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 24, 2022
Merged

New TEP-0012: One-Sided Passkey Authentication #9

merged 8 commits into from
Nov 24, 2022

Conversation

da2ce7
Copy link
Contributor

@da2ce7 da2ce7 commented Aug 29, 2022
edited
Loading

This document proposes the use of asymmetric cryptography for user accounts and their authentication.

View Here: https://github.com/da2ce7/torrust-teps/blob/tep-asymmetric_key_client_authentication/TEP-0012.md

Resolves #8

@da2ce7
Copy link
Contributor Author

da2ce7 commented Aug 29, 2022

I assign the TEP Number: 12.

@da2ce7 da2ce7 changed the title New TEP: Asymmetric Key Client Authentication New TEP 00012: Asymmetric Key Client Authentication Aug 29, 2022
@da2ce7 da2ce7 marked this pull request as draft August 29, 2022 15:31
@da2ce7 da2ce7 marked this pull request as ready for review August 29, 2022 15:35
@da2ce7 da2ce7 requested review from MCM-Mike and a team August 29, 2022 16:13
@da2ce7 da2ce7 changed the title New TEP 00012: Asymmetric Key Client Authentication New TEP-0012: Asymmetric Key Client Authentication Aug 29, 2022
@da2ce7 da2ce7 changed the title New TEP-0012: Asymmetric Key Client Authentication New TEP-0012: Asymmetric Key Client Authentication Aug 29, 2022
@josecelano
Copy link
Member

hi @da2ce7

If I'm not wrong the two key points in your proposal are:

  1. Using bitcoin-like key pairs to authenticate a user in a webapp.
  2. User authentication would be like API authentication with a token where you can create different tokens with different permissions.

Questions

  • Shouldn't the user provide the original "seed" or the "private key" at the end instead of the password? In terms of UX, I think it's more or less the same, although it allows the user to define different access levels. In terms of security, it's safer, and I suppose passwordless authentication is becoming a standard. Although I do not know if this method is considered passwordless.
  • Could you provide some links where I can learn more about how to use asymmetric key encryption for authentication? I've added one below.
  • Are the generated keys valid bitcoin addresses? If so, do you think that could be useful for other features in the future?
  • Is there already a similar implementation?

Links

@da2ce7
Copy link
Contributor Author

da2ce7 commented Aug 29, 2022

Hey @josecelano

Thanks for the questions:

  1. Using bitcoin-like key pairs to authenticate a user in a webapp.

Yes, I have specified the same elliptical-curve as is used in bitcoin: secp256k1.

--

  1. User authentication would be like API authentication with a token where you can create different tokens with different permissions.

The client sends the server URI it observes to the server, and includes this value in the "Client Authentication Token" that it generates.

  • The server compares the URI to be something that it expects (i.e. not "servername.scam.com").
    If good:
  • The server also generates the "Client Authentication Token" and compares it to the one the client provides.
    If the same. Authentication is successful.

I suppose after the successful authentication, the server can decide to issue a normal token as per usual.

--

Questions

  • Shouldn't the user provide the original "seed" or the "private key" at the end instead of the password? In terms of UX, I think it's more or less the same, although it allows the user to define different access levels. In terms of security, it's safer, and I suppose passwordless authentication is becoming a standard. Although I do not know if this method is considered passwordless.

The client doesn't store or need the seed by default. The seed is the account "recovery phrase". This is by design:

  1. Gives another chance for the user to recover their credentials.
  2. It gives some forward security:
  • The user may wish to rotate their keys when they move to a new computer.
  • If the seed was stored by the client, then there is no possibility of reusing the new seed on a new computer.
  • However, the client just stores a Public-Secret Key-Pair (in the form similar to the username-password), so when the user moves to a new computer, it can re-enter the seed and generate a new key-pair, and then the seed gets deleted again, (for when the user needs to rotate keys again).

--

  • Could you provide some links where I can learn more about how to use asymmetric key encryption for authentication? I've added one below.

This protocol uses ECDH, in a very simple format:

  1. Derive a common ephemeral (temporary) key.
  2. Derive a common authentication key.
  3. Client send URI to server, server checks URI.
  4. Derive a common client token.
  5. Client sends token to server, server checks token.
  6. Server looks up client public key in database, and finishes authentication.

I would love for somebody who is better at crypto than me to review the protocol and confirm that it is indeed secure.

--

  • Are the generated keys valid bitcoin addresses? If so, do you think that could be useful for other features in the future?

You could turn a key-pair into bitcoin addresses, however we don't use them as bitcoin-addresses.
Having some sort of asymmetric key infrastructure could be leverages for many other aspects in the future: such as the previously proposed signed-invitations.

--

  • Is there already a similar implementation?

I'm sure there is, however the common ones are far-more complex than what we use here, (such as getting a CA involved with the authentication). We just use implicit proof of key ownership when deriving a common key.

--

Links

This article uses bitauth, a different algorithm for authentication: the server receives cryptographic signed requests sent by the client.

The protocol proposed here uses a mutual derivation of a client authentication token, that is used once.

@da2ce7
Copy link
Contributor Author

da2ce7 commented Aug 30, 2022

@josecelano based upon your questions I have updated the TEP to clarify: 018f551

mickvandijke
mickvandijke reviewed Aug 30, 2022
View reviewed changes
@mickvandijke
Copy link
Member

mickvandijke commented Aug 30, 2022
edited
Loading

Maybe instead of generating a private key for the client, we could instead add a public key field to the signup form. So that clients can use their own existing public key. We could even make this field a list so that a client can submit multiple public keys.

A client would then be able to signup using a normal password and/or a public key. I do not like the idea of only allowing authentication with public keys, as it might be too confusing to set up for some users. Keeping the option for a traditional password would be a nice fallback for these users.

@josecelano
Copy link
Member

@josecelano based upon your questions I have updated the TEP to clarify: 018f551

Thank you for the clarification @da2ce7 . I have some more concrete questions above.

I think I got the "purpose" wrong. I thought it was a way to authenticate with different access permissions. But I suppose other purposes could be more like what you said: the admin can permit some public keys to generate invitations.

I have also found this proposal https://github.com/bitid/bitid/blob/master/BIP_draft.md.

@da2ce7
Copy link
Contributor Author

da2ce7 commented Aug 30, 2022

Hello @WarmBeer

Maybe instead of generating a private key for the client, we could instead add a public key field to the signup form. So that clients can use their own existing public key. We could even make this field a list so that a client can submit multiple public keys.

I don't like the idea of users generating their own public keys interdependently of our client. At least initially:

  1. I expect almost all users are familiar with backup-seeds, and be happy to write one down. They are now used for many services.
  2. Having users export a derived private key from one application and import it into another application is something that we really should avoid.
  3. In the future we could add the option to authenticate with a hardware device (such as a trezor), in this way a user could use the same backup codes with many different services at the same time.

A client would then be able to signup using a normal password and/or a public key. I do not like the idea of only allowing authentication with public keys, as it might be too confusing to set up for some users. Keeping the option for a traditional password would be a nice fallback for these users.

For many users passwords could be easier, I think that providing this fallback is heading in the wrong direction:

  1. It stores user secret data on the sever.
  2. If public keys associated with an account is a core feature, it give us the freedom to implement other features that require user-public-keys.

@da2ce7
Copy link
Contributor Author

da2ce7 commented Aug 30, 2022

@WarmBeer https://github.com/rust-bitcoin/rust-secp256k1 supports compiling to wasm :)

@da2ce7
Copy link
Contributor Author

da2ce7 commented Sep 1, 2022

@josecelano

The standard: Web Authentication: An API for accessing Public Key Credentials, is probability the closest standard in intention to what this one provides.

https://www.w3.org/TR/webauthn/

@da2ce7 da2ce7 mentioned this pull request Sep 14, 2022
Closed
2 tasks
cilli0n
cilli0n approved these changes Oct 5, 2022
View reviewed changes
Copy link
Contributor

@cilli0n cilli0n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems like a lovely way of authentication. Kind regards

@da2ce7
Copy link
Contributor Author

da2ce7 commented Oct 5, 2022

I think that this document is ready for review. :)

@da2ce7 da2ce7 changed the title New TEP-0012: Asymmetric Key Client Authentication New TEP-0012: One-Sided Passkey Authentication Oct 5, 2022
@da2ce7 da2ce7 mentioned this pull request Nov 24, 2022
Closed
@da2ce7 da2ce7 force-pushed the tep-asymmetric_key_client_authentication branch from 1b7eec4 to d291e33 Compare November 24, 2022 18:05
da2ce7 and others added 3 commits November 24, 2022 19:26
@da2ce7 @cilli0n
[fix] Corrections from review.
63c8f1b 
* Spelling Mistakes and Mislabelling.
* Merge Step 9 into step 12 in authentication scheme.

Co-authored-by: cilli0n <jakob.f.kaiser@gmail.com>
@da2ce7
[fix] update TEP-12 name in Readme
0c98161
@da2ce7
fixup: correct markdown lint
90fb11d
@da2ce7 da2ce7 force-pushed the tep-asymmetric_key_client_authentication branch from d291e33 to 90fb11d Compare November 24, 2022 18:29
@da2ce7
Copy link
Contributor Author

da2ce7 commented Nov 24, 2022

ACK 90fb11d

@da2ce7 da2ce7 merged commit 8d5729e into torrust:main Nov 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MCM-Mike MCM-Mike Awaiting requested review from MCM-Mike

@mickvandijke mickvandijke Awaiting requested review from mickvandijke

@josecelano josecelano Awaiting requested review from josecelano

1 more reviewer

@cilli0n cilli0n cilli0n approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TEP: Asymmetric Key Client Authentication
4 participants
@da2ce7 @josecelano @mickvandijke @cilli0n