Skip to content

Commit

Permalink
Merge pull request ONDC-Official#32 from ShubhneetChawla1805/patch-1
Browse files Browse the repository at this point in the history 
Patch 1
  • Loading branch information
@92shreyansh
92shreyansh authored Jun 19, 2023
2 parents 83d33dd + f10f9e2 commit ebd0893
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 4 deletions.
8 changes: 4 additions & 4 deletions utilities/signing_and_verification/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ pip3 install -r requirements.txt
2. Export request body json path:
this file should be a valid json file
```
export REQUEST_BODY_PATH=<request-body-text-path>
export REQUEST_BODY_PATH=<request_body_raw_text.txt-path>
```
eg for json file provided, export REQUEST_BODY_PATH=request_body.json
eg if you rename the file ie request_body_raw_text.txt -> request_body.json , export REQUEST_BODY_PATH=request_body.json

3. Generate key-pairs
```
Expand All @@ -39,7 +39,7 @@ export CRYPTO_PUBLIC_KEY=<Crypto_Publickey>
```
python cryptic_utils.py create_authorisation_header
```
output will be like
output will be 'auth_header' like
```shell
Signature keyId="buyer-app.ondc.org|207|ed25519",algorithm="ed25519",created="1641287875",expires="1641291475",headers="(created) (expires) digest",signature="fKQWvXhln4UdyZdL87ViXQObdBme0dHnsclD2LvvnHoNxIgcvAwUZOmwAnH5QKi9Upg5tRaxpoGhCFGHD+d+Bw=="
```
Expand Down Expand Up @@ -75,4 +75,4 @@ eg usage
python cryptic_utils.py decrypt "MC4CAQAwBQYDK2VuBCIEIOgl3rf3arbk1PvIe0C9TZp7ImR71NSQdvuSu+zzY6xo" "MCowBQYDK2VuAyEAi801MjVpgFOXHjliyT6Nb14HkS5dj1p41qbeyU6/SC8=" "CrwN248HS4CIYsUvxtrK0pWCBaoyZh4LnWtGqeH7Mpc="
```

Output will be a Plain Text decoded string "ONDC is a Great Initiative!"
Output will be a Plain Text decoded string "ONDC is a Great Initiative!"
28 changes: 28 additions & 0 deletions utilities/signing_and_verification/auth_header_signing_and_verification.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
**Pre-requisites**

* Key pairs, for signing & encryption, can be generated using using [libsodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages).

**Creating Key Pairs**

* Create key pairs, for signing (ed25519) & encryption (X25519);
* Update base64 encoded public keys in registry;

* Utility to generate signing key pairs and test signing & verification is [here](https://github.com/ONDC-Official/reference-implementations/tree/main/utilities/signing_and_verification)

**Auth Header Signing**

* Generate UTF-8 byte array from json payload;
* Generate Blake2b hash from UTF-8 byte array;

* Create base64 encoding of Blake2b hash. This becomes the digest for signing;
* Sign the request, using your private signing key, and add the signature to the request authorization header, following steps documented [here](https://docs.google.com/document/d/1Iw_x-6mtfoMh0KJwL4sqQYM0kD17MLxiMCUOZDBerBo/edit#heading=h.zs1tt1ewtdt)

**Auth Header Verification**

* Extract the digest from the encoded signature in the request;
* Get the signing_public_key from registry using lookup (by using the ukId in the authorization header);

* Create (UTF-8) byte array from the raw payload and generate Blake2b hash;
* Compare generated Blake2b hash with the decoded digest from the signature in the request;

* In case of failure to verify, HTTP error 401 should be thrown;

0 comments on commit ebd0893

Please sign in to comment.