Skip to content

ivRodriguezCA/otp-backup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
app
app
 
 
bin
bin
 
 
config
config
 
 
db
db
 
 
lib/tasks
lib/tasks
 
 
log
log
 
 
public
public
 
 
storage
storage
 
 
test
test
 
 
tmp
tmp
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
.ruby-version
.ruby-version
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
config.ru
config.ru
 
 

Repository files navigation

Backup your OTPs

This is a Rails GraphQL API to backup OTPs. After registering, a user can create OTPs by providing a password (for example a 6 digit PIN) the server will encrypt the OTPs' secret. The underlying cryptography primitives are based on libsodium's sealed boxes.

How it works

  • The user registers and gets back a Bearer token.
  • The user registers a device (a client) and provides a password (for example a 6 digit PIN).
    • The server generates a master_key to encrypt the user's OTPs' secrets.
    • The server derives a 32byte key from the user's password using scrypt.
    • The server encrypts the master_key with the derived_key
  • The user adds an OTP and provides the same password used when registering the device.
    • The server derives a 32byte key from the user's password using scrypt.
    • The server decrypts the device's master_key with the derived_key.
    • The server encrypts the OTP secret with the master_key.

Cryptography

Examples of queries and mutations and responses

Register a User

Request

curl -H "Content-Type: application/json" \
-d '{"query": "mutation { registerUser(email: \"some.user@gmail.com\", password: \"s3cr37!p4ssw0r\") { email } }"}' \
-X POST http://localhost:3000/graphql

Response

{"data":{"registerUser":{"email":"[email protected]"}}}

Sign in

Request

curl -H "Content-Type: application/json" \
-d '{"query": "mutation { signInUser(email: \"some.user@gmail.com\", password: \"s3cr37!p4ssw0r\") { token user { email } } }"}' \
-X POST http://localhost:3000/graphql

Response

{"data":{"signInUser":{"token":"efd1omhwCtkVv7CUumW/LrcU--9H6EQkJ6mwmPqvqX--jyD13UTP0hKvZ6ZCvBun9A==","user":{"email":"[email protected]"}}}}

Add a new Device

Request

curl -H "Content-Type: application/json" \
-H "Authorization: Bearer efd1omhwCtkVv7CUumW/LrcU--9H6EQkJ6mwmPqvqX--jyD13UTP0hKvZ6ZCvBun9A==" \
-d '{"query": "mutation { addDevice(name: \"iPhone XS Max\", password: \"123456\") { id name } }"}' \
-X POST http://localhost:3000/graphql

Response

{"data":{"addDevice":{"id":"1","name":"iPhone XS Max"}}}

Add a new OTP

Request

curl -H "Content-Type: application/json" \
-H "Authorization: Bearer efd1omhwCtkVv7CUumW/LrcU--9H6EQkJ6mwmPqvqX--jyD13UTP0hKvZ6ZCvBun9A==" \
-d '{"query": "mutation { addOtp(account: \"Okta\", secret: \"LhBcxADNq0NrcPlxwP5skw\", device_id: 1, password: \"123456\") { id account } }"}' \
-X POST http://localhost:3000/graphql

Response

{"data":{"addOtp":{"id":"1","account":"Okta"}}}

Get the list of Devices for the current user

Request

curl -H "Content-Type: application/json" \
-H "Authorization: Bearer efd1omhwCtkVv7CUumW/LrcU--9H6EQkJ6mwmPqvqX--jyD13UTP0hKvZ6ZCvBun9A==" \
-d '{"query": "{ devices { id name } }"}' \
-X POST http://localhost:3000/graphql

Response

{"data":{"devices":[{"id":"1","name":"iPhone XS Max"}]}}

Get the list of OTPs from a specific device

Request

curl -H "Content-Type: application/json" \
-H "Authorization: Bearer efd1omhwCtkVv7CUumW/LrcU--9H6EQkJ6mwmPqvqX--jyD13UTP0hKvZ6ZCvBun9A==" \
-d '{"query": "{ otps(device_id: 1, password: \"123456\") { id account secret } }"}' \
-X POST http://localhost:3000/graphql

Response

{"data":{"otps":[{"id":"1","account":"Gmail","secret":"LhBcxADNq0NrcPlxwP5skw"}]}}

License

The MIT License

Further resources on the MIT License Copyright 2018 Ivan Rodriguez

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

This is a Rails GraphQL API to backup OTPs.

Topics

rails api graphql otp

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages