Kioubit Authentication Services

Used by the Kioubit autopeering System: https://dn42.g-load.eu/auth/

The Kioubit Verify Services allow you to verify that a user is the holder of an ASN based on the authentication methods the user has provided to the dn42 registry.

Before using this API you will need to contact Kioubit to have your domain enabled. Use the 'localhost' domain for testing purposes


1. Add the Kioubit Authentication Button to your Website

<form action="https://dn42.g-load.eu/auth/">
    <link rel="stylesheet" href="auth.css">
    <input type="hidden" name="return" value="https://example.org/">
    <button type="submit" class="kioubit-btn-dark"><img width="35px" height="35px" type="image/svg+xml" src="auth.svg"
        class="kioubit-btn-logo">Authenticate with Kioubit.dn42</button>
</form>

Replace "https://example.org/" with your website where the PHP Script in Step 2 is hosted

Download the styles from https://dn42.g-load.eu/auth/assets/auth-button.zip

2. Add the following example PHP Script to your website (or implement in your own favourite language)

<?php

// Get parameters and signature
$params = filter_var($_GET["params"], FILTER_SANITIZE_URL);
$signature = filter_var($_GET["signature"], FILTER_SANITIZE_URL);

// Signature Verification
$public_key_pem = file_get_contents('public_key.pem');
$r = openssl_verify($params, base64_decode($signature), $public_key_pem, OPENSSL_ALGO_SHA512);
if ($r != 1) {
    die("Could not verify signature");
}

// Decode parameters to json
$params = base64_decode($params);
$info = json_decode($params, true);

// Check that the request is for our own domain
if ("owndomain.com" != $info["domain"]) {
    die("The request is for a different domain");
}

// Check the time of the request
if (abs($info["time"] - time()) > 60) {
    die("The request has expired");
}

// Print json object
echo nl2br(print_r($info, true));

?>

This code provides you with the verified ASN, unixtime of signature Allowed IPv4,IPv6 prefixes and the maintainer name. Append any other functions you need to this code.

3. Download Kioubit's Public Key required for the PHP script

Download the public key from: https://dn42.g-load.eu/auth/assets/public_key.pem and place the key in the same directory as the PHP script.


$ openssl pkey -pubin -in public_key.pem  -text -noout
Public-Key: (521 bit)
pub:
    04:00:e0:30:8e:95:1e:20:f7:8b:9d:2a:fb:bd:fb:
    32:9b:c2:ac:55:fe:b8:e0:ee:0f:c8:8f:dd:53:9c:
    4a:94:84:80:62:dc:b0:63:06:8c:a4:71:21:67:58:
    1b:57:82:79:ab:8f:45:b1:06:de:2f:02:3e:d8:3b:
    98:c2:41:92:4c:55:e2:00:2c:27:12:16:49:f8:e3:
    b6:ec:a7:a3:5d:43:3c:53:31:0f:14:61:33:d7:fe:
    0e:c0:cf:11:03:39:5b:57:7d:20:68:fc:18:99:17:
    d2:d8:3e:69:b4:cf:09:3e:cb:b6:66:47:c2:9f:d3:
    68:44:b4:96:db:8c:df:c6:a0:3e:8c:ab:57
ASN1 OID: secp521r1
NIST CURVE: P-521