vendredi 6 février 2015

Implement GPG Verification (Bitcoin-OTC)



I'm looking to implement a "Verify with Bitcoin-OTC" feature for my web app. The general idea is the user would prove he owns a particular account on the external site Bitcoin-OTC and my app would accept/deny him based on his rating there.


Here's how I'm thinking of implementing this:



  1. User provides Bitcoin-OTC username.

  2. My app looks up his GPG fingerprint using this bitcoin-otc gem.

  3. My app presents the user with his encrypted one-time password and asks him to decrypt it.

  4. User provides decrypted password.

  5. My app verifies it with the gpg everify command on Freenode and accepts/denies the user.


The part I'm struggling with is step #5. I'm doing it this way because I'm not sure Bitcoin-OTC exposes an API. I'm not sure how to programmatically communicate with the bot on their IRC channel.


Steps 1-5 are basically how a user would verify himself on the Bitcoin-OTC IRC channel except my app is acting as a middleman.


My questions are:



  • How can I achieve step #5?

  • Does adding my app into this flow introduce any security risks?





Aucun commentaire:

Enregistrer un commentaire