I've been working on implementing the previously proposed proof of BOINC UserID ownership via public key cryptography and have submitted a Pull Request on the BOINC repo which requires further peer review.
The purpose of this project is to prove within any external system that you are the owner of an UserID for an individual BOINC project, without storing external system data within the BOINC project's servers.
A massive shout out to Thomas Brod for peer reviewing my pull request and helping improve the quality of the code!
Just a really simple form, the user inputs data as instructed by the external system (a public key, an identifier, etc) and clicks 'generate;. The user input data is forwarded to the openssl_sign_action.php script. This page is linked to from the user's private profile page.
The user needs:
- A minimum RAC of 100 (configurable by the project admin).
- To be logged in.
- Optional: A verified email.
- Optional: To solve a captcha.
The openssl_sign_action script receives the user input data, produces a signature of a message containing "User_ID" and "User_Input_Data" then outputs the data as an xml file via an auto-download prompt within the browser.
<boinc_user_id_verification> <master_url>http://127.0.0.1/boincserver/</master_url> <userid>1</userid> <user_data>Steemit_Test_User_Input</user_data> <msg>1 Steemit_Test_User_Input</msg> <signature>mjSaxH6VYozryf+VsJgPGL54qKr3xiioEuqCJoWV1puDYywQq9FRmhHPpMRGEHXnYCHwe0jG6TuHOth6oRd6R4Gumi3UTa9TWbx94+IK2BCT8I1NIiqIAu7p4khxJhyT3aPkiC6mv3SJJffSO/BffKn4y8YF4K8f6pEpU5JnjQ0ZFZS9oB8gjzYqlJC3InBF5oSUo+1qTjutAIBj/azIaOoViwiGAMtiB7OeCjv3UWVsAK5D+wmyIeyB/pSsAhreDhAa2rZvZ4/whlVkcQJq16hnnDsTQqtPvZ5fDpDzUVl7B8EMcYsJTBe7KxeTxUlKQdKUJaechNRtrLbiWP/uPw==</signature> </boinc_user_id_verification>
Any questions or suggestions?