2nd of March 2018

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

— Richard Clarke

In December and January, we worked with our first clients: Blockhive’s ILP, another closed project with ILP (Initial Loan Procurement) and our own beta Agrello system. In both cases we deal with the digital signature, that’s why we spent considerable amount of time on digital identity and signature security.

The legally binding loan agreement involves the issuance of Future Loan Access Tokens (“FLAT”), which give Creditors who provided lending to the company the ability to trade their rights with others. The customer should pass KYC procedure and sign a contract to get FLAT tokens. Contract signing procedure contains next steps:

1. RSA key pair is created.

2. Digitally sign the contract by private key from the first step.

3. Send hash of encrypted contract from the previous step to the blockchain.

To verify signature we should be able to decrypt hash from the second step by public key from the first step.

What’s more?

1. Multiple Agrello IDs.

2. Multiple devices.

3. Signature containers (able to sign more than one document).

Steps of Agrello ID:

1. Attaching the device to a user account:

To prevent device cloning and message intercepting Agrello generates keypairs on both server and mobile applications.

2. Authorization and signing keys generation:

Now Agrello supports RSA 2048-bit and ECDSA 256-bit length keys.

Agrello mobile app generates authorization and signing keypair shares (the private keys are split between customer and server).

Authorization and one customer signing key share will be stored on the device. It is protected with the PIN codes, chosen by the user.

Agrello mobile app sends server key share to the server.

The server stores signing key share in protected HSM.

Agrello mobile app removes server share from the device.

3. Signing:

The customer initiates the signature process with Relaying Party.

The server computes the MFG padded hash of the message (contract) and sends the signature request to the Agrello mobile app.

Agrello mobile computes customer share of the signature and sends it to server.

The server computes server signature share.

The server computes and verifies composite signature share.

The server returns signature to Relaying Party.

To learn more about Agrello’s other partnerships and projects, existing and upcoming, stay tuned here, subscribe to our newsletter, and join us on Twitter, Telegram or Linkedin.

Agrello Team

To be continued….