Parity SMS verification
The following process verifies a number:
confirm(sha(number),token)
+-------------------> +--------+
| |contract| puzzle(sha(token),sha(number))
| +-----------> +--------+ <-----------+
| | |
| | request(sha(number)) |
| | |
| | |
| +------+ POST /:number +------+
+-- |client| +-------------------------> |server| code=rand()
+------+ +------+ token=sha(code)
token=sha(code) ^ SMS with code |
+------------------------------------+
- client requests verification (
request(sha(number))
) - client calls verification server (
POST /:number
) - server generates
code
and computestoken
- server posts challenge (
puzzle(sha(token), sha(number))
) - server sends SMS to client (with
code
) - client computes
token
- client posts response (
confirm(token)
)
Now, anyone can easily check if a number is verified by calling certified(sha3(number))
on the contract.
git clone https://github.com/ethcore/sms-verification.git
cd sms-verification
npm install --production
Up to now, the account calling puzzle
has to be the owner of the contract.
- Set up an account and put its password in a file.
- Run parity with
--jsonrpc-apis eth,personal --unlock <account-address> --password <account-password-file>
. - Create a config file
config/<env>.json
, which partially overridesconfig/default.json
. export NODE_ENV=<env>; node index.js