A User Manual

Token App

More Efficient Fuel Distribution in 3 Easy Steps

The “Token App” is a simple Browser App for managing tokens for obtaining fuel. This article acts as its user manual.

Token App

The App can be used by both issuing parties (e.g. Government institutions responsible for fuel distribution and their employees) to issue tokens, and receiving parties (e.g. ordinary fuel consumers) to receive and use tokens.

The app requires no login, and stores all of its data on the browser locally.

Step 1: Generate Crypto Keys (Issuers Only)

To start the process, the issuing party generates a pair of asymmetric cryptographic keys. The Secret Key is used to encrypt to token, and the Public Key is used to decrypt to token.

The issuer keeps the Secret Key secret, so that no one else can generate encrypted tokens. The Public Key is shared with the public (ideally in some public register), so that anyone can decrypt encrypted tokens. Hence, anyone can verify that the encrypted token was generated by the issuer.

The generated tokens are stored on the App Browser. The issuer can also copy them and store them elsewhere.

Trusted Issuers

There can be multiple “trusted issuers” each with different cryptographic key pairs, as long as the Secret Keys are secret, and the Public Keys are publicly known.

The App displays a public register of “trusted issuers”

Step 2: Create Token (Issuers Only)

The Issuer Creates a token with relevant information like Vehicle Number and Priority.

The App automatically adds a creation time and an expiration time (which currently defaults to creation time plus 3 days). This information is encrypted with the issuers Secret Key, and looks something like this:

eyJub25jZSI6IkNQVjVPTnNEYWh1TjBkZWpoeU1ldXJyVDZsZ0xJckdaIiwid3JpdGVyUHVibGljS2V5IjoiWGdlVWZmNVNGdmthWmxyaTNiOWFMVXJ6MFp5TTdoQ1dBbVB0YUdkaDFWQT0iLCJlbmNyeXB0ZWRNZXNzYWdlT25seSI6InhDTnRSTTBqZ0JkN3kwa3NyT0MxRE9ycU1uMWZYdW53WTlWMTNQNEZaL0tyZCtjb2ZCeCtWWFRjb0s2ZFEzRGJhWE5VYlBrTG4yb2VrY2kzZ3Ntay9KQXEzbW83V0tFc3VnM295MGdYazIwZ3MxQStlQWN0STJ2WjhvS2pPdkFnMWxoZHFZY0V4Y1daWUpicmppdz0ifQ

The App, then appends this encrypted information into a URL,

https://nuuuwan.github.io/token_app#tokenEncrypted:eyJub25jZSI6IkNQVjVPTnNEYWh1TjBkZWpoeU1ldXJyVDZsZ0xJckdaIiwid3JpdGVyUHVibGljS2V5IjoiWGdlVWZmNVNGdmthWmxyaTNiOWFMVXJ6MFp5TTdoQ1dBbVB0YUdkaDFWQT0iLCJlbmNyeXB0ZWRNZXNzYWdlT25seSI6InhDTnRSTTBqZ0JkN3kwa3NyT0MxRE9ycU1uMWZYdW53WTlWMTNQNEZaL0tyZCtjb2ZCeCtWWFRjb0s2ZFEzRGJhWE5VYlBrTG4yb2VrY2kzZ3Ntay9KQXEzbW83V0tFc3VnM295MGdYazIwZ3MxQStlQWN0STJ2WjhvS2pPdkFnMWxoZHFZY0V4Y1daWUpicmppdz0ifQ==&page:viewToken&mode:receiver&lang:en

Which itself can be opened within the App:

Note, the QR Code simply encodes the URL and the token can be accessed by scanning the QR Code.

Step 3: Scan Token

A token can be scanned from the “Scan Token” page on the App. Alternatively, you can scan the code with any QR Code Reader, including the Default Camera App on most smart phones.

The moment a token is scanned, it is saved on the App. You can inspect your tokens on the “My Tokens” page.

Code Repository

The App’s code can be found at,

GitHub - nuuuwan/token_app

Feel free to fork.

Concluding Thoughts

This App is very much a Proof-of-Concept. It can, no doubt, be enhanced and extended in many ways. My goal was to demonstrate its possibility and relative simplicity.

I would love to hear your thoughts on how to extend and expand the App, and even more importantly how we might operationalise it…