Skip to content

Latest commit

 

History

History
63 lines (51 loc) · 3.68 KB

README.md

File metadata and controls

63 lines (51 loc) · 3.68 KB

EncryptedService

A way to encrypt your service...

If you are new of cryptography read something on wikipedia.org: Public-key cryptography but we can resume: "In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message".

This image about 'RS256 asymmetric algorithm' explain easily what I try to obtain with this project:
RS256 asymmetric algorithm

Let's see the KEYS (see 'keys' folder)

First of all, starting from GitHub project python-encrypted-rsa-keys-demo, I created pair keys for encryption.

The original source code was modified to read informations from a 'properties' file like JAVA.

Also I added JSON Web Key Sets (JWKS) creation to verify JSON Web Token (JWT).

For the last part of this project I added AES key to encrypt a message, this is important for later use case example.

Run python script from 'keys' folder:

py -3 .\keys_generator.py

JWT (encode & decode scripts)

Ok, now we have the keys. But what is JSON Web Token (JWT)?

First of all python jwt project is needed, so install it:

You can find three simple scripts:

  • First one is "encode.py" to obtain a token
  • The second is "decode.py" which gives 3 possible ways to decode token (with or without verification):
    1. Decode token with LOCAL PUB FILE
    2. Decode token with WEB PUB FILE
    3. Decode token with WEB JWKS
  • The last is "test_enc_dec.py" for testing

Run python script:

py -3 .\test_enc_dec.py

Whistleblowing

Now let's try to help who needs to encrypt information or verify signature with some real cases.

Inside whistleblowing folder, you can find a simulation to understand better kow it works.

  • HTML, is so simple and it helps to follow the right flow.
  • Javascript, to understand this script you need to know:
    1. bytes array, base64, text convertion
    2. importing key (please read mozilla.org: importKey)
    3. payload encryption (please read mozilla.org: encrypt)
    4. AJAX and XMLHttpRequest
  • Python: this is a script that uses Flask and checks login information from client or get message text. To improve security, client and server, use a AES key (please read wikipedia.org: Advanced_Encryption_Standard) to encrypt and decrypt payload message. To run this script on server:
flask --app endPoint run --host=0.0.0.0 --port 5002