A way to encrypt your service...
If you are new of cryptography read something on wikipedia.org: Public-key cryptography but we can resume: "In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message".
This image about 'RS256 asymmetric algorithm' explain easily what I try to obtain with this project:
First of all, starting from GitHub project python-encrypted-rsa-keys-demo, I created pair keys for encryption.
- Read cryptography.io DOCS.
- Read also Aaron-K-T-Berry tutorial on dev.to.
The original source code was modified to read informations from a 'properties' file like JAVA.
pip install jproperties- Please read pypi.org: jproperties
- Please read geeksforgeeks.org: jproperties example
Also I added JSON Web Key Sets (JWKS) creation to verify JSON Web Token (JWT).
- Please read Request for Comments: 7517
For the last part of this project I added AES key to encrypt a message, this is important for later use case example.
Run python script from 'keys' folder:
py -3 .\keys_generator.pyOk, now we have the keys. But what is JSON Web Token (JWT)?
- Read wikipedia.org: JWT
- Also visit this amazing page jwt.io
First of all python jwt project is needed, so install it:
pip install jwt- Read more on pypi.org: jwt
You can find three simple scripts:
- First one is "encode.py" to obtain a token
- The second is "decode.py" which gives 3 possible ways to decode token (with or without verification):
- Decode token with LOCAL PUB FILE
- Decode token with WEB PUB FILE
- Decode token with WEB JWKS
- The last is "test_enc_dec.py" for testing
Run python script:
py -3 .\test_enc_dec.pyNow let's try to help who needs to encrypt information or verify signature with some real cases.
Inside whistleblowing folder, you can find a simulation to understand better kow it works.
- HTML, is so simple and it helps to follow the right flow.
- Javascript, to understand this script you need to know:
- bytes array, base64, text convertion
- importing key (please read mozilla.org: importKey)
- payload encryption (please read mozilla.org: encrypt)
- AJAX and XMLHttpRequest
- Python: this is a script that uses Flask and checks login information from client or get message text. To improve security, client and server, use a AES key (please read wikipedia.org: Advanced_Encryption_Standard) to encrypt and decrypt payload message. To run this script on server:
flask --app endPoint run --host=0.0.0.0 --port 5002