A way to encrypt your service...

If you are new of cryptography read something on wikipedia.org: Public-key cryptography but we can resume: "In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message".

This image about 'RS256 asymmetric algorithm' explain easily what I try to obtain with this project:

First of all, starting from GitHub project python-encrypted-rsa-keys-demo, I created pair keys for encryption.

• Read cryptography.io DOCS.
  
• Read also Aaron-K-T-Berry tutorial on dev.to.

The original source code was modified to read informations from a 'properties' file like JAVA.

• pip install jproperties
• Please read pypi.org: jproperties
• Please read geeksforgeeks.org: jproperties example

Also I added JSON Web Key Sets (JWKS) creation to verify JSON Web Token (JWT).

• Please read Request for Comments: 7517

For the last part of this project I added AES key to encrypt a message, this is important for later use case example.

Run python script from 'keys' folder:

py -3 .\keys_generator.py

Ok, now we have the keys. But what is JSON Web Token (JWT)?

• Read wikipedia.org: JWT
• Also visit this amazing page jwt.io

First of all python jwt project is needed, so install it:

• pip install jwt
• Read more on pypi.org: jwt

You can find three simple scripts:

• First one is "encode.py" to obtain a token
• The second is "decode.py" which gives 3 possible ways to decode token (with or without verification):
  1. Decode token with LOCAL PUB FILE
  2. Decode token with WEB PUB FILE
  3. Decode token with WEB JWKS
• The last is "test_enc_dec.py" for testing

Run python script:

py -3 .\test_enc_dec.py

Now let's try to help who needs to encrypt information or verify signature with some real cases.

Inside whistleblowing folder, you can find a simulation to understand better kow it works.

• HTML, is so simple and it helps to follow the right flow.
• Javascript, to understand this script you need to know:
  1. bytes array, base64, text convertion
  2. importing key (please read mozilla.org: importKey)
  3. payload encryption (please read mozilla.org: encrypt)
  4. AJAX and XMLHttpRequest
• Python: this is a script that uses Flask and checks login information from client or get message text. To improve security, client and server, use a AES key (please read wikipedia.org: Advanced_Encryption_Standard) to encrypt and decrypt payload message. To run this script on server:

flask --app endPoint run --host=0.0.0.0 --port 5002