Table of Contents
Objective: The objective of this work is to develop a system that allows encrypting messages (files) that can only be decrypted at a specific day and time.
To ensure security, the system should implement a client-server architecture (e.g., a web application), where the server component is clearly separated from the client. The main functionalities of the server include:
- Generating cipher keys for any specified moment.
- Encrypting messages with generated keys.
The system should have three main functionalities, possibly available through three interfaces:
-
User Request Interface:
- Allows users to request the encryption of a file that can only be opened at a specific date and time.
- Users input the date, time, and file through an interface (e.g., a form).
- The system generates a unique AES cipher key depending on a secret known only to the system, the user's username (email), and the date and time.
- The file is encrypted, and the ciphertext is returned to the user without the cipher key.
-
Decryption Key Interface:
- Any user can access the system to check which key opens the ciphertexts for the current date and time.
- Keys are displayed during the specified period and are not accessible before or after.
-
Decryption Interface:
- Allows users to submit a cipher key and a previously encrypted file.
- Returns the decrypted file if decryption is successful.
The system supports the following basic functionalities:
-
Key Generation:
- Generates cipher keys using a cryptographic algorithm.
- Keys depend on email, a secret, and the current date and time.
-
File Encryption:
- Generates cipher keys for a specified date and time.
- Encrypts a file with the generated key.
-
Message Authentication:
- Generates HMAC-SHA256 message authentication codes attached to the ciphertext.
-
Decryption:
- Attempts to decrypt a submitted ciphertext using a provided key.
- Verifies the message authentication code.
The system can be further enhanced by implementing the following functionalities:
-
Cipher Selection:
- Allows choosing between AES-128-CBC and AES-128-CTR ciphers.
-
HMAC Function Selection:
- Allows choosing between HMAC-SHA256 and HMAC-SHA512 HMAC functions.
-
Digital Signatures:
- Uses RSA digital signatures in addition to message authentication codes.
-
User Registration:
- Enables simple user registration through email and password.
-
Access to Past Keys:
- Allows registered users to access past cipher keys.
-
Additional Features:
- Any other functionalities considered interesting.
-
User Request Interface:
- Users are able to input the date, time, and file through the interface.
- The system generates a unique AES cipher key depending on a secret known only to the system, the user's username (email), and the date and time.
- The file is encrypted, and the ciphertext is returned to the user without the cipher key.
-
Decryption Key Interface:
- Any user can access the system to check which key opens the ciphertexts for the current date and time.
- Keys are displayed during the specified period and are not accessible before or after.
-
Decryption Interface:
- Allows users to submit a cipher key and a previously encrypted file.
- Returns the decrypted file if decryption is successful and if the digital signature is valid.
-
User Login and Registration:
- Enables simple user login, registration through email and password.
The system supports the following basic functionalities:
-
Key Generation:
- Generates cipher keys using a cryptographic algorithm.
- Keys depend on email, a secret, and the current date and time.
-
File Encryption:
- Generates cipher keys for a specified date and time using (AES-128-CBC || AES-128-CFB || AES-128-OFB || AES-128-CTR || AES-128-GCM).
- Encrypts a file with the generated key.
-
Message Authentication:
- The app can generate (HMAC-SHA256 || HMAC-SHA384 || HMAC-SHA512 || GMAC) message authentication codes attached to the ciphertext.
- The app uses RSA digital signatures in addition to message authentication codes.
-
Decryption:
- Attempts to decrypt a submitted ciphertext using a provided key.
- Verifies the message authentication code.
-
Access to Past Keys:
- Allows registered users to access past cipher keys.
-
Clone the repo
git clone https://github.com/FuryCode-bit/L4TER-G4TOR.git
-
Install Python packages
cd backend pip3 install -r requirements.txt -
Install ReactJS packages and run build
cd frontend npm install npm run build -
Move build to backend folder
mv frontend/build backend/
-
Import database script to your sql server
script.sql
-
Generate Self Signed Certificates for the server
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
-
Create a .env file
SECRET_KEY="YourSecretKey" UPLOAD_FOLDER=uploads db_config_host=choose_host db_config_user=choose_user db_config_password=choose_password db_config_database=choose_db_name # for testing purposes the PRIVATE_KEY_STR is the same as the key inside key.pem PRIVATE_KEY_STR="-----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----" -
Execute
flask run --cert=cert.pem --key=key.pem
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE.txt for more information.