Encryption Web - Secure File and Signature Management

Project Overview

Encryption Web is a backend platform designed to manage secure file uploads, encryption, and digital signature verification. The platform utilizes both symmetric and asymmetric encryption to ensure the confidentiality and integrity of user data. HashiCorp Vault is used for secure key management, making the system robust and scalable for handling sensitive operations like file access requests and signature validation.

Key Features

• User Authentication & Management: Allows users to register, log in, and manage their profile with secure authentication.
• Secure File Upload: Enables secure file uploads, encrypting files during transit and storage using advanced encryption methods.
• Digital Signature Management: Supports creating and verifying digital signatures for files, ensuring data integrity and authenticity.
• File Access Requests: Users can request access to files, and file owners can approve or deny these requests, maintaining strict access control.
• HashiCorp Vault Integration: Uses Vault to store and manage encryption keys securely, providing a highly available and secure key management solution.

Technical Approach

The system was designed with a focus on security and performance. Symmetric and asymmetric encryption techniques were implemented to handle different types of data and security requirements.

• Symmetric Encryption: Used for encrypting large data files for performance reasons.
• Asymmetric Encryption: Applied for securely managing digital signatures, ensuring authenticity and non-repudiation.
• HashiCorp Vault: Integrated to securely store and access encryption keys without hardcoding sensitive credentials.
• API Design: The system was built around a RESTful API, with endpoints for user management, file uploads, signature signing/verification, and file access requests.

API Endpoints

Postman documentation for the API is available here

The API provides the following endpoints:

• Auth:

  • POST /register: Register a new user.
  • POST /login: Login and obtain a token for authentication.
  • GET /me: Retrieve user profile data.

• File:

  • POST /file: Upload an encrypted file.
  • GET /file: Retrieve a specific file (after successful access request).
  • GET /files: Get a list of all files uploaded by the user.
  • GET /files/{user_id}: Get all files from another user.

• File Request:

  • GET /request/{file_id}: Check status of user request for file access.
  • POST /request/access: Request access to a file.
  • GET /request/approval: Get a list of access requests pending approval from the file owner.
  • POST /request/accept: Accept an access request for a file.

• Signature:

  • POST /sign: Sign a file with a digital signature.
  • POST /verify: Verify a digital signature for authenticity.

Development Process

The development process followed a security-first approach, focusing on building the encryption and digital signature verification functionality early on. After implementing core security features, I collaborated with the frontend team to ensure proper integration of file handling and signature verification APIs. The iterative process also involved extensive testing to ensure the robustness of encryption operations and access control flows.

Key technical decisions included selecting the appropriate encryption algorithms for different use cases and leveraging HashiCorp Vault for encryption key management to avoid security pitfalls associated with hardcoded keys.