[Feature Request]: Create Routes for Encryption & Decryption and Verification of Tickets

[RISHIKESHk07]

Is your feature request related to a problem? Please describe.

Description

Implement encryption, decryption, and verification logic for tickets in the ticket service. This involves adding an encryptedData field to the ticket schema and using RSA public and private keys for ticket signature verification. Additionally, generate RSA public and private keys using OpenSSL for use in ticket signature operations.

Describe the solution you'd like

Tasks

• [ ] Task 1: Generate RSA public and private keys using OpenSSL.
• [ ] Task 2: Modify the ticket schema to include an encryptedData field.
• [ ] Task 3: Implement encryption logic for ticket data.
• [ ] Task 4: Implement decryption logic for encrypted ticket data.
• [ ] Task 5: Add routes for encrypting and decrypting tickets in the ticket service API.
• [ ] Task 6: Implement ticket signature using RSA keys for verification.
• [ ] Task 7: Create routes for verifying ticket signatures in the ticket service API.

Describe alternatives you've considered

Note

Please propose how will do this before starting this issue , and breakdown each step like where will be storing our keys and what data would be best to encrypt and store in the QR , we will be using this for Bus conductor app where verifications is important as well etc. We will be assigning two people for this issue as its big but with very interrelated smaller tasks .

Developer Help

Dev Info

This issue is expected to take a few iterations to perfect and complete due to the complexity of implementing encryption, decryption, and verification logic securely. Coordinate with maintainers regualrly for this. If we can implement BSL and schnorr as a alernative as well if we can perform them same in a easier manner.

[Vaibhavsahu2810]

@RISHIKESHk07 I would like to work on this issue. Firstly i will generate RSA keys using the OpenSSL command line tool and update the ticket schema with encryptedData prop.Then i will use the crypto module in Node.js for RSA encryption.Similarly, use the crypto module for decryption.then i will create a controller to handle encryption and decryption routes.Then to implement the ticket signature using rsa keys i will use crypto.createSign method.lastly i will create the routes for verifying ticket signatures in ticket.service.ts. can i do it alone? If i get stuck anywhere i will give the update of the problem to the maintainers

[Om-Thorat]

@RISHIKESHk07 I would like to work on this issue. Firstly i will generate RSA keys using the OpenSSL command line tool and update the ticket schema with encryptedData prop.Then i will use the crypto module in Node.js for RSA encryption.Similarly, use the crypto module for decryption.then i will create a controller to handle encryption and decryption routes.Then to implement the ticket signature using rsa keys i will use crypto.createSign method.lastly i will create the routes for verifying ticket signatures in ticket.service.ts. can i do it alone? If i get stuck anywhere i will give the update of the problem to the maintainers

@Vaibhavsahu2810 RSA has been proven unsafe pretty regularly because of the multiple carefully chosen parameters required, for example even github dropped rsa key support a while ago. To battle this people have been making rsa keys longer but that's a naive solution it'll be better to use more modern algorithms such as ed25519. Also you can generate the key pair with the crypto module itself a command line tool isn't required. It's better to not cut corners and give our best to ensure security through out : ) as a team.

[Vaibhavsahu2810]

@Om-Thorat Based on the feature requested by the maintainer, my approach involved generating RSA public and private keys using OpenSSL. This method aligns well with the small-scale tasks the website will be handling.

While i thank you for pointing out the anamolies and suggesting the latest security methods - it's important to stay informed about the latest security methods, I believe that implementing more advanced algorithms would be unnecessary for this project. The current approach is sufficient for ensuring security at the scale we are operating.

Therefore, I prefer to rely on the maintainer's guidance. Thank you.

[Om-Thorat]

@Om-Thorat Based on the feature requested by the maintainer, my approach involved generating RSA public and private keys using OpenSSL. This method aligns well with the small-scale tasks the website will be handling.

While i thank you for pointing out the anamolies and suggesting the latest security methods - it's important to stay informed about the latest security methods, I believe that implementing more advanced algorithms would be unnecessary for this project. The current approach is sufficient for ensuring security at the scale we are operating.

Therefore, I prefer to rely on the maintainer's guidance. Thank you.

I am sure the maintainer would be open to discuss about it and would appreciate the research : ) and the pointed out anomalies, Also when the difference between using rsa and ed25519 implementation is a change of a single line, I don't see a reason not to. Further "sufficient" is not the quality we should aim for in a project.

Such discussions are the advantage of working in a team and I hope you'll be more open to it.

[RISHIKESHk07]

@Om-Thorat have you completed the previous issue you are working on ? , we are open to coming up with a solution for this issue we can discuss together about this in a meet and proceed. Will be assigning this issue soon

[Om-Thorat]

@Om-Thorat have you completed the previous issue you are working on ? , we are open to coming up with a solution for this issue we can discuss together about this in a meet and proceed. Will be assigning this issue soon

I was preoccupied with other commitments I am halfway done will make a pr today or tomorrow per se. Sure I'll be open to discuss further in a meet.

[rohansen856]

@RISHIKESHk07 i would like to contribute on this issue. my approach will be the following:

1. I would use ecc(elliptical curve cryptography) algorithm. The crypto module would be able to provide this functionality.
2. when a request to create a new ticket is launched, then a stringified data containing 4 things:
   • the order id,
   • the user id of the person holding the ticket
   • outgoing allowed
   • coming back allowed
3. the encrypion and decryption would be done on the backend such that only the admin or like the bus conductor would be able to scan them and read the data.
4. once the ticket is scanned once, there would be a change in the encryptedData. making a rescan impossible. in that way only 1 person would be able to use 1 qr code.
5. for the part of the person scanning the ticket, 2 type of function can be implemented. one for outgoing and one for coming back to the college.
6. once the qr is scanned for outgoing purpose, the the outgoing allowed part would be converted to false. same for coming back to college.

[RISHIKESHk07]

alright then @rohansen856 @Vaibhavsahu2810 you can work together on this , split the work after we finalise all the conditions we have to complete in tomorrow 's meet , @Om-Thorat and anyone can express ideas on the meet