Open RISHIKESHk07 opened 1 week ago
@RISHIKESHk07 I would like to work on this issue. Firstly i will generate RSA keys using the OpenSSL command line tool and update the ticket schema with encryptedData prop.Then i will use the crypto module in Node.js for RSA encryption.Similarly, use the crypto module for decryption.then i will create a controller to handle encryption and decryption routes.Then to implement the ticket signature using rsa keys i will use crypto.createSign method.lastly i will create the routes for verifying ticket signatures in ticket.service.ts. can i do it alone? If i get stuck anywhere i will give the update of the problem to the maintainers
@RISHIKESHk07 I would like to work on this issue. Firstly i will generate RSA keys using the OpenSSL command line tool and update the ticket schema with encryptedData prop.Then i will use the crypto module in Node.js for RSA encryption.Similarly, use the crypto module for decryption.then i will create a controller to handle encryption and decryption routes.Then to implement the ticket signature using rsa keys i will use crypto.createSign method.lastly i will create the routes for verifying ticket signatures in ticket.service.ts. can i do it alone? If i get stuck anywhere i will give the update of the problem to the maintainers
@Vaibhavsahu2810 RSA has been proven unsafe pretty regularly because of the multiple carefully chosen parameters required, for example even github dropped rsa key support a while ago. To battle this people have been making rsa keys longer but that's a naive solution it'll be better to use more modern algorithms such as ed25519. Also you can generate the key pair with the crypto module itself a command line tool isn't required. It's better to not cut corners and give our best to ensure security through out : ) as a team.
@Om-Thorat Based on the feature requested by the maintainer, my approach involved generating RSA public and private keys using OpenSSL. This method aligns well with the small-scale tasks the website will be handling.
While i thank you for pointing out the anamolies and suggesting the latest security methods - it's important to stay informed about the latest security methods, I believe that implementing more advanced algorithms would be unnecessary for this project. The current approach is sufficient for ensuring security at the scale we are operating.
Therefore, I prefer to rely on the maintainer's guidance. Thank you.
@Om-Thorat Based on the feature requested by the maintainer, my approach involved generating RSA public and private keys using OpenSSL. This method aligns well with the small-scale tasks the website will be handling.
While i thank you for pointing out the anamolies and suggesting the latest security methods - it's important to stay informed about the latest security methods, I believe that implementing more advanced algorithms would be unnecessary for this project. The current approach is sufficient for ensuring security at the scale we are operating.
Therefore, I prefer to rely on the maintainer's guidance. Thank you.
I am sure the maintainer would be open to discuss about it and would appreciate the research : ) and the pointed out anomalies, Also when the difference between using rsa and ed25519 implementation is a change of a single line, I don't see a reason not to. Further "sufficient" is not the quality we should aim for in a project.
Such discussions are the advantage of working in a team and I hope you'll be more open to it.
@Om-Thorat have you completed the previous issue you are working on ? , we are open to coming up with a solution for this issue we can discuss together about this in a meet and proceed. Will be assigning this issue soon
@Om-Thorat have you completed the previous issue you are working on ? , we are open to coming up with a solution for this issue we can discuss together about this in a meet and proceed. Will be assigning this issue soon
I was preoccupied with other commitments I am halfway done will make a pr today or tomorrow per se. Sure I'll be open to discuss further in a meet.
@RISHIKESHk07 i would like to contribute on this issue. my approach will be the following:
encryptedData
. making a rescan impossible. in that way only 1 person would be able to use 1 qr code.alright then @rohansen856 @Vaibhavsahu2810 you can work together on this , split the work after we finalise all the conditions we have to complete in tomorrow 's meet , @Om-Thorat and anyone can express ideas on the meet
Is your feature request related to a problem? Please describe.
Description
Implement encryption, decryption, and verification logic for tickets in the ticket service. This involves adding an
encryptedData
field to the ticket schema and using RSA public and private keys for ticket signature verification. Additionally, generate RSA public and private keys using OpenSSL for use in ticket signature operations.Describe the solution you'd like
Tasks
encryptedData
field.Describe alternatives you've considered
Note
Please propose how will do this before starting this issue , and breakdown each step like where will be storing our keys and what data would be best to encrypt and store in the QR , we will be using this for Bus conductor app where verifications is important as well etc. We will be assigning two people for this issue as its big but with very interrelated smaller tasks .
Developer Help
Dev Info
This issue is expected to take a few iterations to perfect and complete due to the complexity of implementing encryption, decryption, and verification logic securely. Coordinate with maintainers regualrly for this. If we can implement BSL and schnorr as a alernative as well if we can perform them same in a easier manner.