My journey with The Palisaodes Foundation has been a very exciting one, where I worked with the admin Peter Harrison, mentors Noman Khan and Nishnata Debnath and my fellow mentees, on the project End-to-End Encryption and Talawa API Security Improvements.
Having never worked on Encryption and Cryptography in general before, this project was both challenging and learning one, wherein I explored various aspects of Cryptography, Real Time Chat Design, Managing Certificates and Keys, just to name a few.
During the project, we decided that implementing the chat feature from scratch in this project itself would not be viable, and keeping it for the next year GSoC idea will be a more robust solution. So my project focused on improving security of the existing APIs, rather than introducing new ones.
All of the PRs can be found here.
Installed various packages like pointycastle and crypto, which help in generating asymmetric RSA keys which are then stored in the app’s database for further usage, as so
AsymmetricKeyPair<PublicKey, PrivateKey> generateRSAKeyPair() {
final keyGen = RSAKeyGeneratorParameters(BigInt.parse('65537'), 2048, 64);
final secureRandom = FortunaRandom();
final random = SecureRandom('Fortuna')
..seed(secureRandom as CipherParameters);
final keyGenParams = ParametersWithRandom(keyGen, random);
final keyGenerator = KeyGenerator('RSA');
keyGenerator.init(keyGenParams);
return keyGenerator.generateKeyPair();
}
It’s transfer over API remains for now, and is supposed to be implemented along with the chat feature.