Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/guillaumefalourd/poc-encryption-jwt

POC using pyjwt to encrypt / decrypt JWT :snake: 🔐
https://github.com/guillaumefalourd/poc-encryption-jwt

encryption jwt python

Last synced: 3 months ago
JSON representation

POC using pyjwt to encrypt / decrypt JWT :snake: 🔐

Host: GitHub
URL: https://github.com/guillaumefalourd/poc-encryption-jwt
Owner: GuillaumeFalourd
License: apache-2.0
Created: 2022-07-22T11:28:00.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-08-11T17:23:27.000Z (over 2 years ago)
Last Synced: 2024-04-19T21:25:16.782Z (9 months ago)
Topics: encryption, jwt, python
Language: Python
Homepage: https://pyjwt.readthedocs.io/en/latest/
Size: 206 KB
Stars: 8
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

# POC JWT encryption

[![Security Pipeline](https://github.com/GuillaumeFalourd/poc-encryption-jwt/actions/workflows/security-pipeline.yml/badge.svg)](https://github.com/GuillaumeFalourd/poc-encryption-jwt/actions/workflows/security-pipeline.yml) [![Super Linter](https://github.com/GuillaumeFalourd/poc-encryption-jwt/actions/workflows/super-linter.yml/badge.svg)](https://github.com/GuillaumeFalourd/poc-encryption-jwt/actions/workflows/super-linter.yml) [![Gitleaks](https://github.com/GuillaumeFalourd/poc-encryption-jwt/actions/workflows/gitleaks.yml/badge.svg)](https://github.com/GuillaumeFalourd/poc-encryption-jwt/actions/workflows/gitleaks.yml)

## 📋 Index

- [Setup](https://github.com/GuillaumeFalourd/poc-encryption-jwt#-setup)
- [Usage](https://github.com/GuillaumeFalourd/poc-encryption-jwt#-usage)
- [Generate new Key Pair](https://github.com/GuillaumeFalourd/poc-encryption-jwt#%EF%B8%8F-generate-new-key-pair)
- [TODOs](https://github.com/GuillaumeFalourd/poc-encryption-jwt#todos)
- [JWT Concept](https://github.com/GuillaumeFalourd/poc-encryption-jwt#-jwt-concept)
- [Contributing](https://github.com/GuillaumeFalourd/poc-encryption-jwt#-contributing)
- [License](https://github.com/GuillaumeFalourd/poc-encryption-jwt#-licensed)

## 🏗 Setup

To install the dependencies, run the following command at the repository `root`:

```sh
pip install -r requirements.txt
```

## 🚦 Usage

To execute the program, run the following command at thre repository `root`:

```sh
python3 main.py
```

It should display:

```txt
- The program started!
? What do you want to do? (Use arrow keys)
» Encrypt
Decrypt
```

1. You will need to create an `.encrypted_file` first at the repository `root` choosing the **Encrypt** option.
1. This `.encrypted_file` will contains a JWT containing an cryptographed data (the user **machine_id**).

2. To decrypt the `.encrypted_file` generated at the repository `root`, choose the **Decrypt** option.
1. The program will compare the JWT decoded **machine_id** with the user machine_id to check if the token is valid (**Valid** in that case means it has been generated on the same machine)

_Note: It's also possible to check the JWT present in the `.encrypted_file` content on [jwt.io](https://jwt.io/)._

## ⚙️ Generate new key pair

```markdown
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub

cat jwtRS256.key # private key
cat jwtRS256.key.pub # public key
```

The `jwtRS256.key` and the `jwtRS256.key.pub` files need to be located on the `./encryption` folder.

## TODOs

- [ ] Add Unit tests.
- [ ] Add Unit tests pipelines.

## 🧐 JWT Concept

![jwt](/jwt.jpeg)

### References in 🇧🇷

O JWS garante através de uma assinatura digital (que usa algoritmos criptográficos) a integridade da informação que está no token, mas não garante a confidencialidade das informações. Vale lembrar que quando lidamos com tokens JWT é muito importante que a assinatura seja verificada para garantir que o conteúdo do token não tenha sido alterado.

O objetivo principal do token JWT no formato JWS é justamente permitir que os claims sejam inspecionados a fim de obter informações importantes para identificar o usuário, suas permissões e outras informações relevantes para o processo de autenticação/autorização de forma que sua sua integridade esteja garantida.

O algoritmo usado para assinar o token vai variar dependendo de como será o processo de verificação podendo ser um algoritmo simétrico (uma chave apenas) ou assimétrico (usando uma chave privada para gerar o token e uma chave pública para verificar a assinatura).

[Post que resume bem alguns conceitos](https://www.brunobrito.net.br/jose-jwt-jws-jwe-jwa-jwk-jwks/)

_By [Alexandre Fidélis Vieira Bitencourt](https://github.com/alexandrefvb)_

## 🏅 Licensed

☞ This repository uses the [Apache License 2.0](https://github.com/GuillaumeFalourd/poc-encryption-jwt/blob/main/LICENSE)

## 🤝 Contributing

☞ If you're interested in contributing to this repository, please follow the [guidelines](https://github.com/GuillaumeFalourd/poc-encryption-jwt/blob/main/CONTRIBUTING.md)

### Contribuidores

(Criado com [contributors-img](https://contrib.rocks))