We Keep Coding

Can I decrypt password using the private key generated in Django backend in Flutter?

I am making a password manager app where I am using asymmetric encryption to store passwords. I have created a Django backend for the app where I have stored the user's public key in the User model. During registration, I am storing the public key in the database and sending the user their private key to the Flutter app.
I am using the following function to encrypt the password and store it in the password store model:
def encrypt(data, key):
key = serialization.load_pem_public_key(
key.encode(),
backend=default_backend()
)
data = key.encrypt(
data.encode(),
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
return data
Now, I want to know if I can decrypt passwords or any other string data in Flutter using the private key that is generated in the Django backend. If yes, how can I do it?
Also, I don't want to pass the decrypted password from the backend to the Flutter app. I want the client-side to handle it. For this, I am storing the private key in the user's device using shared preferences in Flutter:
SharedPreferences.getInstance().then((prefs) {
prefs.setString("privateKey", widget.privateKey);
});
Can anyone help me with this?
I tried using the decryptByPrivateKey function below to decrypt a password on the client side in my Flutter app using a private key generated on my Django backend:
dynamic decryptByPrivateKey(String content) async {
final prefs = await SharedPreferences.getInstance();
final private = prefs.getString('privateKey')!;
RSAKeyParser parser = RSAKeyParser();
RSAPrivateKey privateKey = parser.parse(private) as RSAPrivateKey;
AsymmetricBlockCipher cipher = PKCS1Encoding(RSAEngine());
cipher..init(false, PrivateKeyParameter<RSAPrivateKey>(privateKey));
return utf8.decode(cipher.process(Encrypted.fromBase64(content).bytes));
}
However, I got the following error related to the content parameter, and I'm not sure how to resolve it:
FormatException: Invalid character (at character 2) b'\rV\x86ldn\x171*^c\xabsAc;\xead\xea\x05C\x996o\x0e#\xe2\xed\x1c\xa21\x80d... ^
Also, I am generating and sending the private key to the client as shown in the code snippet below:
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()
public_key = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
private_key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
private_key = private_key.decode('utf-8')
public_key = public_key.decode('utf-8')
I am hoping to be able to decrypt the password on the client side using the private key without passing the decrypted password from the backend. Can anyone help me with this issue?"

How do I delete an item from a table having partition key and sort key, in AWS Amplify Flutter package. I need to know the flutter syntax for it

I want to delete item from table having partition key as userID and sort key as ID, but in a graphql delete request I see only the primary id as the field.
My delete function
Following is the syntax for the delete request:
final request = ModelMutations.deleteById(Todo.classType, 'some-todo-id-123');
I'm using amplify_api: ^0.4.5 package for graphQL requests.
I need help with the syntax for passing partition key and sort key both in the mutation request.

AWS cannot signed CloudFront urls

Excepted: I want to get signed urls with my AWS CloudFront url.
What I have done: I have created a AWS CloudFront instence and enabled Restrict Viewer Access function, Trusted Signers is Self.
Below is the php code I want to sign the url
function getSignedURL()
{
$resource = 'http://d2qui8qg6d31zk.cloudfront.net/richardcuicks3sample/140-140.bmp';
$timeout = 300;
//This comes from key pair you generated for cloudfront
$keyPairId = "YOUR_CLOUDFRONT_KEY_PAIR_ID";
$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';
//Read Cloudfront Private Key Pair
$fp=fopen("private_key.pem","r");
$priv_key=fread($fp,8192);
fclose($fp);
//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key)
{
echo "<p>Failed to load private key!</p>";
return;
}
//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
{
echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
return;
}
//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);
//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
return $url;
}
For $keyPairId and private_key.pem, I logged in my root account and generated this two variables in Security Credentials->CloudFront Key Pairs section.
If I access http://d2qui8qg6d31zk.cloudfront.net/richardcuicks3sample/140-140.bmp on browser directly. It will response like
<Error>
<Code>MissingKey</Code>
<Message>
Missing Key-Pair-Id query parameter or cookie value
</Message>
</Error>
After I run the function, I got a long signed url, parse the url on chrome browser, it will response like
<Error>
<Code>InvalidKey</Code>
<Message>Unknown Key</Message>
</Error>
Question: I have search AWS document and google much time about this, Could anyone tell me why this happened or if I miss something? Thanks in advance!

$priv_key=fread($fp,8192);
If I understand, you generated the key. If so, it looks like you are setting a key size that is not supported.
The key pair must be an SSH-2 RSA key pair.
The key pair must be in base64 encoded PEM format.
The supported key lengths are 1024, 2048, and 4096 bit
Docs: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs

I opted for Trusted Key Groups and i got that invalidkey/unknownkey error when i initially thought that the keypair id is the same as the access key id under "My Security Credentials". The correct one to use is that ID from your public keys (CloudFront > Key Management > Public Keys).

Thanks #imperalix for answering this question.
I have solved this issue,
Inspired by this site, I found I used the wrong CloudFront url to be signed.
Before: http://d2qui8qg6d31zk.cloudfront.net/richardcuicks3sample/140-140.bmp
After: http://d2qui8qg6d31zk.cloudfront.net/140-140.bmp
Because I create the CloudFront distribution for the richardcuicks3sample bucket, so don't need include this bucket name in the url. After I changed the url, the signed url works well.

Web Application with Charm Crypto

I suppose to make a web application where the users can login in this platform with username and password (I want to make a MySQL database to stare username and password).
After when the user is logged, he selects a file from his computer and send this file on server.
I want encrypt this file to a group of users (I want use HybridABE cryptography with Charm Crypto).
Now I have these architectural/programming question.
Suppose that we have this program:
from charm.toolbox.pairinggroup import PairingGroup,GT
from charm.adapters.abenc_adapt_hybrid import HybridABEnc as HybridABEnc
from charm.schemes.abenc.abenc_waters09 import CPabe09
group = PairingGroup('SS512')
cpabe = CPabe09(group)
hyb_abe = HybridABEnc(cpabe, group)
policy = '((ONE or THREE) and (TWO or FOUR))'
msg = "hello world this is an important message."
(master_secret_key, master_public_key) = hyb_abe.setup()
attr_list = ['THREE', 'ONE', 'TWO']
secret_key = hyb_abe.keygen(master_public_key, master_secret_key, attr_list)
cipher_text = hyb_abe.encrypt(master_public_key, msg, policy)
decrypted_msg = hyb_abe.decrypt(master_public_key, secret_key, cipher_text)
Where can I save the Master Private Key and the Master Public Key ? On a directory server like file ? On database ?
Where can I save the secret key of user ?

An Attribute-based Encryption system is usually created once and has only one master secret key and public key pair.
The master secret key is stored on the server that generates the user secret keys. Since there is usually only one master secret key, you can even generate it and put it into the source code of your server code. Of course, you can include it in the server database.
User secret keys have to be given to users. Remember to give your users some kind of (public) identifier along with the user secret key so that you can manage the list of attributes that a certain user has at the server-side. Otherwise, you will have a headache when you try to update attributes, because you will need to contact users with their new user secret key.
The master public key (usually called "public parameters" or simply "public key") is public. It's a good idea to include it in the package that you give to your users. You can also create an API endpoint so that interested "users" can ask your server for the public key.

How to request information from amazon URL

Could anyone explain me what information should I put from this URL:
http://webservices.amazon.com/onca/xml?
Service=AWSECommerceService&
AWSAccessKeyId=[AWS Access Key ID]&
Operation=ItemSearch&
ItemId=B000Q678OO&
ResponseGroup=Images&
SearchIndex=Blended&
Version=2011-08-01
&Timestamp=[YYYY-MM-DDThh:mm:ssZ]
&Signature=[Request Signature]
AWSAccessKeyId: Access Key ID
Timestamp: UTC time display as YYYY-MM-DDThh:mm:ssZ -> so how can i display like this to add to the url
Signature: is it the Secret Access Key ?

No, the signature is a string generated from the request parameters and the Secret Access Key.
The following article explains how to generate the signature:
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/rest-signature.html