Data and Communication Encryption Methods

1.1 Overview

Secure data handling and communication are essential for protecting user information and maintaining the integrity of decentralized operations. This documentation provides a guide to encryption methods used for securing data between components, including encryption of data-at-rest and data-in-transit.

---

1.2 Core Encryption Strategies

Data-at-Rest Encryption

Protects stored data in databases or file systems using AES encryption to prevent unauthorized access.

Data-in-Transit Encryption

Utilizes TLS (Transport Layer Security) to secure data transmission between components.

---

1.3 Data-at-Rest Encryption: AES Encryption

1.3.1 AES Key Generation

from cryptography.fernet import Fernet

# Generate an encryption key
encryption_key = Fernet.generate_key()
print("AES Encryption Key:", encryption_key)

1.3.2 AES Encryption

from cryptography.fernet import Fernet

# Initialize Fernet with the generated encryption key
cipher = Fernet(encryption_key)

# Data to encrypt
data = "User data or sensitive information"
encrypted_data = cipher.encrypt(data.encode())
print("Encrypted Data:", encrypted_data)

1.3.3 AES Decryption

# Decrypt the data
decrypted_data = cipher.decrypt(encrypted_data).decode()
print("Decrypted Data:", decrypted_data)

---

1.4 Data-in-Transit Encryption: TLS Implementation

1.4.1 Configuring TLS in API Communication

1. Generate SSL Certificates: Use openssl to generate SSL certificates for both client and server authentication.

# Generate a private key
openssl genpkey -algorithm RSA -out private.key

# Create a self-signed certificate
openssl req -new -x509 -key private.key -out certificate.crt -days 365

1. Enable HTTPS on the Server: For example, with an Express.js server, enable HTTPS using the generated SSL certificate and private key.

const https = require("https");
const fs = require("fs");
const express = require("express");

const app = express();

// Load SSL certificate and private key
const options = {
    key: fs.readFileSync("path/to/private.key"),
    cert: fs.readFileSync("path/to/certificate.crt")
};

// Start HTTPS server
https.createServer(options, app).listen(3000, () => {
    console.log("HTTPS server running on port 3000");
});

1. Client-Side HTTPS Request: Ensure clients make requests over HTTPS by configuring them to trust the server certificate. Here’s an example using axios in Node.js:

const axios = require("axios");
const https = require("https");

// Trust self-signed certificates for local development
const agent = new https.Agent({  
    rejectUnauthorized: false
});

axios.get("https://localhost:3000/api/data", { httpsAgent: agent })
    .then(response => console.log("Data:", response.data))
    .catch(error => console.error("Error:", error));