Giters

nayuki / QR-Code-generator

High-quality QR Code generator library in Java, TypeScript/JavaScript, Python, Rust, C++, C.

Home Page:https://www.nayuki.io/page/qr-code-generator-library

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Security or "Encryption" Question

worldpeaceenginelabs opened this issue Β· comments

commented

Hi Nayuki!
Very cool lib, Thank you! Exactly what i was searching for.πŸ™

I am sure you can help clarify my question.
You seem to be the QR Guru of Github (nice and clean code) πŸ™πŸ˜πŸ‘

Since you can generate qr code from text and recover text from qr code, i guess both instances (input demo / output demo ) need to match some basic "key" to understand each other, right?

Is it possible to change that value somewhere in your js code, so others can't recover my qr-codes anymore? (kind of encryption)
Is it pretty safe then against hacking? Because recovering the qr code to text would be recovering the password. Thats bad.

Background:
This weekend I started with the app Couchsurfing Decentralized. (dapp one of five to develop on my webapp https://cloudatlas.club)

I work on a cool auth method which i imagine for some time now:
The user signs up by a 8-digit alphanumeric which gets translated into a qr code. This qr code is dropped as user-avatar in every message, post and comment of the user. (just for the sake of explaination, the visible avatar in production will be an uploaded pic of course)

This way i drop the permission part into the message, post, comment themself.
The creator user with the right barcode can edit/delete his own message, post, comment.
But another user, with another qr code cannot, but his own.

Implemented into Couchsurf Decentralized it means:

When a Couchsurf host offers a couch, he is the first message in his couch post of course (with the first qr code).
Everybody interested can write a message into the post.

But now, i can check inside the card component which of the messages has the same barcode as the first post and highlight him as the host for instance.
Also the user with the same qr code as the first message in the couch post, is allowed to edit and delete this post.

Before, i had to do a request to my already decentralized database for this things, but now i even safe this requests, thanks to this auth method.

And the password is no-where saved, only in your head. The other key of the keypair is the qrcode.

Do you think its possible to use your library like this? You are my reality check! πŸ˜‚

Have a great day!

commented

From explaining an playing with your https://www.nayuki.io/page/qr-code-generator-library i thought this:
image

Would that work?

commented

The QR Code standard does not provide a standardized way to convey encrypted data. But it can convey arbitrary data, therefore you can perform encryption/decryption at a higher level in your code - not in my library code.

It's like asking, can I perform encryption with the letters of the English alphabet? Yes I can, but I would need to resort to a method like https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher , https://en.wikipedia.org/wiki/Enigma_machine , etc.

Your request is outside the scope of what my library ought to provide.

commented

@nayuki Thank you