AadhaarCrypt because most of the developers do not even bother encrypting our sensitive information online. 😡
AadhaarCrypt is an API which let users store Aadhaar Card information online in secure way. Aadhaar Crypt encrypts the aadhaar card data using a private key and returns the encrypted text back to the user which can be stored in place of the actual data in your online databases.
FlaskFlask corspycrypto
Aadhaar card data is one of the most sensitive piece of information for every citizen of India and there are multiple websites and organisations which takes Aadhaar card number for identification purposes and store them in their online databases, there were incidents in past where aadhaar data was leaked because of vulnerable web applications.
- Indian state government leaks thousands of Aadhaar numbers
- Indane leaked millions of Aadhaar numbers: French security researcher
- Clone the repository
git clone https://github.com/shibli2700/aadhaarcrypt.git
- run the follwing commands on your command line to install the dependencies.
cd aadhaarcrypt
python setup.py install
- Run the server
python app.py
- Open a new session of terminal and fire the Command written Below: parameters (name, email) -> To be feed by you!
curl -X POST -H "Content-Type: application/json" http://127.0.0.1:5000/generate-token -d "{'name':'dante', 'email':'foo@bar.com'}"
- You will get the following reponse along with your private key
{"key": "749ffeed93790ce4720ac5d04d4bcb8d"}Ajax code to generate private key
function gettoken(){
var url = "http://127.0.0.1:5000/generate-token" //you can add ur own host here
params = "{'name' : 'dante', 'email' : 'foo@bar.com'}"; //data to send
try{
var xhttp = new XMLHttpRequest();
}catch(e){
console.log(e)
}
xhttp.open("POST", url);
xhttp.send(params);
xhttp.onreadystatechange = function(){
if(this.status == 200 && this.readyState == 4){
console.log(this.responseText);
}
}
}
gettoken();- Encrypt the data by making the following request
POST /encrypt-data HTTP/1.1
Host: 127.0.0.1:5000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 131
{"key":"749ffeed93790ce4720ac5d04d4bcb8d", "aadhaarno":"23-456-123", "name":"Lucifer", "dob":"21-09-1997", "address":"Park Avenue"}
You will get the encrypted data in reponse
{"encrypted_text": "d29a3eb24a553ebd399daae63bad9703432edc5abc1822efd0e2e1ff74ad15784c45f1e5474593c9b34672b7ddf6a11d86d7d55a951ff24a3bd7628c6e654bed27ab407fcd6120bdab55c82e2b93cc6eff980869c48833b9a599d8262795c29787846567c3d09ea220fb5492d5"}- Decrypt the data using the following reponse
POST /decrypt-data HTTP/1.1
Host: 127.0.0.1:5000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 271
{"key":"749ffeed93790ce4720ac5d04d4bcb8d", "data":"d29a3eb24a553ebd399daae63bad9703432edc5abc1822efd0e2e1ff74ad15784c45f1e5474593c9b34672b7ddf6a11d86d7d55a951ff24a3bd7628c6e654bed27ab407fcd6120bdab55c82e2b93cc6eff980869c48833b9a599d8262795c29787846567c3d09ea220fb5492d5"}
You will get the decrypted json reponse
{"decrypted_text": "\"aadhaarno\": \"23-456-123\", \"name\": \"Lucifer\", \"dob\": \"21-09-1997\", \"address\": \"Park Avenue\"}"}- Docker container
