{% load i18n static %} {% block title %}{% endblock %}
{% trans "K356 Project" %}

{% trans "Encryption" %}

{% trans "Your data are secure in an encrypted way, accessible solely by you. The data are purely encrypted and decrypted in the front-end. The back-end has no access to the encryption key, so there is no way for an intruder to decrypt your data." %}

{% blocktrans %} Your data are encrypted using RSA-OAEP algorithm. {% endblocktrans %} 

const operations = crypto.subtle

async encrypt (data) {

    return btoa(arrayBufferToString(await operations.encrypt(
        { name: "RSA-OAEP" },
        publicKey,
        stringToArrayBuffer(data),
    )))

}

{% blocktrans %} Your date are decrypted using the same algorithm, using your own private key. {% endblocktrans %} 

const operations = crypto.subtle

async decrypt (armored_data) {

    return arrayBufferToString(await operations.decrypt(
        { name: "RSA-OAEP" },
        privateKey,
        stringToArrayBuffer(atob(armored_data))
    ))

}

{% blocktrans %} In order to keep your private/public key pair secret, they are wrapped using a AES-GCM key derived from you password. {% endblocktrans %} 

const operations = crypto.subtle

async wrapKey (key, wrappingKey, iv) => {

    return btoa(arrayBufferToString(await operations.wrapKey(
        "jwk",
        key,
        wrappingKey, 
        {name: "AES-GCM", iv: stringToArrayBuffer(iv)}
    )))

}

async unwrapKey (unwrappingKey, armored_jwk_data, iv, args) => {

    return await operations.unwrapKey(
        "jwk",
        stringToArrayBuffer(atob(armored_jwk_data)),
        unwrappingKey,
        {name: "AES-GCM", iv: stringToArrayBuffer(iv)},
        {
            name: "RSA-OAEP",
            hash: "SHA-256",
        },
        true,
        args,
    )
}

{% blocktrans %} Your public/private key are not stored as-is. They are wrapped using a AES-GCM key, derivated from your password. A custom salt is used, unique per user, to generate your wrapping key. {% endblocktrans %} 


const operations = crypto.subtle

async deriveKeyFromPassphrase(passphrase, salt) => {

    const encoder = new TextEncoder();
    const keyFromPassword = await operations.importKey(
        "raw",
        encoder.encode(passphrase),
        "PBKDF2",
        false,
        ["deriveKey"]
    )

    return await operations.deriveKey(
        {
            name: "PBKDF2",
            salt: stringToArrayBuffer(salt),
            iterations: pbkdf2_iterations,
            hash: "SHA-256",
        },
        keyFromPassword,                       
        {
            name: "AES-GCM",
            length: 256
        },
        true,
        ["wrapKey", "unwrapKey"]
    )
}
{% trans "Login / register" %}
 {% trans "Login / Register" %} {% trans "Select option" %} {% trans "Github" %}
{% for name, path in templates.items %} {% endfor %}