A full-stack web application for encrypting and decrypting confidential text messages using RSA asymmetric encryption with password-based access control.
- Features
- Architecture
- Functional Requirements
- Non-Functional Requirements
- Technology Stack
- Installation
- Usage
- API Documentation
- Security
- Deployment
- Contributing
- License
- 🔒 Text Encryption: Securely encrypt plaintext messages
- 🔓 Text Decryption: Decrypt messages with password authentication
- 📋 Copy to Clipboard: Easy copying of encrypted/decrypted results
- 📱 Responsive Design: Works on desktop, tablet, and mobile
- ⏰ Automatic Cleanup: Encrypted keys deleted after 3 days
- 🔒 Password Protection: No user accounts, password-based access
@startuml
!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Context.puml
Person(user, "User", "Internet user wanting to encrypt/decrypt confidential text")
System(encryptDecryptApp, "Encrypt/Decrypt Web App", "Provides encryption/decryption utility with password-based access")
Rel(user, encryptDecryptApp, "Uses", "HTTPS")
@enduml@startuml
!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml
Person(user, "User", "Internet user")
System_Boundary(aws, "AWS Cloud") {
Container(frontend, "React Frontend", "TypeScript, React", "Serves UI pages for encrypt/decrypt")
Container(backend, "Quarkus Backend", "Java, Quarkus", "Handles encryption/decryption logic")
ContainerDb(database, "DynamoDB", "NoSQL", "Stores encrypted private keys with TTL")
Container(infra, "AWS Infrastructure", "CDK", "Manages Lambda, API Gateway, etc.")
}
Rel(user, frontend, "Uses", "HTTPS")
Rel(frontend, backend, "Makes API calls", "JSON/HTTPS")
Rel(backend, database, "Stores/Retrieves keys", "AWS SDK")
Rel(infra, backend, "Deploys", "CDK")
@enduml-
Encryption Process
- User inputs plaintext message and password
- System generates RSA key pair
- Encrypts message with RSA public key
- Encrypts private key with password-derived AES key
- Stores encrypted private key in database with unique ID
- Returns Base64-encoded encrypted message + ID
-
Decryption Process
- User inputs encrypted message, ID, and password
- System retrieves encrypted private key from database
- Decrypts private key using password
- Decrypts message with private key
- Returns original plaintext
-
User Interface
- Two-page application: Encrypt and Decrypt
- Form validation and error handling
- Loading states during API calls
- Copy-to-clipboard functionality
- Responsive design for all devices
- Password-based authentication (no user accounts)
- Automatic key deletion after 3 days
- No sensitive data logging
- HTTPS encryption for all communications
- Response Time: API responses < 2 seconds
- Concurrent Users: Support 100+ simultaneous users
- Scalability: Serverless architecture auto-scales
- Encryption: RSA 2048-bit asymmetric encryption
- Data Protection: AES encryption for key storage
- Compliance: No personal data storage
- Audit: Secure logging without sensitive information
- Accessibility: WCAG 2.1 AA compliant
- Mobile Support: Responsive design for all screen sizes
- Intuitive UI: Clean, professional interface
- Error Handling: Clear error messages and recovery
- Availability: 99.9% uptime target
- Data Integrity: Automatic key cleanup prevents data accumulation
- Error Recovery: Graceful handling of failures
- Code Quality: Well-documented, tested code
- Modularity: Separated concerns (frontend/backend/infrastructure)
- CI/CD: Automated testing and deployment
- React 18 with TypeScript
- Vite for build tooling
- Bootstrap 5 for responsive UI
- React Router for navigation
- Axios for HTTP requests
- Java 21 with Quarkus 3+
- Maven for dependency management
- AWS SDK for DynamoDB integration
- REST API with JSON communication
- AWS Lambda for serverless compute
- API Gateway for REST API management
- DynamoDB for key storage with TTL
- S3 + CloudFront for static hosting
- AWS CDK for infrastructure as code
- Git for version control
- GitHub Actions for CI/CD
- Docker for local development
- DynamoDB Local for testing
- Java 17+ (for backend)
- Node.js 18+ (for frontend)
- Docker (for local database)
- AWS CLI (for deployment)
-
Clone the repository
git clone <repository-url> cd encryptdecrypt2
-
Backend Setup
cd backend mvn clean install -
Frontend Setup
cd ../frontend npm install -
Start Local Services
# Start DynamoDB Local docker run -d -p 8000:8000 amazon/dynamodb-local # Start Backend cd ../backend mvn quarkus:dev # Start Frontend (new terminal) cd ../frontend npm run dev
-
Access Application
- Frontend: http://localhost:5173
- Backend API: http://localhost:8080
- Navigate to the Encrypt page
- Enter your confidential message
- Choose a strong password
- Click "Encrypt Message"
- Copy the encrypted result
- Navigate to the Decrypt page
- Paste the encrypted message
- Enter the password used for encryption
- Click "Decrypt Message"
- View the original message
Encrypt a plaintext message.
Request Body:
{
"plaintext": "Your secret message",
"password": "yourpassword"
}Response:
{
"encrypted": "BASE64_ENCODED_ENCRYPTED_DATA"
}Decrypt an encrypted message.
Request Body:
{
"encrypted": "BASE64_ENCODED_ENCRYPTED_DATA",
"password": "yourpassword"
}Response:
{
"plaintext": "Your original message"
}- Algorithm: RSA 2048-bit asymmetric encryption
- Key Management: Keys generated per encryption, stored encrypted
- Password Protection: PBKDF2 key derivation with AES encryption
- Data Lifecycle: Keys automatically deleted after 3 days
- Use strong, unique passwords
- Keep passwords secure (not shared)
- Encrypted data expires automatically
- No personal information stored
-
Configure AWS Credentials
aws configure
-
Deploy Infrastructure
cd infra npm install npm run build cdk deploy -
Deploy Application
- GitHub Actions handles automated deployment
- Frontend deployed to S3/CloudFront
- Backend deployed to Lambda
AWS_REGION: AWS regionDYNAMODB_TABLE: Table name for key storageCORS_ORIGIN: Frontend URL for CORS
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
This application is provided "as is" for educational and utility purposes. While we strive for security, users should not rely on this for highly sensitive information without additional security measures. Always use strong passwords and understand that encrypted data is only as secure as your password.
The application does not store any personal information or user data. All encryption keys are temporary and automatically deleted.