Please add pull requests in github. Always welcome to expand on this project.
This document provides details on all API endpoints for the Timestamp and Encryption Application and explains what each endpoint does.
http://localhost:5000/
CORS (Cross-Origin Resource Sharing) can be enabled or disabled in the application using an environment variable. The environment variable CORS can be set in the .env file as follows:
- Enable CORS: Set
CORS=trueorCORS=1to allow cross-origin requests. - Disable CORS: Set
CORS=falseorCORS=0(default behavior).
CORS is useful when your frontend and backend are running on different domains or ports, and you want to allow them to communicate.
Example .env file:
CORS=true
This endpoint generates a timestamp token by signing the provided data with the current timestamp. The response includes the current timestamp and the base64-encoded signature of the timestamped data.
POST
data: The document or message data to be timestamped.
timestamp: The current UTC timestamp.timestamp_token: The base64-encoded signature of the data combined with the timestamp.
curl -X POST http://localhost:5000/timestamp \
-H "Content-Type: application/json" \
-d '{"data": "Document data to timestamp"}'{
"timestamp": "2024-09-23T12:34:56.789123",
"timestamp_token": "dGltZXN0YW1wX3NpZ25hdHVyZQ=="
}Signs the provided data using the private key and returns the base64-encoded signature.
POST
data: The data to sign.
signature: The base64-encoded signature of the data.
curl -X POST http://localhost:5000/sign \
-H "Content-Type: application/json" \
-d '{"data": "Message to sign"}'{
"signature": "c2lnbmF0dXJlX2luX2Jhc2U2NA=="
}Decrypts the base64-encoded encrypted data using the private key and returns the decrypted plaintext.
POST
data: The base64-encoded encrypted data to decrypt.
decrypted_data: The decrypted plaintext data.
curl -X POST http://localhost:5000/decrypt \
-H "Content-Type: application/json" \
-d '{"data": "YmFzZTY0X2VuY3J5cHRlZF9kYXRh"}'{
"decrypted_data": "Original decrypted message"
}Encrypts the provided data using the public key and returns the base64-encoded encrypted data.
POST
data: The data to encrypt.
encrypted_data: The base64-encoded encrypted data.
curl -X POST http://localhost:5000/encrypt \
-H "Content-Type: application/json" \
-d '{"data": "Message to encrypt"}'{
"encrypted_data": "YmFzZTY0X2VuY3J5cHRlZF9kYXRh"
}Verifies if the provided signature was created using the private key for the provided data. The endpoint uses the public key for verification.
POST
data: The original data (message or document) to verify.signature: The base64-encoded signature to verify.
message: Either"Signature is valid"or"Signature is invalid".
curl -X POST http://localhost:5000/verify \
-H "Content-Type: application/json" \
-d '{"data": "Message to verify", "signature": "YmFzZTY0X3NpZ25hdHVyZQ=="}'{
"message": "Signature is valid"
}{
"message": "Signature is invalid",
"error": "InvalidSignature: Signature verification failed"
}In case of errors, the API returns an appropriate error message in the response body, along with an HTTP 400 status code.
{
"error": "No data provided"
}- Timestamping: Use the
/timestampendpoint to generate timestamp tokens for document signing or auditing purposes (still work in progress). - Digital Signatures: Use the
/signendpoint to digitally sign documents or messages. - Encryption and Decryption: Use the
/encryptand/decryptendpoints to securely transmit sensitive data. - Signature Verification: Use the
/verifyendpoint to verify that a message or document was signed with the corresponding private key.