Time spent: 5 hours spent in total
The following required functionality is completed:
1. Symmetric Encrypt/Decrypt
- Required: Repair the symmetric encrypt and decrypt code
2. Encrypted Message 1
- Required: Decrypt the government message: I heard about your current situation. Do you know who hacked APEX? -- The Chairman
- Required: Encrypt a response and include in this README: Rrqrdwhffky1MsU5fdz0uFbcsXoK4caqO/pL8lqH62wlcvGUglLOkieXg6SoH9NT11LkI0L7gRGd8a+atk//zA==
3. Generate Public-Private Keys
- Required: Repair the key generator code
- Required: Generate keys for "johnsteed" and add him to the Agent Directory
4. Asymmetric Encrypt/Decrypt
- Required: Repair the asymmetric encrypt and decrypt code
5. Create/Verify Signature
- Required: Repair the create and verify signature code
6. Encrypted Message 2
- Required: Decrypt the message: Cannot access APEX from this location. Send new agent codename and public key so I can contact. Encrypt response to protect codename. Include signature to verify identity and message integrity. -- sydneybristow
- Required: Verify the message
- Required: Include a response message in this README: a0JCBN8zsiRHoRWHbPzoUbKjcD2Hfzfo+sMLaAegSS7hb545Ji1SwdtqYTrU24dEdhR7fPywvD2dORsE1nsOR7QzaHFrJqD3mST7IiCNkA4IYcllZTwWLIEBSmQOnvjZuyQQ9e/0srjc9eM869oMZB11dNPtrNRWCFuQQsKQAfS/AO8O/Bal3DThXDbs71hWQm8I4NaFb0SC82BDAg+3eLlnyJlm6PmHSKG442ea2kEF+PHupAjuyMXYEKJb0tUZybzmjbzHp4A2l/OnA++xNsD8attqT76V8voxb5vSZFUhVE9AhA0MAV8klgKQjps2g8ljfx3LXYfqrFT+PthXEg==
Signature: my4tEV0zLNeyFpYdSV+H1b1+ttXdMoO3yoS8bHlO6/k2ao3KICp/G3ahJASCTV9OpxJmV2PC4JmT2i0hOCDRMIi2vyXmdrWujbgWD1Hy/k7fXjsvISoQpWfSd4j+WAPN8KidMniAEwaPR/4ARn2OZQjxkyDqHkqrKTUwr5s3hcjjn8xGVTzwWPf3S8nBZ5ALqIRNgeaIXjxDMKLdSdctfqkm8qHUKzN+pFDtNeNxsjZa43pZ9H+gU2C9Zn4rq/+THETw6dNU/m3du9Oxh2x4QWdwhWjgNy/H9cvHvk0NGt9h6/HFPjbtSZDcrSJHFRusGG8bV1BEAZIkuXxh4j0qAg==
7. Agent Messages
- Required: Repair the dropbox code
- Required: Repair the messages area
- Required: Display encrypted messages for all agents
- Required: Messages indicate whether the message signature is valid
- Required: Your messages are automatically decrypted
8. Identify the Double Agent
- Required: Decrypt as many email messages as possible: Email 1: The SQL injection we discussed is in place. Just search for an agent. Email 2: Email 3: Today I was able to sneak several XSS vulnerabilities onto one of the encrypt/decrypt pages. Email 4: Email 5: Let me know before you go inside. I'll create a distraction. - Austin Email 6: Let me know before you go inside. I'll create a distraction. - Natasha
- Required: Identify the double agent: Natasha - The fifth email had an invalid signature.
The following objectives are optional:
-
Bonus Objective 1.
- Track down the bugs in the code and fix them.
-
Bonus Objective 2.
- Write a report of your discoveries (longer than 300 characters).
- Compose a secure email for sending over an insecure network.
- Include the email with your encrypted report in this README.
-
Bonus Objective 3.
- Add a "Create/Verify Checksum" section to the Encryption Tools area.
-
Advanced Objective 1.
- Add support for other symmetric algorithms.
Here's a walkthrough of implemented user stories:
GIF created with Peek.
Describe any challenges encountered while building the app.
Copyright [2017] [Jocelyn Tran]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.