Spaces:
Sleeping
Sleeping
File size: 4,367 Bytes
fd9604a 28e0282 fd9604a c0b7b62 0cd37b2 c0b7b62 0cd37b2 8dfacf1 0cd37b2 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
---
title: KeyLock Auth Server
emoji: 🌍
colorFrom: pink
colorTo: purple
sdk: gradio
sdk_version: 5.33.0
app_file: app.py
pinned: false
---
# Secure KeyLock Decoder API Server
## This script deploys a secure Gradio application that acts as a server-side API
for decrypting and retrieving JSON data hidden within PNG images.
================================================================================
▶️ DEPLOYMENT GUIDE
================================================================================
---
OPTION 1: DEPLOY TO HUGGING FACE SPACES (RECOMMENDED)
---
This is the easiest and most secure way to deploy this application.
1. **Generate RSA Keys:**
First, you need a private/public RSA key pair. Use OpenSSL on your local machine:
```bash
# Generate a 4096-bit private key (stronger)
openssl genpkey -algorithm RSA -out keylock_priv.pem -pkeyopt rsa_keygen_bits:4096
# Extract the public key from the private key
openssl rsa -pubout -in keylock_priv.pem -out keylock_pub.pem
```
This will create two files: `keylock_priv.pem` (keep this secret!) and `keylock_pub.pem` (this is safe to share).
2. **Create a Hugging Face Space:**
- Go to Hugging Face and create a new "Space".
- Choose the "Gradio" SDK.
- Give it a name (e.g., "my-keylock-decoder").
3. **Upload Files to the Space Repository:**
- Rename this script to `app.py`.
- Create a `requirements.txt` file with the following content:
```
gradio
numpy
Pillow
cryptography
```
- Upload `app.py`, `requirements.txt`, and the public key `keylock_pub.pem` to your Space's repository.
- **DO NOT UPLOAD THE PRIVATE KEY (`keylock_priv.pem`)!**
4. **Set the Private Key as a Secret:**
- In your Space, go to the "Settings" tab.
- Find the "Repository secrets" section.
- Click "New secret".
- **Name:** `KEYLOCK_PRIV_KEY` (this name must be exact).
- **Value:** Open `keylock_priv.pem` on your local machine, copy its ENTIRE content (including `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----`), and paste it into the value field.
- The application will now automatically and securely load this key at runtime.
---
OPTION 2: RUN LOCALLY FOR DEVELOPMENT
---
Use this for testing on your own computer.
1. **Generate Keys:** Follow Step 1 from the Hugging Face guide.
2. **Install Dependencies:**
```bash
pip install gradio numpy Pillow cryptography
```
3. **Set Environment Variable:**
You must provide the private key as an environment variable.
- Open `keylock_priv.pem`, copy its entire content into your clipboard.
- In your terminal (Linux/macOS):
```bash
export KEYLOCK_PRIV_KEY='PASTE_THE_ENTIRE_KEY_CONTENT_HERE'
python app.py
```
- In Windows PowerShell:
```powershell
$env:KEYLOCK_PRIV_KEY='PASTE_THE_ENTIRE_KEY_CONTENT_HERE'
python app.py
```
4. **Run the Script:** The app will be available at `http://127.0.0.1:7860`.
---
OPTION 3: DEPLOY TO A SELF-HOSTED SERVER
---
For advanced users deploying on their own VPS or server.
1. **Generate Keys & Install Dependencies:** Follow steps 1 & 2 from the local guide.
2. **Launch the App:**
Modify the `demo.launch()` line at the bottom of this script to bind to all network interfaces:
`demo.launch(server_name="0.0.0.0", server_port=7860)`
3. **Manage Environment Variable:**
Set the `KEYLOCK_PRIV_KEY` environment variable using a production-safe method like a `.env` file with `python-dotenv`, systemd service files, or your container orchestration platform (e.g., Docker, Kubernetes).
4. **Use a Reverse Proxy (CRITICAL):**
Do not expose the Gradio port directly to the internet. Place the application behind a reverse proxy like Nginx or Caddy. The proxy will handle SSL/TLS termination (HTTPS), provide better security, and manage traffic.
================================================================================
This application implements a hybrid security model:
1. **Steganography (LSB):** The encrypted payload is hidden in the least significant
bits (LSB) of the image's pixel data.
2. **Hybrid Encryption (RSA-KEM + AES-GCM):** The actual JSON payload is encrypted
with a one-time AES key, which itself is encrypted with the server's RSA public key.
""" |