Spaces:
Sleeping
Sleeping
Update README.md
Browse files
README.md
CHANGED
|
@@ -9,4 +9,107 @@ app_file: app.py
|
|
| 9 |
pinned: false
|
| 10 |
---
|
| 11 |
|
| 12 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
pinned: false
|
| 10 |
---
|
| 11 |
|
| 12 |
+
"""
|
| 13 |
+
Secure KeyLock Decoder API Server
|
| 14 |
+
|
| 15 |
+
This script deploys a secure Gradio application that acts as a server-side API
|
| 16 |
+
for decrypting and retrieving JSON data hidden within PNG images.
|
| 17 |
+
|
| 18 |
+
================================================================================
|
| 19 |
+
▶️ DEPLOYMENT GUIDE
|
| 20 |
+
================================================================================
|
| 21 |
+
|
| 22 |
+
---
|
| 23 |
+
OPTION 1: DEPLOY TO HUGGING FACE SPACES (RECOMMENDED)
|
| 24 |
+
---
|
| 25 |
+
This is the easiest and most secure way to deploy this application.
|
| 26 |
+
|
| 27 |
+
1. **Generate RSA Keys:**
|
| 28 |
+
First, you need a private/public RSA key pair. Use OpenSSL on your local machine:
|
| 29 |
+
```bash
|
| 30 |
+
# Generate a 4096-bit private key (stronger)
|
| 31 |
+
openssl genpkey -algorithm RSA -out keylock_priv.pem -pkeyopt rsa_keygen_bits:4096
|
| 32 |
+
|
| 33 |
+
# Extract the public key from the private key
|
| 34 |
+
openssl rsa -pubout -in keylock_priv.pem -out keylock_pub.pem
|
| 35 |
+
```
|
| 36 |
+
This will create two files: `keylock_priv.pem` (keep this secret!) and `keylock_pub.pem` (this is safe to share).
|
| 37 |
+
|
| 38 |
+
2. **Create a Hugging Face Space:**
|
| 39 |
+
- Go to Hugging Face and create a new "Space".
|
| 40 |
+
- Choose the "Gradio" SDK.
|
| 41 |
+
- Give it a name (e.g., "my-keylock-decoder").
|
| 42 |
+
|
| 43 |
+
3. **Upload Files to the Space Repository:**
|
| 44 |
+
- Rename this script to `app.py`.
|
| 45 |
+
- Create a `requirements.txt` file with the following content:
|
| 46 |
+
```
|
| 47 |
+
gradio
|
| 48 |
+
numpy
|
| 49 |
+
Pillow
|
| 50 |
+
cryptography
|
| 51 |
+
```
|
| 52 |
+
- Upload `app.py`, `requirements.txt`, and the public key `keylock_pub.pem` to your Space's repository.
|
| 53 |
+
- **DO NOT UPLOAD THE PRIVATE KEY (`keylock_priv.pem`)!**
|
| 54 |
+
|
| 55 |
+
4. **Set the Private Key as a Secret:**
|
| 56 |
+
- In your Space, go to the "Settings" tab.
|
| 57 |
+
- Find the "Repository secrets" section.
|
| 58 |
+
- Click "New secret".
|
| 59 |
+
- **Name:** `KEYLOCK_PRIV_KEY` (this name must be exact).
|
| 60 |
+
- **Value:** Open `keylock_priv.pem` on your local machine, copy its ENTIRE content (including `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----`), and paste it into the value field.
|
| 61 |
+
- The application will now automatically and securely load this key at runtime.
|
| 62 |
+
|
| 63 |
+
---
|
| 64 |
+
OPTION 2: RUN LOCALLY FOR DEVELOPMENT
|
| 65 |
+
---
|
| 66 |
+
Use this for testing on your own computer.
|
| 67 |
+
|
| 68 |
+
1. **Generate Keys:** Follow Step 1 from the Hugging Face guide.
|
| 69 |
+
|
| 70 |
+
2. **Install Dependencies:**
|
| 71 |
+
```bash
|
| 72 |
+
pip install gradio numpy Pillow cryptography
|
| 73 |
+
```
|
| 74 |
+
|
| 75 |
+
3. **Set Environment Variable:**
|
| 76 |
+
You must provide the private key as an environment variable.
|
| 77 |
+
- Open `keylock_priv.pem`, copy its entire content into your clipboard.
|
| 78 |
+
- In your terminal (Linux/macOS):
|
| 79 |
+
```bash
|
| 80 |
+
export KEYLOCK_PRIV_KEY='PASTE_THE_ENTIRE_KEY_CONTENT_HERE'
|
| 81 |
+
python app.py
|
| 82 |
+
```
|
| 83 |
+
- In Windows PowerShell:
|
| 84 |
+
```powershell
|
| 85 |
+
$env:KEYLOCK_PRIV_KEY='PASTE_THE_ENTIRE_KEY_CONTENT_HERE'
|
| 86 |
+
python app.py
|
| 87 |
+
```
|
| 88 |
+
|
| 89 |
+
4. **Run the Script:** The app will be available at `http://127.0.0.1:7860`.
|
| 90 |
+
|
| 91 |
+
---
|
| 92 |
+
OPTION 3: DEPLOY TO A SELF-HOSTED SERVER
|
| 93 |
+
---
|
| 94 |
+
For advanced users deploying on their own VPS or server.
|
| 95 |
+
|
| 96 |
+
1. **Generate Keys & Install Dependencies:** Follow steps 1 & 2 from the local guide.
|
| 97 |
+
|
| 98 |
+
2. **Launch the App:**
|
| 99 |
+
Modify the `demo.launch()` line at the bottom of this script to bind to all network interfaces:
|
| 100 |
+
`demo.launch(server_name="0.0.0.0", server_port=7860)`
|
| 101 |
+
|
| 102 |
+
3. **Manage Environment Variable:**
|
| 103 |
+
Set the `KEYLOCK_PRIV_KEY` environment variable using a production-safe method like a `.env` file with `python-dotenv`, systemd service files, or your container orchestration platform (e.g., Docker, Kubernetes).
|
| 104 |
+
|
| 105 |
+
4. **Use a Reverse Proxy (CRITICAL):**
|
| 106 |
+
Do not expose the Gradio port directly to the internet. Place the application behind a reverse proxy like Nginx or Caddy. The proxy will handle SSL/TLS termination (HTTPS), provide better security, and manage traffic.
|
| 107 |
+
|
| 108 |
+
================================================================================
|
| 109 |
+
|
| 110 |
+
This application implements a hybrid security model:
|
| 111 |
+
1. **Steganography (LSB):** The encrypted payload is hidden in the least significant
|
| 112 |
+
bits (LSB) of the image's pixel data.
|
| 113 |
+
2. **Hybrid Encryption (RSA-KEM + AES-GCM):** The actual JSON payload is encrypted
|
| 114 |
+
with a one-time AES key, which itself is encrypted with the server's RSA public key.
|
| 115 |
+
"""
|