Spaces:
Sleeping
Sleeping
Update app.py
Browse files
app.py
CHANGED
|
@@ -1,108 +1,3 @@
|
|
| 1 |
-
"""
|
| 2 |
-
Secure KeyLock Decoder API Server
|
| 3 |
-
|
| 4 |
-
This script deploys a secure Gradio application that acts as a server-side API
|
| 5 |
-
for decrypting and retrieving JSON data hidden within PNG images.
|
| 6 |
-
|
| 7 |
-
================================================================================
|
| 8 |
-
▶️ DEPLOYMENT GUIDE
|
| 9 |
-
================================================================================
|
| 10 |
-
|
| 11 |
-
---
|
| 12 |
-
OPTION 1: DEPLOY TO HUGGING FACE SPACES (RECOMMENDED)
|
| 13 |
-
---
|
| 14 |
-
This is the easiest and most secure way to deploy this application.
|
| 15 |
-
|
| 16 |
-
1. **Generate RSA Keys:**
|
| 17 |
-
First, you need a private/public RSA key pair. Use OpenSSL on your local machine:
|
| 18 |
-
```bash
|
| 19 |
-
# Generate a 4096-bit private key (stronger)
|
| 20 |
-
openssl genpkey -algorithm RSA -out keylock_priv.pem -pkeyopt rsa_keygen_bits:4096
|
| 21 |
-
|
| 22 |
-
# Extract the public key from the private key
|
| 23 |
-
openssl rsa -pubout -in keylock_priv.pem -out keylock_pub.pem
|
| 24 |
-
```
|
| 25 |
-
This will create two files: `keylock_priv.pem` (keep this secret!) and `keylock_pub.pem` (this is safe to share).
|
| 26 |
-
|
| 27 |
-
2. **Create a Hugging Face Space:**
|
| 28 |
-
- Go to Hugging Face and create a new "Space".
|
| 29 |
-
- Choose the "Gradio" SDK.
|
| 30 |
-
- Give it a name (e.g., "my-keylock-decoder").
|
| 31 |
-
|
| 32 |
-
3. **Upload Files to the Space Repository:**
|
| 33 |
-
- Rename this script to `app.py`.
|
| 34 |
-
- Create a `requirements.txt` file with the following content:
|
| 35 |
-
```
|
| 36 |
-
gradio
|
| 37 |
-
numpy
|
| 38 |
-
Pillow
|
| 39 |
-
cryptography
|
| 40 |
-
```
|
| 41 |
-
- Upload `app.py`, `requirements.txt`, and the public key `keylock_pub.pem` to your Space's repository.
|
| 42 |
-
- **DO NOT UPLOAD THE PRIVATE KEY (`keylock_priv.pem`)!**
|
| 43 |
-
|
| 44 |
-
4. **Set the Private Key as a Secret:**
|
| 45 |
-
- In your Space, go to the "Settings" tab.
|
| 46 |
-
- Find the "Repository secrets" section.
|
| 47 |
-
- Click "New secret".
|
| 48 |
-
- **Name:** `KEYLOCK_PRIV_KEY` (this name must be exact).
|
| 49 |
-
- **Value:** Open `keylock_priv.pem` on your local machine, copy its ENTIRE content (including `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----`), and paste it into the value field.
|
| 50 |
-
- The application will now automatically and securely load this key at runtime.
|
| 51 |
-
|
| 52 |
-
---
|
| 53 |
-
OPTION 2: RUN LOCALLY FOR DEVELOPMENT
|
| 54 |
-
---
|
| 55 |
-
Use this for testing on your own computer.
|
| 56 |
-
|
| 57 |
-
1. **Generate Keys:** Follow Step 1 from the Hugging Face guide.
|
| 58 |
-
|
| 59 |
-
2. **Install Dependencies:**
|
| 60 |
-
```bash
|
| 61 |
-
pip install gradio numpy Pillow cryptography
|
| 62 |
-
```
|
| 63 |
-
|
| 64 |
-
3. **Set Environment Variable:**
|
| 65 |
-
You must provide the private key as an environment variable.
|
| 66 |
-
- Open `keylock_priv.pem`, copy its entire content into your clipboard.
|
| 67 |
-
- In your terminal (Linux/macOS):
|
| 68 |
-
```bash
|
| 69 |
-
export KEYLOCK_PRIV_KEY='PASTE_THE_ENTIRE_KEY_CONTENT_HERE'
|
| 70 |
-
python app.py
|
| 71 |
-
```
|
| 72 |
-
- In Windows PowerShell:
|
| 73 |
-
```powershell
|
| 74 |
-
$env:KEYLOCK_PRIV_KEY='PASTE_THE_ENTIRE_KEY_CONTENT_HERE'
|
| 75 |
-
python app.py
|
| 76 |
-
```
|
| 77 |
-
|
| 78 |
-
4. **Run the Script:** The app will be available at `http://127.0.0.1:7860`.
|
| 79 |
-
|
| 80 |
-
---
|
| 81 |
-
OPTION 3: DEPLOY TO A SELF-HOSTED SERVER
|
| 82 |
-
---
|
| 83 |
-
For advanced users deploying on their own VPS or server.
|
| 84 |
-
|
| 85 |
-
1. **Generate Keys & Install Dependencies:** Follow steps 1 & 2 from the local guide.
|
| 86 |
-
|
| 87 |
-
2. **Launch the App:**
|
| 88 |
-
Modify the `demo.launch()` line at the bottom of this script to bind to all network interfaces:
|
| 89 |
-
`demo.launch(server_name="0.0.0.0", server_port=7860)`
|
| 90 |
-
|
| 91 |
-
3. **Manage Environment Variable:**
|
| 92 |
-
Set the `KEYLOCK_PRIV_KEY` environment variable using a production-safe method like a `.env` file with `python-dotenv`, systemd service files, or your container orchestration platform (e.g., Docker, Kubernetes).
|
| 93 |
-
|
| 94 |
-
4. **Use a Reverse Proxy (CRITICAL):**
|
| 95 |
-
Do not expose the Gradio port directly to the internet. Place the application behind a reverse proxy like Nginx or Caddy. The proxy will handle SSL/TLS termination (HTTPS), provide better security, and manage traffic.
|
| 96 |
-
|
| 97 |
-
================================================================================
|
| 98 |
-
|
| 99 |
-
This application implements a hybrid security model:
|
| 100 |
-
1. **Steganography (LSB):** The encrypted payload is hidden in the least significant
|
| 101 |
-
bits (LSB) of the image's pixel data.
|
| 102 |
-
2. **Hybrid Encryption (RSA-KEM + AES-GCM):** The actual JSON payload is encrypted
|
| 103 |
-
with a one-time AES key, which itself is encrypted with the server's RSA public key.
|
| 104 |
-
"""
|
| 105 |
-
|
| 106 |
import os
|
| 107 |
import io
|
| 108 |
import json
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
import os
|
| 2 |
import io
|
| 3 |
import json
|