A lightweight Flask-based backend that securely stores and retrieves encrypted messages per user using AES-256 encryption.
- AES-256 (CBC mode) encryption with random IV per message
- Encrypted messages stored per user
- Decryption only available to the original user
- Debug route to demonstrate broken vs fixed decryption logic
- Auto-deletes messages after 10 minutes (bonus)
- Clean, modular code
1. `POST : http://localhost:5055/messages
Store a message for a user.
{ "userId": "james", "message": "Hello Secure World!" } ### 2. `GET : http://localhost:5055/messages/jamess Retrieve the message #### Response: ```json { "messages": [ "Hello Secure World!" ] } --- ## Design Answers **1. What encryption method and mode did you choose, and why?** We use AES-256 in CBC mode for its balance of security and widespread industry support. CBC ensures confidentiality when paired with random IVs. **2. How do you ensure only the original user can access their messages?** Messages are stored under a unique `userId`. Retrieval is only possible via `GET /messages/<userId>`. In production, authentication would ensure the requester matches the ID. **3. How do you store and extract the IV?** The IV is randomly generated for each message and prepended to the ciphertext before base64 encoding. It is extracted during decryption by slicing the first 16 bytes. **4. How do you prevent user ID spoofing?** In this demo, we assume trusted `userId`. In production, we'd use JWT-based authentication to tie the token identity to the `userId`.