A lightweight Flask-based backend that securely stores and retrieves encrypted messages per user using AES-256 encryption.
- AES-256 (CBC mode) encryption with random IV per message
- Encrypted messages stored per user
- Decryption only available to the original user
- Debug route to demonstrate broken vs fixed decryption logic
- Auto-deletes messages after 10 minutes (bonus)
- Clean, modular code
1. `POST : http://localhost:5055/messages
Store a message for a user.
{
"userId": "james",
"message": "Hello Secure World!"
}
### 2. `GET : http://localhost:5055/messages/jamess
Retrieve the message
#### Response:
```json
{
"messages": [
"Hello Secure World!"
]
}
---
## Design Answers
**1. What encryption method and mode did you choose, and why?**
We use AES-256 in CBC mode for its balance of security and widespread industry support. CBC ensures confidentiality when paired with random IVs.
**2. How do you ensure only the original user can access their messages?**
Messages are stored under a unique `userId`. Retrieval is only possible via `GET /messages/<userId>`. In production, authentication would ensure the requester matches the ID.
**3. How do you store and extract the IV?**
The IV is randomly generated for each message and prepended to the ciphertext before base64 encoding. It is extracted during decryption by slicing the first 16 bytes.
**4. How do you prevent user ID spoofing?**
In this demo, we assume trusted `userId`. In production, we'd use JWT-based authentication to tie the token identity to the `userId`.