IntroductionUse Virgil Cards Service to verify the integrity of data at any point. Data Integrity is essential to anyone who wants to guarantee that their data has not been tampered with.What you'll learn at the end of the tutorialHow to create and publish users public keys on Virgil Cards Service.How to create tamper proof signature, to be sure of data integrity.We publish the users public keys on Virgil Cards Service so that users are able to use it at any time to encrypt data or verify signature. The private keys will stay on users devices.What's Virgil propose developersOpen source Crypto Library. In oder to perform cryptographic operations.Virgil Services. For storing & managing users Public Keys and validation of user identities in anything from emails to applications.Virgil SDK that lets you easily manage a Crypto Library and communicate with Virgil Services.What's needed from developers sidehave a backend server for your app.have a client-side application.OK, enough talking! Let's get started!
Collect Account informationThe first thing you need to do is grab all the necessary information from Virgil account. To set up your Client and Server Sides, you need the following values from your account:Account valuesDescriptionACCESS_TOKENUsed to authenticate your users on Virgil Services.APP_KEYPrivate Key that is generated during an Application registration on your dashboard.APP_KEY_PASSWORDA password that established for a Private Key of your Application.APP_IDYour application identifier.
Set up your server sideYour server should be able to authorize your users, store your Application's Virgil Key and use the Virgil SDK for cryptographic operations or for requests to Virgil Services. You can configure your server using the next steps:Install SDK & Setup Virgil CryptoThe Virgil Python SDK is provided as a package named virgil-sdk. The package is distributed via pip package manager.The package is available for:Python 2.7.xPython 3.xInstalling the package:The Virgil Python SDK is provided as a package named virgil-sdk. The package is distributed via Pypi package management system. To install the pip package use the command below:pip install virgil-sdkSet up authentication on a server sideYou need to set up server-side SDK to sign and approve user's Card.Here is an example of how to setup server side with an Access Token:key_file_content = open("[YOUR_APP_KEY_FILEPATH_HERE]", "r").read() raw_private_key = base64.b64decode(key_file_content) creds = Credentials( app_id="[YOUR_APP_ID_HERE]", app_key=raw_private_key, app_key_password="[YOUR_APP_KEY_PASSWORD_HERE]" ) context = VirgilContext( access_token="[YOUR_ACCESS_TOKEN_HERE]", credentials=creds ) virgil = Virgil(context=context)
Set up your Client sideSet up the client side to provide your users with an access token after their registration at your Application Server to authenticate them for further operations and transmit their Virgil Cards to the server. Configure the client side using the next steps:Install SDK & Setup Virgil CryptoThe Virgil Python SDK is provided as a package named virgil-sdk. The package is distributed via pip package manager.The package is available for:Python 2.7.xPython 3.xInstalling the package:The Virgil Python SDK is provided as a package named virgil-sdk. The package is distributed via Pypi package management system. To install the pip package use the command below:pip install virgil-sdkSet up authentication on a client sideIn order to make call to Virgil Services, for example, to publish user's Card on Virgil Cards Service you need to have a Access Token.With the Access Token we can initialize the Virgil SDK on the client-side to start doing fun stuff like sending and receiving messages.To initialize the Virgil SDK on a client-side you need to use the following code:virgil = Virgil("[YOUR_ACCESS_TOKEN_HERE]")Need more settings? Visit our configuration guides.
Register UsersNow you need to register users who will encrypt data.In order to sign and encrypt a data each user must have his own tools, which allow him to perform cryptographic operations, and these tools must contain the necessary information to identify users. In Virgil Security, these tools are the Virgil Key and the Virgil Card.When we have already set up the Virgil SDK on the server & client sides, we can finally create Virgil Cards for the users and transmit the Cards to your Server for further publication on Virgil Services.Generate Keys and Create Virgil CardUse the Virgil SDK on the client side to generate a new Key Pair, and then create a user's Virgil Card using the recently generated Virgil Key. All keys are generated and stored on the client side.In this example we:use Virgil Crypto Library to generate Key Pair;save a Private Key into Key Storage created by Virgil Client SDK on user's device;create user's Virgil Card. Each Virgil Card is signed by a user's Virgil Key, which guarantees the Virgil Card's content integrity over its life cycle.# generate a new Virgil Key alice_key = virgil.keys.generate() # save the Virgil Key into storage alice_key.save("[KEY_NAME]", "[KEY_PASSWORD]") # create identity for Alice alice_identity = virgil.identities.create_user("alice", "username") # create user Virgil Card alice_card = virgil.cards.create(alice_identity, alice_key) Virgil doesn't keep a copy of your Virgil Key. If you lose a Virgil Key, there is no way to recover it.Transmit Cards to Your ServerIn order to add the signature of your app server to a user's Card you need to transmit an existing user's Card to your server. You can use any suitable way to transmit the Card.If you need to export a user's Card to a string representation on a client side or import a Card from the string representation on a server side, use the following lines of code:# export a Virgil Card to string exported_alice_card = alice_card.export() # import a Virgil Card from string alice_card = virgil.cards.import_card(exported_alice_card)Sign a transmitted user's Card with App Key and publish the Card on Virgil Cards Service:# publish a Virgil Card alice_card.publish()With the user's Private Key and Cards in place, you will be ready to sign and encrypt a message for encrypted communication. Also, once the Recipient receives the signed and encrypted message, he can decrypt message and verify signature.
Sign DataWith the sender's Cards in place, we are now ready to ensure the data integrity by creating a digital signature. This signature ensures that no third party modified any of the message's content and that they can trust a sender.# prepare a message message = "Hey Bob, hope you are doing well." # wrap data to buffer data_buff = VirgilBuffer.from_string(message) # generate signature signature = alice_key.sign(data_buff)TransmissionThe Sender is now ready to transmit the signature and message to the Receiver. Use your client application to transmit user's signed data. See our guide on Transmitting Data for best practices, or check our tutorial on Secure IP Messaging with Twilio.
Find the Sender's CardFor the receiving client to verify the message it needs the sender's card.To look up the sender's card we use the identifier we used when publishing the card, in this case that is alice.# search for all User's Virgil Cards. alice_cards = virgil.cards.find(["alice"]) The identifier for a Virgil Card can be any ID you prefer, for example, a username or user ID. The Finding Card guide provides more details. This will return all cards for Alice, which we can use to verify the data.
Verify DataWith the sender's Cards in, we can now verify ensure the Data Integrity of the message by checking the Digital Signature.# verify signature using Alice's Virgil Card if not alice_cards.verify(message, signature): raise Exception("Aha... Alice it's not you.")
Get HelpNeed some extra help? Get help now from our support team on Slack. Have fun building your digital solution with End-to-End encryption!Don’t forget to subscribe to our Youtube channel. There you will find video series on how to do End-to-End Encryption.
