Skip to content

drunisa007/VoteSafe

BranchesTags

Repository files navigation

Project Overview

This project is a secret voting system that utilizes a modern, high-performance tech stack to deliver efficient and scalable solutions. Below is a breakdown of the technologies used and their roles in the system.

Tech Stack

Database

  • PostgreSQL with SeaORM

    • PostgreSQL is used as the relational database for storing structured data.
    • SeaORM is an async ORM for Rust that provides type-safe query building and schema management.

  • Backend Framework

    • A powerful and ergonomic web framework for Rust, designed for performance and async workloads.

  • Authentication

    • Please read below about the authentication process.

  • WebSockets

    • Axum WS
      • WebSocket support for real-time bidirectional communication.

  • Redis

    • Used for caching, session management, and real-time data processing.

  • Parallelism

    • Rayon is used for parallel data processing to improve performance.
    • Future Utils assists with async task execution and concurrency handling.

  • QR Code Generation

    • Python (Pillow, qrcode)
      • Python libraries for generating and processing QR codes.

  • Dart CLI App

    • Demonstrates encryption techniques using Dart.

Secure Authentication Flow

QR Code Generation

1. Secret Code Generation

  • Encrypt a secret message using AES-GCM encryption, generating:
    • nonce
    • secret_key
    • secret_message
    • secret_code

2. Storage

  • Store secret_message, nonce, and secret_key in the database.
  • In the future, these values will be stored in a vault like HashiCorp Vault.

3. QR Code Creation

  • Use the list of secret_code values to generate QR codes using Python.
  • Share the generated QR code with the user.

Authentication Process

1. Verification

  • The user scans the QR code to retrieve:
    • user_id
    • secret_code
  • Each client has a unique key, which is also stored on the server.
  • The client encrypts user_id using HMAC-SHA256 with its unique key.
  • The server performs the same encryption and compares the result.
  • If they match, the user is assigned Level 2 access.

2. Key Exchange

Client:

  • Generates an Ed25519 key pair (private & public key).
  • Sends the public key to the server.

Server:

  • Also generates an Ed25519 key pair.
  • Uses the user’s public key to compute a shared key using the Diffie–Hellman (DH) Algorithm.
  • Generates a nonce and derives a final shared key using HKDF.
  • Stores the final shared key in memory with a defined lifetime.
  • Sends back the server’s public key and the nonce to the client.

Client:

  • Uses the received server public key and nonce to derive the same shared key.
  • Stores the final shared key securely.

3. Login

Client:

  • Uses the shared secret key to encrypt the user_id with HMAC-SHA256.
  • Sends the encrypted value to the server.

Server:

  • Uses the stored shared secret key to perform the same encryption on user_id.
  • Compares the result with the client’s submission.
  • If they match:
    • Generates an Access Token and a Refresh Token.
    • Sends the tokens to the client.

About

Blazingly Fast, Memory-Safe, Secure Voting System written in Rust

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages