NOTICE: All information contained herein is, and remains
the property of TechnoCore.
The intellectual and technical concepts contained
herein are proprietary to TechnoCore and dissemination of this information or reproduction of this material
is strictly forbidden unless prior written permission is obtained
from TechnoCore.
This document provides a comprehensive explanation of the asymmetric encryption system used within the Axion framework. The core logic is centralized in factory.core/ConfigIni.py and is exposed via the ObjTextEncrypt and ObjTextDecrypt text processing objects.
The system uses asymmetric cryptography, also known as public-key cryptography. This method involves a pair of keys for each "package" (e.g., axion):
This approach ensures that even if an unauthorized party gains access to the public key and encrypted data, they cannot decipher the information without the private key.
Keys are not generated automatically; they must be explicitly created for each package that requires encryption.
ConfigIni.py script with the genkey command and the target package name. This must be done with sudo and from within the project's virtual environment.sudo dev-env/bin/python factory.core/ConfigIni.py genkey [package_name]
cryptography.hazmat library to generate a standard 2048-bit RSA key pair..pem files in the data.config/ directory (e.g., axion_public.pem and axion_private.pem).ConfigIni.encrypt)When ObjTextEncrypt or ConfigIni.encrypt is called, the following steps occur:
[package_name]_public.pem) for the specified package.^) is prepended to the Base64 string. This acts as a clear identifier, allowing the decryption process to quickly recognize the string as encrypted content.The final output is a string like: ^T29Nf...rest_of_base64_string...=
ConfigIni.decrypt)When ObjTextDecrypt or ConfigIni.decrypt is called, the process is reversed:
^ prefix. If it's not present, the string is assumed to be plaintext and is returned as-is.[package_name]_private.pem) for the specified package is loaded from the data.config/ directory.^ is removed, and the remaining Base64 string is decoded back into its binary ciphertext form.