USING CRYPTOGRAPHY AS A SERVICE IN WEB PROGRAMMING
DOI:
https://doi.org/10.32689/maup.it.2024.4.6Keywords:
Digital Signature, PKI (Public Key Infrastructure), Digital Certificates, CA, Certification Authority, (RA, Registration Authority), (DB, Database), (CMS, Certificate Management System), (CRL, Certificate Revocation List), (Public and Private Keys), ECDSA, RSA, SHA-2Abstract
The article is devoted to the study of the use of Cryptography as a Service (CaaS) in web programming, which is an important component of modern approaches to ensuring the security of web applications. Given the constant growth of the number of online services and the growing importance of protecting personal data, the need for reliable cryptography methods is undeniable. Web developers often face the problem of integrating cryptographic functions into their applications, which requires significant expenditure of time, effort and resources. Cryptography as a service provides a convenient and effective alternative, allowing you to quickly integrate data protection via API, without the need for in-depth knowledge in the field of cryptography. The purpose of the article. To investigate the concept of using cryptography as a CaaS service, Cryptography in web programming, to determine its advantages, limitations and prospects for ensuring the security of web applications, as well as to develop recommendations for integrating CaaS into modern web development processes. Methodology. A review of existing CaaS services (for example, AWS Key Management Service, Azure Key Vault) was conducted. The technical aspects of integrating cryptographic services into web applications were analyzed using examples of popular programming languages (JavaScript, Python, Java). A comparative analysis of the effectiveness and security of CaaS was performed in comparison with traditional methods of implementing cryptography in web programming. The practical use of CaaS was tested in modeling scenarios for data encryption, key management and authentication. Scientific novelty. A systematic analysis of the capabilities of CaaS in web programming, in particular for data encryption, digital signature, authentication and key management, is presented. New approaches to reducing the burden on developers by delegating complex cryptographic operations to cloud services are described. Recommendations for the selection and integration of CaaS are proposed, taking into account the specifics of web applications. Conclusion. Cryptography as a service offers developers effective tools for improving the security of web applications, allowing them to delegate complex cryptographic tasks to specialized platforms. This simplifies the implementation of reliable encryption, authentication, and key management mechanisms, which are critical for modern web systems. However, for effective use of CaaS, it is necessary to take into account the specifics of applications, ensure compliance with regulatory requirements, and minimize dependence on external services by implementing backup mechanisms. Overall, the article offers a comprehensive overview of cryptography as a service in the context of web programming and demonstrates how this approach can significantly facilitate the development of secure web applications, while maintaining high system performance and reliability.
References
"Secure Electronic Signature Regulations SOR/2005-30". Justice Laws Website. 10 March 2011. Archived from the original on 28 February 2020. Retrieved 19 May 2020.
"US ESIGN Act of 2000" (PDF). Archived (PDF) from the original on 2011-05-22. Retrieved 2006-05-10.
Bellare, Mihir; Goldwasser, Shafi (July 2008). "Chapter 10: Digital signatures". Lecture Notes on Cryptography (PDF). p. 168. Archived (PDF) from the original on 2022-04-20. Retrieved 2023-06-11.
Ellis, James H. (January 1970). "The Possibility of Secure Non-Secret Digital Encryption" (PDF). Archived from the original (PDF) on 2014-10-
Hash_RC6 – Variable length Hash algorithm using RC6 https://ieeexplore.ieee.org/document/7164747 https://wiki.court.gov.ua/w/Що_таке_КЕП_та_ЕЦП%3F
JSON – Introduction https://www.w3schools.com/js/js_json_intro.asp
Katz Jonathan, Lindell Yehuda. "Chapter 12: Digital Signature Schemes". Introduction to Modern Cryptography. 2007. p. 399.
RSA Security's Official Guide to Cryptography by Steve Burnett, Stephen Paine, ISBN-13:978-0072131390, April 19, 2001.
Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, ISBN-13: 978-3642041006, November 27, 2009.
Webhooks https://developer.atlassian.com/server/jira/platform/webhooks/.
What is PKI? https://www.digicert.com/what-is-pki.
Winn, Jane K. Wright, Benjamin "Digital Signatures: A Survey of Law and Practice in Global Perspective". Journal of Information Technology Law, 2021. Volume 25, Issue 3, pp. 45–60.
Головій Л. В., Янчук Ю. В. Правове регулювання інформаційних відносин у сфері електронної комерції. Право. Людина. Довкілля. 2020 Том 11, №2. С. 150–157.
ЗАКОН УКРАЇНИ Про електронну ідентифікацію та електронні довірчі послуги https://zakon.rada.gov.ua/laws/show/2155-19#Text.
Роз’яснення законодавства у сфері ЕДП https://czo.gov.ua/edp-legislation-clarification.
Що таке КЕП та ЕЦП?. 17Якими бувають електронні підписи? https://ca.diia.gov.ua/faq17
