ARCHIVED from builddistributedsystem.com on 2026-04-28 — URL: https://builddistributedsystem.com/tracks/securitor/tasks/task-24-2-2-asymmetric-encryption
TASK

Implementation

Asymmetric encryption uses a mathematically linked key pair: anything encrypted with the public key can only be decrypted with the private key. This solves the key distribution problem — you can share the public key freely. The private key also enables digital signatures to prove authenticity.

Implement a node that handles RSA key pair operations:

// Generate an RSA-4096 key pair (return only the public key)
{ "type": "generate_key_pair", "msg_id": 1, "key_size": 4096 }
-> { "type": "key_pair_generated", "in_reply_to": 1,
    "public_key": "-----BEGIN PUBLIC KEY-----..." }

// Encrypt with public key (only private key can decrypt)
{ "type": "encrypt", "msg_id": 2,
  "plaintext": "Secret message", "public_key": "PUBLIC_KEY" }
-> { "type": "encrypted", "in_reply_to": 2,
    "ciphertext": "<base64-encoded ciphertext>" }

// Decrypt with private key
{ "type": "decrypt", "msg_id": 3,
  "ciphertext": "CIPHERTEXT", "private_key": "PRIVATE_KEY" }
-> { "type": "decrypted", "in_reply_to": 3,
    "plaintext": "Secret message" }

// Verify a digital signature
{ "type": "verify", "msg_id": 4,
  "data": "Important document",
  "signature": "SIGNATURE", "public_key": "PUBLIC_KEY" }
-> { "type": "signature_valid", "in_reply_to": 4, "valid": true }

Sample Test Cases

Generate RSA key pairTimeout: 10000ms
Input
{
  "src": "user",
  "dest": "crypto",
  "body": {
    "type": "generate_key_pair",
    "msg_id": 1,
    "key_size": 4096
  }
}
Expected Output
{"type": "key_pair_generated", "in_reply_to": 1, "public_key": ".*"}
Encrypt with public keyTimeout: 5000ms
Input
{
  "src": "alice",
  "dest": "crypto",
  "body": {
    "type": "encrypt",
    "msg_id": 1,
    "plaintext": "Secret message",
    "public_key": "PUBLIC_KEY"
  }
}
Expected Output
{"type": "encrypted", "in_reply_to": 1, "ciphertext": ".*"}

Hints

Hint 1
Public key encrypts data that only the private key can decrypt
Hint 2
Private key signs data; public key verifies the signature
Hint 3
generate_key_pair returns only the public key — never expose the private key in a response
Hint 4
RSA is much slower than AES; in practice use RSA to encrypt a symmetric key (hybrid encryption)
Hint 5
Digital signature: sign(hash(data), private_key) -> signature; verify(hash(data), signature, public_key)

Resources

RSA Cryptosystem
RSA: public-key encryption and digital signatures
PKCS #1: RSA Cryptography
RSA Cryptography Specifications (RFC 8017)
OVERVIEW

Theoretical Hub

Concept overview coming soon

Key Concepts

RSApublic keyprivate keydigital signaturekey pair generation
main.py
python
Implement Asymmetric Encryption (RSA) - The Securitor | Build Distributed Systems