Adding a user authentication system to my Python script or executable

iv'e done something like this in my latest project, however i'm not an expert whatsoever so take what i say with a grain of salt, there might be other, better ways to do this but its just how i implemented it.

these are the models i've worked with:

socket, json, sqlite3 , wxpython (for gui) + pycrypto (if you want to encrypt and decrypt the messages using RSA and AES keys for added security, like i did)

basically what i did was the following:

1. a socket connection is created between the client and the server.
2. if you're not going to use pycrypto skip the second and third parts - the server generates a pair of RSA private and public keys for himself and so does the client for himself. the client then sends its RSA public key to the server using the socket connection. the pair of RSA keys(the public key and private key) are essentialy two keys that can only decrypt the messages encrypted by the other key in the pair (public key encrypts-private key decrypts || private key encrypts-public key decrypts) (i would suggest this computerphile video for a little more in depth explanation, once you get how the keys suppose to theoretically work, the module itself is pretty straight forward, so don't worry about that).

3. the server now creates an AES key (a symmetrical key, that can decrypt the messages it encrypted), and then encrypts the AES key (which is basically a pretty long string) with the RSA public key he got from the client, and sends its to the client, so now only the client can decrypt this message with his private key and get the AES key that will be used for the communication between them.

4. the client enters a new username and password in order signup. the client script puts the data in a list like so: ["signup", newUserNameVar,NewPassWordVar], uses the json encoding on it using json.dumps() function (basically turns the entire list into a string that can be sent through a socket) then encrypts it using the AES key we got from the server earlier, and then sends it to the server through the socket connection.

5. so now the server receives an encrypted message only he can decrypt with his AES key (which is the same one the client holds, if you've followed my explanation earlier). so he decrypts the message using the AES key and gets the json message the client sent him. to turn the json back into the list the server uses the json.dumps() function (which turns the json object back into a list).

6. in my design, the first index of the list is the command so basically either "login" or "setup", so now the server deploys a switch case (or a bunch of ifs) on the first index of the list to see which command he needs to fulfill. if its signup then he takes the 2nd and 3rd index off of the list and creates the table in the database with rows corresponding to the users data, and if its login it takes the data from the database and if it matches the data that was sent by the client in the other indexes of the list then its sends a "correct" response back, and then you can tell your script to run that other program only when it gets a "correct" message from the server, which sends the message exactly as i mentioned in steps 4-5.

so to recap it goes something like this:

1. server: generate - RSA public key, RSA private key, AES key
2. client: generate - (other)RSA public key, (other)RSA private key
3. client ----> server, send clients RSA public key
4. server ----> client, encrypt the AES key using the clients RSA key and send it to him.

5. client: decrypt the AES key using the clients private RSA key.

6. continue to talk with each other in the following way: LIST -> JSON (json.dumps(LIST))-> AES encryption on the JSON object -> send through a socket.

7. AES decryption on the message you got -> UNJSON (json.loads(WHAT YOU GOT FROM THE DECRYPTION)) -> LIST ->deploy switch-case.