Hi guys, I am trying to set up a secure login/registration for my website.
My goals are as follows:
Whenever someone wants to log in or register
PHP will generate an RSA key pair
PHP will send the public key to the login form and save the private key in a “login attempts” table in the DB
Javascript will encrypt the username and password using the public key, and then send it back to the server.
PHP will then decrypt using private key in table and check for the username combination in users table and allow/block access in login, or creates a new user in users table when registering.
Some notes:
1) You guys are probably asking me why I’m not using SSL and I’m trying to reinvent the wheel. The reason is i want to control every aspect of the procedure. I want to know all the ins and outs of my system.
2) I know this system is susceptible to man in the middle attacks.
What i need from you guys:
I tried looking for javascript and PHP RSA scripts and found some. However, they are not compatible with one another. I need a complete system that can encrypt in Javascript and decrypt in PHP.
I tried the following:
[URL=”http://www.sematopia.com/2008/10/rsa-encrypting-in-javascript-and-decrypting-in-php/”]http://www.sematopia.com/2008/10/rsa-encrypting-in-javascript-and-decrypting-in-php/
[URL=”http://www.jcryption.org/”]http://www.jcryption.org/
[URL=”http://assl.sullof.com/assl/”]http://assl.sullof.com/assl/
[URL=”http://phpseclib.sourceforge.net/”]http://phpseclib.sourceforge.net/
[URL=”http://code.google.com/p/bi2php/”]http://code.google.com/p/bi2php/
[URL=”http://www.phpclasses.org/package/4121-PHP-Encrypt-and-decrypt-data-with-RSA-public-keys.html”]http://www.phpclasses.org/package/4121-PHP-Encrypt-and-decrypt-data-with-RSA-public-keys.html
[URL=”http://www.ohdave.com/rsa/”]http://www.ohdave.com/rsa/
[SIZE=”5″]I am completely lost right now. Can anyone point me to a tutorial that comprehensively covers what i need[SIZE=”6″]?