Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

how to implement public and private key

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

how to implement public and private key

Postby achilles91 » Mon Jun 04, 2012 1:47 am

Hi everyone :D

Let say,
I have a pair of generated private key and public key (hard coded and never change)
Every time user visit my page, my page will send the public key to particular user.
When user login account, the user will make encryption by public key and send to my server.
My server will use the private key to decryption and do validation.

Problem :help: :
1. After I send the public key to user, where should the public key store at client-side ? SESSION or COOKIE ? (can give some example code ?)

2. How to make the Client-side encryption happen ? (because i need encrypt the data before send to server, not after sent to server) Does the encryption perform by client-browser ? How to tell the browser do the encryption and use which encryption standard algorithm that my server using. (can give some example code?)

I'm avoiding SSL, this project is my college final year project, I'm not gonna pay for the SSL :(
achilles91
New php-forum User
New php-forum User
 
Posts: 1
Joined: Mon Jun 04, 2012 12:40 am

Re: how to implement public and private key

Postby ejsexton82 » Tue Jun 05, 2012 11:55 am

I don't know about public and private keys, but you can always create a self-signed SSL certificate for free. There are several articles on how to do it, along with tools which make the process fairly simple.

The only downside is that since you signed the certificate yourself, and you are not a Certificate Authority (CA), browsers will give you certificate errors, but there are ways to deal with that.

On a side note, you can go to CheapSSLs.com and buy a basic SSL certificate for the price of a six-pack of beer.
User avatar
ejsexton82
New php-forum User
New php-forum User
 
Posts: 86
Joined: Mon Jun 04, 2012 10:05 pm
Location: Ankara, Turkey

Re: how to implement public and private key

Postby ventchris » Mon Jun 11, 2012 4:18 am

Hi, just want to check did your encryption on client-side means something like encrypting the password so that when its stored in the database its encrypted?

if so, this is my example:
$query = "SELECT * FROM users WHERE username ='$username1' AND password = SHA1('$password')";
this is for extracting out hashed data from the server
for encryption its:
$query = "INSERT INTO users(username,password,)VALUES(null, '$username1', SHA1('$password')";
so what basically this does is that, it encrypts the data first then stores it in the database, when extracting, the client-side hashes the data input, and checks with the database extracting the field where it matches the hash.

Hope this is what you need if not feel free to reply and i will try to help you.
ventchris
New php-forum User
New php-forum User
 
Posts: 1
Joined: Mon Jun 11, 2012 4:09 am


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron