Secure Login Two

A secure login where the user's private key is never hosted on servers or the user's online devices ( this project can also be used as a form of two-factor authentication ( 2FA ) where the user's private key is never hosted on servers )

Requirements

Description

1 )  Using an online device ( D1 ) the user goes to the server's login page ( S1 )

2 )  The user simply enters his username in the form, and this data is submitted to the server ( login.php )

3 )  If the user's username exists in the server's database ( code.php ) then the server creates a random code ( 108 alphanumeric characters that are case sensitive ) and a QR code containing the random code is sent to the user ( code.php )

4 )  Using an offline device ( D2 ) the user scans the QR code, encrypts the QR code data with the user's private key and creates a new QR code. Subsequently, using the online device ( D1 ) the user scans the new QR code created on the offline device ( D2 ) and the encrypted data contained in this new QR code is submitted to the server ( code.php )

5 )  The server decrypts the encrypted data submitted by the user with the user's public key ( test.php ) if the decrypted data matches the random code created by the server then the user will be able to access the user's home page ( home.php )

6 )  And the user will also be able to access the user's profile page ( profile.php )

Types of Philosophy

»   Philosophy : Never-Never

• Private Keys : ( Never on servers ) and ( Never on online devices )

• Therefore, public keys only on ( online or offline ) servers and private keys only on offline devices.

• This philosophy only applies when using asymmetric encryption algorithms ( RSA, ECDSA, EdDSA, etc. )

»   Philosophy : Only-Only

• Private Keys : ( Only on offline servers ) and ( Only on offline devices )

• Therefore, private keys : never on online servers and never on online devices.

• This philosophy only applies when using symmetric encryption algorithms ( AES, 3DES, etc. )

License

MIT