Secure Login One

A secure login where the user's private key is never hosted on servers or the user's online devices ( this project can also be used as a form of two-factor authentication ( 2FA ) where the user's private key is never hosted on servers )

Requirements

Description

1 )   Using an online device ( D1 ) the user goes to the server's login page ( S1 )

2 )   The user simply enters his username in the form, and this data is submitted to the server ( login.php )

3 )   If the user's username exists in the server's database ( code.php ) then the server creates a 12-digit random code, this random code is encrypted with the user's public key, and a QR code containing the encrypted random code is sent to the user ( code.php )

4 )   Using an offline device ( D2 ) the user scans the QR code, the QR code data is decrypted with the user's private key, and this decrypted data is submitted to the server ( code.php )

5 )   If the 12-digit code submitted by the user is correct ( test.php ) then the user will be able to access the user's home page ( home.php )

6 )   And the user will also be able to access the user's profile page ( profile.php )

Types of Philosophy

Philosophy : Never-Never

• Private Keys : ( Never on servers ) and ( Never on online devices )
• Therefore, public keys only on ( online or offline ) servers and private keys only on offline devices.
• This philosophy only applies when using asymmetric encryption algorithms ( RSA, ECDSA, EdDSA, etc. )

Philosophy : Only-Only

• Private Keys : ( Only on offline servers ) and ( Only on offline devices )
• Therefore, private keys : never on online servers and never on online devices.
• This philosophy only applies when using symmetric encryption algorithms ( AES, 3DES, etc. )

License