-
Notifications
You must be signed in to change notification settings - Fork 273
Encryption of sensitive data
The application contains no sensitve data except the password. As the application may be hosted on a non HTTPS-based server, we'll encrypt the sensitive data with an asymetric encryption algorithm : RSA.
Public and private keys are stored into assets/keys/public.pem and assets/keys/private.pem. Those keys are generated by phpseclib or openssl, they are not protected by a password.
Let's take the example of the login form :
echo form_open('session/#', $attributes); ?> < label for="login">Login</label> < input type="input" name="login" id="firstname" value="<?php echo set_value('login'); ?>" autofocus required /> < input type="hidden" name="CipheredValue" id="CipheredValue" /> < /form> < label for="password">Password</label> < input type="password" name="password" id="password" required /> < button id="send" class="btn btn-primary">Login</ button>
As you notice, the password field is not sent to the server as it is not part of the form. Instead, its encrypted value is sent via CipheredValue field. Please consult views/session/# view to see a simple example of encryption on the client side with jsEncrypt javascript library. We'll simply say that a public key is set by the controller into a TEXTAREA and that this key is used to encrypt the data.
The decryption relies on phpseclib library and by a pure PHP RSA implementation. That's the reason why openssl PHP extension is not mandatory to run the software. Even if it is slower that with the PHP extension, the decrytption is only used in few places so it may not negatively infer on the gloabl performance of the application.