Currently I am connecting my login system with RSA class (class that is implementation of RSA algorithm in PHP). I’ve read some info about this algorithm, although I have got some doubts to it and hope that someone can clarify them.
RSA is operating on two keys – public and private, both are generated using algorithm. Are those keys only generated once and then included into site code (one on admin and one on user site)?
The main idea of implementing it is to put on site let say login.php with login form into code a public key and when login and password are sent for verification encrypt them with public key. On server side this message will be decrypted using private key and checked if info are correct and send back true/false info. Can you tell me is it safe and correct use of it?
Just use
HTTPSinstead of getting lost in the implementation of these algorithms. I bet a Javascript implementation would signify a large overhead on client-side. When you want to encrypt your pockets, let the Transport Layer or the Application Layer (HTTPS) to do it – it’s tested, it’s fast, it’s working, it takes a few minutes to setup.