Home/ Questions/Q 7765229
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T15:07:00+00:00

I’m trying to implement a login system to sign into a website using public

  • 0

I’m trying to implement a login system to sign into a website using public key authentication. I’m not sure if this is feasible.

This is what I plan to do:-

  1. While signing up, user’s public key is saved in the website.
  2. When the user tries to login later, the website asks the user for his corresponding private key.
  3. User is authenticated if the private key matches the public key which the user provided while signing up.

I have seen sites like startssl.com asking for user’s private key to verify their identity (see the screenshot attached). So what does it takes to implement such a system?

Screenshot of website asking for private key

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just to clarify the flow

    1. The user signs up, using the plain old username and password pair. He is also asked to enter at least one public key (other ones can be added later from a profile administration panel)
    2. The server stores the user’s public key and associates it with its user in a certificate
    3. Next time the client makes a request presenting his certificate (this should be handled by the browser, thus happening transparently to the user), the SSL engine on the server side checks if it knows the client and if it does the request is processed and the application code will authenticate and authorize the user since it knows the link between a public key and an user. If the client is not identified, the server should redirect to some page to allow signin up or manual login (maybe to add a new public key)
    • 0