Is it possible to create a login process that requires a public/private key through a web browser? The public key would be stored on the server and the private key would be kept (and encrypted) by the user.
I basically want to do something similar to what SSH does, but through the web. Perhaps a custom method of HTTP Authentication (other than “Digest”).
I know that it may not be possible to do this with a stock browser, so extensions to make this work are acceptable (Chrome/Firefox).
The keys would ideally be encrypted on a USB Stick. When the USB stick is unplugged in has to be impossible to login (don’t want the browser to cache it).
This would be used internally.
Edit: Client certificates would be what I’m looking for, but how do I store these certificates on a USB stick? Also, is there information on how to authenticate a user using PHP?
This is Client authentication via certificates.
Your server should be configured to require a client certificate and also be configured with a truststore.
All the browsers support this.
You just have to import the client keystore having the private key and certificate to the machines set of certificates.
For windows it is in internet options