The dinamic between server and user is the next:
- The server has e and n, this keys are public.
- The user has n and d, where d is the private key.
- When a user open the page, server generate a x random number.
- The user use this number for generate a response(r), the response is generate for a script, provided for the server.
- Then the user put this r in the service and the server compare r with a num produced.
- If this is correct the users are welcome, else the users are denied.
Important points:
- For generate r (user), need two functions f(x) & fastmodexp(x, y, mod).
- where in my case f(x) return (x*2)+5, this can be a other ecuation.
- fasmodexp is f(x)**d mod n
- d is the private key.
- In the autentification for the server we need to implement the same f(x), but this help us to compare, use fasmodexp(r, e, n), where r is the response of the user and e & n is the public key.
Code:
home.php
rsaAutentification.php
validation.py
Tabla Usuarios
result:
WebService:
You can check the program in the next link: ....
Note:
Php is a pussy, in my case when I use a big numbers the autentification fail, but checking in python the autentification is correct.
Well, you get 10 as you are aware of the big-key problem.
ResponderEliminar