casperbiering/rsa_encrypted_login.php

## rsa_encrypted_login.php
<?php

// THIS IS A PROOF OF CONCEPT.

// YOU SHOULD STORE THE PRIVATE KEY SERVER-SIDE (EG. IN THE SESSION)

if( $_SERVER[ 'REQUEST_METHOD'] === "POST" )
{
	$res = openssl_pkey_get_private( $_POST[ 'privKey' ] );
	openssl_private_decrypt( hex2bin( $_POST[ 'enc' ] ), $decrypted, $res );

	var_dump( $decrypted );
	echo "<br />" . microtime(true);

	exit();
}


$res = openssl_pkey_new( array(
    "digest_alg" => "sha256",
    "private_key_bits" => 1024,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
) );
openssl_pkey_export($res, $privKey);
$details = openssl_pkey_get_details($res);
$n = $details[ 'rsa' ][ 'n' ];
$e = $details[ 'rsa' ][ 'e' ];
openssl_pkey_free( $res );
unset( $details );

?>
<html>
<head>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/prng4.js"></script>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/rng.js"></script>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js"></script>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js"></script>
</head>
<body>

<div><input type="text" name="pass" id="pass" value="" style="width: 100%" /></div>

<form action="?" method="POST" target="result">
	<div><input type="text" name="enc" id="enc" value="" style="width: 100%" /></div>
	<div>
		<button type="button" onclick="generate();return false;">Generate</button>
		<button type="submit">Send</button>
	</div>
	<div><textarea name="privKey" style="width: 100%; height: 50px;"><?php echo htmlspecialchars( $privKey ) ?></textarea></div>
</form>


<script type="text/javascript">

var n = <?php echo json_encode( bin2hex( $n ) ); ?>,
    e = <?php echo json_encode( bin2hex( $e ) ); ?>,
    key = new RSAKey(),
    el_pass = document.getElementById( 'pass' ),
    el_enc = document.getElementById( 'enc' );

key.setPublic( n, e )

function generate() {
	el_enc.value = key.encrypt( el_pass.value );
}

</script>

<iframe name="result" style="width: 100%; height: 200px;"></iframe>
</body>
</html>
	<?php

	// THIS IS A PROOF OF CONCEPT.

	// YOU SHOULD STORE THE PRIVATE KEY SERVER-SIDE (EG. IN THE SESSION)

	if( $_SERVER[ 'REQUEST_METHOD'] === "POST" )
	{
	$res = openssl_pkey_get_private( $_POST[ 'privKey' ] );
	openssl_private_decrypt( hex2bin( $_POST[ 'enc' ] ), $decrypted, $res );

	var_dump( $decrypted );
	echo "<br />" . microtime(true);

	exit();
	}


	$res = openssl_pkey_new( array(
	"digest_alg" => "sha256",
	"private_key_bits" => 1024,
	"private_key_type" => OPENSSL_KEYTYPE_RSA,
	) );
	openssl_pkey_export($res, $privKey);
	$details = openssl_pkey_get_details($res);
	$n = $details[ 'rsa' ][ 'n' ];
	$e = $details[ 'rsa' ][ 'e' ];
	openssl_pkey_free( $res );
	unset( $details );

	?>
	<html>
	<head>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/prng4.js"></script>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/rng.js"></script>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js"></script>
	<script type="text/javascript" src="http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js"></script>
	</head>
	<body>

	<div><input type="text" name="pass" id="pass" value="" style="width: 100%" /></div>

	<form action="?" method="POST" target="result">
	<div><input type="text" name="enc" id="enc" value="" style="width: 100%" /></div>
	<div>
	<button type="button" onclick="generate();return false;">Generate</button>
	<button type="submit">Send</button>
	</div>
	<div><textarea name="privKey" style="width: 100%; height: 50px;"><?php echo htmlspecialchars( $privKey ) ?></textarea></div>
	</form>


	<script type="text/javascript">

	var n = <?php echo json_encode( bin2hex( $n ) ); ?>,
	e = <?php echo json_encode( bin2hex( $e ) ); ?>,
	key = new RSAKey(),
	el_pass = document.getElementById( 'pass' ),
	el_enc = document.getElementById( 'enc' );

	key.setPublic( n, e )

	function generate() {
	el_enc.value = key.encrypt( el_pass.value );
	}

	</script>

	<iframe name="result" style="width: 100%; height: 200px;"></iframe>
	</body>
	</html>