End-to-end encryption in Javascript, PHP and MySQL
ฝัง
- เผยแพร่เมื่อ 24 ก.พ. 2023
- End-to-end encryption in Javascript, PHP, and MySQL
End-to-end encrypted chats are more secure than the ones where encryption is done on the server side. Because the messages get encrypted even before sending them to the server. This will prevent any read or altered operation of messages in transit. Let's learn how to do it.
We will be using Javascript for encryption and decryption. And we will be using PHP for handling AJAX requests. All the encrypted messages will be stored in the MySQL database.
Source code:
adnan-tech.com/end-to-end-enc... - วิทยาศาสตร์และเทคโนโลยี
Hello, I'm working on encryption these days and I have a question for you. You store Private Keys in the users table in your database. But don't you think this is dangerous? The reason why we encrypt the messages is that the messages cannot be seen clearly after the database is accessed. If the messages table is accessed, the users table can also be easily accessed. If the users table is accessed, encrypted messages can be decrypted using private keys and public keys, emulating the same encryption algorithm you used. In short, there is no point in storing the private key in the database. In some sources I researched, it is said that private keys are stored on the device and public keys are stored on the server side, but I am also confused at this point.
Even if the database is accessed, the messages are encrypted using hard coded secret key in source code. If you save the keys on user device, and if user changes his device, all the previous messages will be lost.
@@AdnanAfzal565 I also know that it will be lost, what do you mean by the secret key in the source code?
I am using a secret key to encrypt a message. That secret key is hard coded in source code of this tutorial.
@@AdnanAfzal565 OK, I have another question: Do you update public and private keys with every login process? Because I examined the source code and if the response from login.php is not empty, you apply the UpdateKeys function.
@braslyn6828 no. I am not updating on every login.
Hello, just a question because i dont know a lot about security this end-to-end encrytion is only useful on sendig messages or in others cases also.
Hello. It depends. For which purpose you want to use this ?
@@AdnanAfzal565 I dont have no purpose i just trying to learn.
This encryption can be used for other purposes as well.
@@AdnanAfzal565 Can you please give some type of exemples.
You can use it for saving sensitive information, like credit cards etc.
Good job bro, JESUS IS COMING BACK VERY SOON;WATCH AND PREPARE
Nice content ! 💯. , but you didn't reply me yet lol...
Sorry for the delay. I have replied now.
The link to the source code does not work. It only shows a image.
Let me check.
Thanks. Another concern is: its a very bad security approach to store the secret key into the DB. I guess it would be better to store it on the users-device. If the DB gets hacked, the secret key is available to the hacker.
@user-fr7fs5gt4c and what happens when user change devices.
@@AdnanAfzal565 This is normally done in this way: Applications such as Whatsapp, Messenger, Signal store the secret key on the user device. Most online sources write it this way. Logically speaking, this is the most useful thing because if messages are obtained during a database attack, they can be decrypted very easily. However, the question that comes to my mind is what will happen to the private key when the device is reset, and I am currently investigating this.
please don’t try this. this is not very secure. and this encrypt algorithm is lower algorithm. when you submit the data hacker can see your data.
The hacker will see the encrypted data. And if your server is on https protocol, it also encrypts all the outgoing data.