Cryptography Project
The Secure User System is a web application implementing secure user authentication and data storage with encryption. The system allows users to register, log in, and create posts while ensuring data confidentiality and integrity.
- Secure user registration and authentication
- Password hashing with salt
- Data encryption for sensitive information
- Message Authentication Code (MAC) for data integrity
- Session security management
- Secure key management
- Algorithm: AES-256-CBC
- Initialization Vector (IV): Unique per encryption
- Key Management: Individual encryption keys per user
- Data Coverage: Emails, post content, and sensitive user data
- Bcrypt hashing algorithm
- Unique salt per user
- Secure password verification system
- HMAC-SHA256 for MAC generation
- Integrity verification before data retrieval
- Tamper detection for stored data
- Secure session configuration
- HTTP-only cookies
- Secure headers implementation
secure-user-system/
├── includes/
│ ├── config.php # Configuration and security settings
│ ├── security.php # Security
│ └── functions.php # Core security functions
├── css/
│ └── style.css # Styling
├── index.php # Login page
├── register.php # Registration page
├── process_login.php # Login handler
├── process_register.php # Registration handler
├── dashboard.php # User dashboard
├── see_posts.php # See my posts
└── allposts.php # To see all posts
private static $cipher = "AES-256-CBC";
public static function generateSalt($length = 16) {
return bin2hex(random_bytes($length));
}
public static function hashPassword($password, $salt) {
return password_hash($password . $salt, PASSWORD_BCRYPT);
}
public static function verifyPassword($password, $hash, $salt) {
return password_verify($password . $salt, $hash);
}
public static function encrypt($data, $key, $iv = null) {
if ($iv === null) {
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(self::$cipher));
}
$encrypted = openssl_encrypt($data, self::$cipher, $key, 0, $iv);
return ['data' => $encrypted, 'iv' => bin2hex($iv)];
}
public static function decrypt($encryptedData, $key, $iv) {
return openssl_decrypt($encryptedData, self::$cipher, $key, 0, hex2bin($iv));
}
public static function generateMAC($data, $key) {
return hash_hmac('sha256', $data, $key);
}
public static function verifyMAC($encryptedContent, $key, $mac) {
$calculatedMac = self::generateMAC($encryptedContent, $key);
return hash_equals($calculatedMac, $mac);
}// Example of email encryption during registration
$encryptedEmail = Security::encrypt($email, ENCRYPTION_KEY);
// Returns: ['data' => encrypted_string, 'iv' => initialization_vector]// Password hashing
$salt = Security::generateSalt();
$passwordHash = Security::hashPassword($password, $salt);
// Password verification
$isValid = Security::verifyPassword($password, $hash, $salt);// Generate MAC for post content
$mac = Security::generateMAC($encrypted['data'], $userKey);
// Verify MAC before decryption
if (!verifyPostIntegrity($postId)) {
throw new Exception("Data integrity compromised");
}- Access the registration page.
- Provide username, email, and password.
- System encrypts email and hashes the password.
- Creates a user-specific encryption key.
- Enter credentials.
- System verifies password hash.
- Establishes a secure session.
- Enter post content.
- System encrypts content.
- Generates a MAC for integrity.
- Stores encrypted data and MAC.
Note: Always ensure your configuration files (e.g., config.php) are secure and inaccessible from external sources.