Jump to content
Dr. Rolex

osC OpenSSL Encryption with jCryption

Recommended Posts

osC OpenSSL Encryption with jCryption

- Support thread -

 

Without a SSL certificate the data posted on your shop might be visible to third parties, e.g. your admin username and password.
With this Add-On all form data will be encrypted using OpenSSL before it's posted to the server and then decrypted on your server, greatly enhancing the security for you and your customers.

 

How does this work

  1. client requests RSA public key from server
  2. client encrypts a randomly generated key with the RSA public key
  3. server decrypts key with the RSA private key and stores it in the session
  4. server encrypts the decrypted key with AES and sends it back to the client
  5. client decrypts it with AES, if the key matches the client is in sync with the server and is ready to go
  6. everything else is encrypted using AES

Source: http://www.jcryption.org/#howitworks

 

Features for this Revision:

  • Support for and tested on osCommerce 2.3.4
  • Should work for most osCommerce versions with minimum modification.
  • Tested successfully on Google Chrome, Firefox and IE
  • Encrypts all Form Data with OpenSSL
  • Works on both catalog and admin side of shop
  • Uses jCryption library.
  • Screenshots included in package.

 

 

Download Add-On here: http://addons.oscommerce.com/info/9333

Edited by Dr. Rolex

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×