Tag: login

Posted on 01/08/2011 at 06:53AM

I just pushed my latest project to GitHub. Rsa-form http://github.com/rsepulveda2/rsa-form

This plugin is useful when submitting sensitive data such as login credentials from the browser to your server when your server doesn't have SSL. Please note that Rsa-form is NOT a replacement for SSL since it doesn't use authentication.

Rsa-form also includes a login widget that can be added to your login page to reduce the chance of a keylogger capturing passwords (see below for details).

To use Rsa-form:

Just create a form, then add the following javascript to your page. (Using either "script" tags or adding it to one of your javascript files such as /javascripts/application.js)

jQuery(document).ready(function() {
  $("#myencryptedform").jCryption({getKeysURL:"/rsakey",formFieldSelector:':input:not([name=authenticity_token])'});
});

When the user submit's the form, the browser will request an RSA public key from the server. jCryption will then encrypt the serialized form data using the RSA public key and return the encrypted data to the server.

To decode the data on the server side, make the following call in your controller:

params.merge!( RsaForm.decrypt_form( params[:jCryption], session[:key_pair])) if params[:jCryption]

This decodes the form data and adds it to your params hash. Your controller will work just as before.

Installation instructions:

Install the rsa-form plugin:

./script/plugin install git://github.com/rsepulveda2/rsa-form.git

install the javascript dependencies:

Download jquery.js and jquery.jcryption.js then put them in your /public/javascripts/ folder.

Add the following lines to your application.html.erb:

<script src="/javascripts/jquery-1.4.4.js" type="text/javascript"></script> 
<script src="/javascripts/jquery.jcryption.js" type="text/javascript"></script>

or the equivalent

<%= javascript_include_tag "jquery-1.4.2", "jquery.jcryption", "application" %>

Install the RSA ruby gem by adding the following line to your /config/environment.rb:

config.gem "rsa"

Stop your server

shell% rake gems:install

Restart your server

Rsa-form login widget

Login Widget

The Rsa-form login widget can be added to your login page as a partial. The users password is entered using a combination of letters from the keyboard and numbers clicked on the numeric keypad. The keypad ordering is changed everytime the page is refreshed. The page can be auto-refreshed if desired. This widget also uses the RSA encryption for added security.

To add the login widget to your login webpage, include the following line:

<%= render :partial => 'rsa_form/login' %>

Add the following to your html header (application.html.erb):

<link href="/stylesheets/rsa-form.css" media="screen" rel="stylesheet" type="text/css" /> 
<script src="/javascripts/rsa-form.js" type="text/javascript"></script>

And thats about it. Your controller will receive the data as:

params[:login] and params[:password]

Remember to add this line to your controller:

params.merge!( RsaForm.decrypt_form( params[:jCryption], session[:key_pair])) if params[:jCryption]

You can customize the look and feel of the login widget by:

  • Changing it's css file: /stylesheets/rsa-form.css

  • Replacing the graphics for the keys in the keypad. The following files can be replaced: /images/(0.png - 9.png, clr.png, del.png)

  • Rewriting the widget's html. Copy the /vendor/plugins/rsa-form/app/views/rsa_form directory to your /app/views directory.

    Make modifications to the /app/views/rsa_form/_login.html.erb file.

    To avoid breaking the javascript, don't modify the "img" elements, and don't change the id attribute of the password text field tag and the form tag.

See part 2 of RSA-form rails plugin


Tags: rsa, form, github, authentication, login