Secure Electronic Commerce Assignment -
Part A -
Based on your practices in labs, develop an online e-commerce (shopping) system using html, javascript and php. You can assume any products for sales.
Please create a folder called "assignment" under your student folder, and construct the website as three folders (same as previous labs), client, server and database.
Please add a readme.txt file to explain your website, such as how to register, how to login, ect.
1. Registration of your website
a. Keep username and plain password in the database.
b. Keep username and hashed password in the database.
2. Login to your website
a. Username and plain password are POSTed to server for check
b. Username and hashed password are POSTed to server for check
3. Shopping Cart page
a. Only successful login user can access to the shopping cart
b. The quantity of each item in the shopping cart can be updated
4. Post shopping cart information and credit card number to Server
a. Post plain information and display plain information
b. Post encrypted information and display plain information - RSA only:
i. Shopping cart information and credit card number are encrypted with RSA encryption algorithm.
ii. The server decrypts the information with RSA decryption algorithm and stores it in the database.
c. Post encrypted information and display plain information - RSA and DES:
i. A successful login user posts an encrypted DES key (chosen by the user) to the server with RSA encryption algorithm.
ii. The server retrieves the DES key with RSA decryption algorithm and keeps the DES key for this user.
iii. The user will encrypt the shopping cart and credit card number with DES encryption algorithm and DES key (shared between the user and the server) before POSTing to the sever, and the server decrypts the encrypted shopping cart and credit card number with DES decryption algorithm and the shared DES key and stores it in the database.
Part B - Practical Lab
Q1. Test the following codes to encrypt/decrypt a message using javascript RSA functions.
Q2. Test the following codes to encrypt/decrypt a message using php RSA functions.
Q3. Based on Q1, Q2, write a client.html and server.php to achieve the following: Create the folders/files.
Expected outcome: users' input will be encrypted (RSA encryption using public key) before submitting to server, and will be decrypted (RSA decryption using private key) on the server side, and store plaintext in the database.
Client-side:
1. Enter a message
2. Encrypt the message using javascript RSA encryption API
3. Submit the ciphertext
Server-side:
1. Retrieve the ciphertext from client-side
2. Retrieve the RSA private (decryption) key
3. Decrypt the ciphertext using php RSA decryption API
4. Save the decrypted value to database.
Note - All codes for part b in attached file.
Attachment:- Assignment Files.rar