Description

What is SCS

SCS is a PHP and JS written security script for your website / server which enables encrypted communication between a web browser and a web server. The principle of operation is just like of the SSL/TLS certificate – after encryption the data can be only returned to a readable format with the proper decryption key.

Why using it

Nowadays the technology is very important part of our life but over 80% of the websites on the internet do not provide server-side security to their users and some of them just because the SSL certificates are too expensive. Unprotected server communications can be targeted by hackers at any time.
You own a website / server? Do not let it happen. SCS is now here.

To encrypt the communication
To defend users from network sniffing
To protect from replay attacks

How does it work

To encrypt the data SCS uses asymmetric encryption (RSA) for the conclusion of security key. The way it works is based on a few requests:

Client requests public key from the server
Server gives the current public key to the client
Client generates random text which encrypts with the public key from “step 1 & 2” and sends it to the server
Server accepts the key from “step 3” and decrypts it with the private key
The decrypted text from “step 4” is the key that should be used for the symmetric communication. This key is saved in the session of server and in local storage of browser

With saved key server and client start symmetric communication with AES. All data sent from client/server will be encrypted with AES. Warning
Client decrypts with the local storage key; server – with the session ones

UPDATE: SCS now coming with 2 additional features: