While making a backend and frontend I wanted to make an auth flow, but I ask myself isn't HTTPS auth enough ?

What do you think is JWT to check which user it is and HTTPS to secure the connection enough or should I also use PGP ?

Why use http authentication for general user auth? And PGP? I personally don't see a use case for that.

What are you planning to make?

@linuxxx It's only a small dashboard for planning stuff, but I'm just getting into securing web applications and wasn't sure how much is needed.

@FilipeRamalho I'd just use general php/mysql (with strong hashing of course) for user authentication :)

@linuxxx Not using PHP or MySQl, rather RethinkDB and Kotlin and Ktor.io. The question basically is on how much do I have to encrypt on my own and now I have come to the conclusion that I don't have to encrypt, because HTTPS already secures the connection.

@FilipeRamalho Transport security is one thing and is a must but you don't want to store the user credentials as clear text. So what do you do? Hash them.

@abhishekb Of course they are hashed on client with salt for transport security and on server for breach security.

You don't need pgp for additional transport or storage security. jwt+https are enough. But do make sure that the https and webserver are well configured using https://observatory.mozilla.org/ or similar services.

@linuxxx my comment above could interest you too

@succcubbus Thanks!