# Server Migration Guide - Login Functionality ## Critical Files for Login Migration When migrating the server, you **MUST** copy these files to maintain login functionality: ### 1. RSA Key Pair Files (CRITICAL) **Location:** `storage/app/` **Files to copy:** - `rsa_private.pem` - Private key for decrypting passwords - `rsa_public.pem` - Public key for encrypting passwords **Why it's critical:** - Passwords are encrypted client-side using the public key - Server decrypts using the private key - If keys don't match, decryption fails → "Invalid password" error **How to copy:** ```bash # From old server scp storage/app/rsa_private.pem user@newserver:/path/to/app/storage/app/ scp storage/app/rsa_public.pem user@newserver:/path/to/app/storage/app/ ``` **OR manually:** 1. Download `storage/app/rsa_private.pem` from old server 2. Download `storage/app/rsa_public.pem` from old server 3. Upload both files to `storage/app/` on new server 4. Set permissions: `chmod 600 rsa_private.pem` and `chmod 644 rsa_public.pem` ### 2. Database **What to migrate:** - Users table (with password hashes) - Sessions table (if using database sessions) - All other application data **Note:** Password hashes in database are independent of RSA keys - they work fine after migration. ### 3. Environment Configuration **File:** `.env` **Important variables:** - `APP_KEY` - Application encryption key (for sessions, cookies) - Database credentials - Any OTP service credentials ### 4. Storage Directories **Directories to copy:** - `storage/app/` - Contains RSA keys, uploaded files, etc. - `storage/logs/` - Optional, for debugging - `storage/framework/` - Cache, sessions (can be regenerated) ## Migration Checklist - [ ] Copy `storage/app/rsa_private.pem` from old server - [ ] Copy `storage/app/rsa_public.pem` from old server - [ ] Verify file permissions (600 for private, 644 for public) - [ ] Copy database (users table with passwords) - [ ] Update `.env` file with new server settings - [ ] Run `php artisan config:clear` - [ ] Run `php artisan cache:clear` - [ ] Test login with password - [ ] Test login with OTP ## Troubleshooting ### Error: "Invalid password" after migration **Cause:** RSA keys not migrated or mismatch **Solution:** 1. Verify `storage/app/rsa_private.pem` exists on new server 2. Verify `storage/app/rsa_public.pem` exists on new server 3. Compare file contents with old server (they must match exactly) 4. If keys are different, you have two options: - **Option A:** Copy old keys to new server (recommended) - **Option B:** Reset all user passwords (users must set new passwords) ### Error: "RSA private key not found" **Cause:** `rsa_private.pem` file missing **Solution:** 1. Copy `rsa_private.pem` from old server 2. Place in `storage/app/` directory 3. Set permissions: `chmod 600 storage/app/rsa_private.pem` ### Error: "Failed to decrypt password" **Cause:** Private key doesn't match the public key used for encryption **Solution:** 1. Ensure both `rsa_private.pem` and `rsa_public.pem` are from the same key pair 2. They must be generated together (not separately) 3. Copy both files from old server together ## Security Notes ⚠️ **IMPORTANT:** - Never commit RSA keys to version control - Keep `rsa_private.pem` secure (600 permissions) - Back up RSA keys before migration - If keys are compromised, regenerate and reset all passwords ## Alternative: Regenerate Keys (Requires Password Reset) If you cannot migrate the old keys: 1. Delete existing keys on new server: ```bash rm storage/app/rsa_private.pem rm storage/app/rsa_public.pem ``` 2. New keys will be auto-generated on first login attempt 3. **BUT:** All users must reset their passwords because: - Old passwords were encrypted with old public key - New server has different keys - Cannot decrypt old encrypted passwords 4. Users can: - Use OTP login (doesn't require password) - Reset password via "Forgot Password" feature - Admin can reset passwords manually