Answer the question
In order to leave comments, you need to log in
How to implement RSA authorization on the site?
Is it possible to make RSA authorization on the site, but so that the user does not throw his private key on the page every time?
The idea is that the user can close access to his account with a password by uploading his public key to the server, there is no problem with this.
The problem is how to get the user's private key. You can read the file system only through FileApi - that is, the user must throw a private key file on the page with each authorization.
Store in LocalStorage doesn't seem very secure - LocalStorage will be stolen = account will be stolen
Perhaps browsers have a way to more securely bind a private key to a site?
Answer the question
In order to leave comments, you need to log in
If someone gets access to LocalStorage from the outside - he gets access to the password field, which is equal to - "take away the acc". That is, the password field should also be disabled :D If you need a safer place to store it, write plugins for browsers. Seems like the only way out.
In general, it is easier to buy an SSL certificate. Or take free Chinese)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question