D
D
Dmitry Belyaev2015-12-08 19:58:29
JavaScript
Dmitry Belyaev, 2015-12-08 19:58:29

How to implement RSA authorization on the site?

Is it possible to make RSA authorization on the site, but so that the user does not throw his private key on the page every time?
The idea is that the user can close access to his account with a password by uploading his public key to the server, there is no problem with this.
The problem is how to get the user's private key. You can read the file system only through FileApi - that is, the user must throw a private key file on the page with each authorization.
Store in LocalStorage doesn't seem very secure - LocalStorage will be stolen = account will be stolen
Perhaps browsers have a way to more securely bind a private key to a site?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexander, 2015-12-17
@tusklozeleniy

If someone gets access to LocalStorage from the outside - he gets access to the password field, which is equal to - "take away the acc". That is, the password field should also be disabled :D If you need a safer place to store it, write plugins for browsers. Seems like the only way out.
In general, it is easier to buy an SSL certificate. Or take free Chinese)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question