M
M
Maxim Vostrugin2015-10-25 15:18:53
JavaScript
Maxim Vostrugin, 2015-10-25 15:18:53

How to store the decryption key on the client?

Good afternoon!
Please tell me, I intend to store on the client the key to decrypt the information received from the server (the server should not receive the decryption key).
How can I store the key on the client?
The key is issued during authorization and is stored until the user logs out. Cookies are not suitable, because they go to the server.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Armenian Radio, 2015-10-25
@gbg

Don't reinvent TLS.

V
Vyacheslav Zolotov, 2015-10-25
@SZolotov

You have an algorithmic problem. You want to use a key pair (RSA comes to mind), but the server gives you the decryption key (private key). This is fundamentally wrong. The private key should not be transferred anywhere. The correct solution is:
-> the client generates a pair of keys
-> the client sends a public key to the server (it encrypts the content)
-> the server generates a symmetric encryption key (AES as an option)
-> the server encrypts the content with a symmetric key
-> the server sends content to the client is a symmetric key encrypted with the client's public key (for example, in a cookie or something else)
-> the client decrypts the key that is in the cookie with its private key
-> the client decrypts the content with the received key.
Pros: the secret key is not transferred anywhere with all the consequences.
Cons: likely to be slow.
I do not know why the content should be stored encrypted in the server database, but it seems to me that this is superfluous.
The client key pair can be stored in localstorage htmlbook.ru/html5/storage

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question