Client side data encryption/decryption for rails application

2018-06-07 01:55:50

Users are sending messages to each other and publish private information for other users via rails app.

The goal is to secure the messages, so neither system admins, nor database leaks won't be able to compromise the data. Javascript client side encryption with recipient key, encrypted data is stored in the database and decrypted on recipient's side. Keys are not stored in the system.

Does is make sense? Is there a solution? Thanks a lot!

Update: I mean asymmetric cryptography. Two keys for each user: one public for encryption, one private for decryption. And a password for the application itself. User logs in using his password, creates a message, which is encrypted client side with a recipients public key (stored in the system) and saved in the database. Recipient logs in using his password, then enters his private key to decode messages. Decryption is also client side, private key is not sent to the server.

Sure. Use this http://crypto.stanford.edu/sjcl/. Especially look at the demo http://bitwiseshiftleft.github.com/sjcl/demo/

One thing to keep in mind, the only way for you to not store the keys is for the user's to derive them from a password ( which should not be the one they use for your site). This is fine and is what the above library does.However,if they forget the password, there is no helping them,

On the client side, you can use openpgp.js. It's legit easy to use lib for creating keys, signing, encryption/decryption, etc.

Might be one of the solutions.The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.

http://www-cs-students.stanford.edu/~tjw/jsbn/

RSA Cryptography Demo http://www-cs-students.stanford.edu/~tjw/jsbn/rsa2.html

链接地址: http://www.djcxy.com/p/21772.html

上一篇: 只共享公钥是安全的吗？

下一篇: 客户端数据加密/解密的Rails应用程序