Safely transmitting client-side encrypted information between individuals

I am developing a service that will keep personal information about a specific user, which should only be accessible by the author and the intended recipient. I want to encrypt the data on the client-side and store the encrypted version on the server.

Research suggests using , but this is ideal for secure storage of an individual user's data.

Issue

In my service, other users need to input data that must remain confidential between them and the recipient - how can client-side encryption achieve this?

Is it feasible to accomplish this entirely through client-side operations?

Update

Upon further review, I believe achieving this solely on the client side may not be possible. Here is a potential approach:

All communication is secured via SSL connection

  • Generate RSA keys, encrypt the private key with AES (using a salted passphrase)
    • Salt generated in the browser
  • Store the passphrase salt, public key, encrypted private key on the server

  • Encrypt all user data with their public key, requiring them to decrypt their private key in-browser by entering their passphrase, then use the RSA private key for decryption

  • If a user wants to share data with another, encrypt the data with the recipient's public key

Is the proposed method secure?

Here is an example of what would be stored on the server:

+----------+---------------------+---------------+
|Public Key|Encrypted Private Key|Passphrase Salt|
+----------+---------------------+---------------+
javascriptsecuritycryptography

Answer №1

Handling encryption could be simplified by utilizing OpenPGP. With OpenPGP, public-key cryptography (such as RSA or Elgamal) is used for encryption, eliminating the need to start from scratch.

Various implementations of OpenPGP are available for different programming languages, including JavaScript (though it's worth noting that using JavaScript for this purpose can pose security risks and lead to information leaks). Implementing your scheme with RSA in JavaScript would also introduce vulnerabilities due to underlying weaknesses.

One advantage of OpenPGP is that users may already be familiar with it or easily find resources about it, fostering trust in your solution. Users can utilize any OpenPGP tool to create keys and decrypt encrypted data.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Changing the class when a checkbox is selected using JQuery

I’m working on a bootstrap switcher and I want to change the panel color from grey to green when the checkbox (switch) is checked. I had it working before, but after updating the switcher, it no longer functions properly. Here is the main code for the s ...

javascriptjqueryhtmlcss

Exploring the Power of Destructuring Results in React.js with Apollo

I have been exploring the Apollo client for my project, and I encountered an issue with two of my query functions. The first query, which retrieves a list of users, is working perfectly fine. However, I am struggling to understand why my second simple quer ...

javascriptreactjsapollo-client

What is the best way to retrieve the element at the current cursor position inside an iframe

I'm currently working on a script that is intended to retrieve the element positioned at the cursor's location within an iframe. The code I am attempting to implement should be able to identify the deepest child element at the cursor's posit ...

javascriptpythonseleniumselenium-webdriverselenium-chromedriver

CSS Class Not Updating in WordPress Using JavaScript

Looking to incorporate a small JavaScript code directly into The Twenty Sixteen theme in WordPress. This HTML Code needs to be modified on the Page: <p class="site-description">Example Text</p> The goal is to change a classname: document.g ...

javascriptwordpress

Capture data from a Telegram bot and store it in a Google Sheet

I am trying to use a spreadsheet through a Telegram bot as a TODO list so that when I input something on my phone, it is saved in the spreadsheet. (I'm following this tutorial https://www.youtube.com/watch?v=XoTpdxbkGGk, which seems accurate with Goog ...

javascripttypescriptapigoogle-sheetstelegram-bot

What is the process for creating an HTML file that can automatically save?

I am looking to develop a unique HTML document where users can enter text in text fields, save the file by clicking a button, and ensure that their changes are not lost. It's like what wysiwyg does for HTML documents, but I need it to be integrated di ...

javascriptjqueryhtmlmootools

Choose a subclass within a superclass by utilizing the "this" keyword

Whenever a user clicks on the class addMass, I want to add the attribute data-rate to the element with the class currentMass. Since there can be multiple elements with the class addToCart, I need to ensure that the changes are only applied to the one that ...

javascriptjquerythis

The onChange functionality of the Formik Field API is not compatible with a child component

I am currently facing an issue with validating a material-ui-dropzone component within the Formik Field API as a child component. When I try to upload a file, I encounter the following error: TypeError: can't access property "type", target is undefine ...

javascriptreactjsformikyup

Can uniform columns be created in separate HTML elements?

Looking to create a uniform list in HTML, where the columns inside each panel line up perfectly. See the desired layout: In this example, Col_1 has a width of "BBBBB", as it is the widest content in that column, while Col_2 has a width of " ...

javascripthtmlcss

Suggestions for incrementing a button's ID every time it is clicked

I am working on a button functionality that increases the button id when clicked. Below is the HTML code for the button: <input type="button" id="repeataddon-1" name="repeataddon" class="repeataddon" value="add" > Accompanied by the following scr ...

javascripthtmlyii2

Strange behavior of Lambda function in Typescript

Within a larger class, I'm working with the following code snippet: array.map(seq => this.mFunction(seq)); After compiling using the tsc command, it becomes: array.map(function (seq) { return _this.mFunction(seq); }); Everything seems fine so f ...

javascriptnode.jstypescriptecmascript-5

Unique ActionBar design for my NativeScript-Vue application

I'm currently working on customizing the ActionBar for my nativescript-vue app. I have implemented FlexBoxLayout within the ActionBar, but I am facing an issue where the icon and title of the bar are not aligning to the left as intended; instead, they ...

javascriptvue.jsnativescript

Update the nodes in a directed graph with fresh data

For the past few days, I've been facing a persistent issue that I just can't seem to find a solution for when it comes to updating nodes properly. Using three.js to render the graph adds an extra layer of complexity, as the information available ...

javascriptd3.jsthree.js

Why is it that useEffect is functioning correctly only on the first occasion?

Recently, I've been facing significant challenges with React's useEffect and States. The issue arises when I redirect to the main page of my app and then attempt to use them again. In the following component, everything seems to function correct ...

javascriptreactjsuse-effectuse-statesetstate

Is it possible to switch out all instances of "GET" methods with "POST" throughout the codebase?

While working on a web application, we encountered caching issues with Internet Explorer (caching occurred due to the use of GET requests). The problem was resolved when users turned on "Always refresh from server" in IE's Developers Tool. Although we ...

javascriptajaxxmlhttprequest

Implementing a dynamic text field feature with JavaScript and PHP

Field Item                 Field Qty --------                 ----- --------                 ------ --------       ...

phpjavascriptdynamic

The identifier '_toConsumableArray' has been declared beforehand

Whenever I try to start my Redux app, I encounter the following issue: ./node_modules/draftjs-md-converter/dist/index.js Syntax error: /Users/vlasenkona/Desktop/gris-seqr2/ui/node_modules/draftjs-md-converter/dist/index.js: Identifier '_toConsumableA ...

javascriptnpmreduxbabeljs

The "smiley" character added to the information during an Ajax call

Encountering an unusual issue. A colon (:) character is being appended to the JSON data sent to the server via AJAX request. https://example.com/image1.png The colon character seems to appear after sending the JSON, but it does not show up when inspectin ...

javascriptjqueryangularjsjsonajax

Tips for successfully including a forward slash in a URL query string

My query involves passing a URL in the following format: URL = canada/ontario/shop6 However, when I access this parameter from the query string, it only displays "canada" and discards the rest of the data after the first forward slash. Is there a way to ...

javascripturlreact-routernext.js

Tips for automatically resizing a canvas to fit the content within a scrollable container?

I have integrated PDF JS into my Vue3 project to overlay a <canvas id="draw_canvas"> on the rendered pdf document. This allows me to draw rectangles programmatically over the pdf, serving as markers for specific areas. The rendering proces ...

javascripthtmlcssvue.jscanvas