I would like to encrypt some user data before it's sent to the server. That is, the data will be encrypted on the client side in browser using JavaScript.
My question is, what options are available for storing private keys on the client side (it will be used for decrypting the data when user views it later on)?
HTML5 local storage or just reading local text file containing the key from JavaScript seems a bit off... Is it possible to use personal certificates for this purpose? Or is there any other option?
EDIT:
Slight clarification,
All the sensitive data that needs to be encrypted is generated on the client machine and it should never leave it in plain-text. The data in question is mostly files which user will upload to the server, however we might want to encrypt some form fields as well in the future.
Once the encrypted data is sent to server it is stored in ciphered form and will never be decrypted anywhere else other than the same client machine. For example if the user decides to download his files back, he will receive encrypted files which will be decrypted in browser using JavaScript.
Also it's crucial for us that the Public-Private key pair is generated on the same client machine. This will be done only once manually by the user or with the help of some automated solution.
Bottom line is, private key nor plain-text data should ever leave client's machine.
Private keys can be stored using a hardware wallet that uses smartcards or USB devices to generate and secure private keys offline. The private keys can also be stored using a hardware wallet that uses smartcards or USB devices to generate and secure private keys offline.
The most secure method of storing your private keys is to use some form of cryptographic hardware storage device. While they can be expensive, tools like Hardware Storage Modules (HSM), Smart Cards, or USB tokens are great lines of defense against an attack.
Keys and certificates are stored in keystores and truststores. Private keys and personal certificates are stored in keystores. Public keys and CA certificates are stored in truststores. A truststore is a keystore that by convention contains only trusted keys and certificates.
The public part of the key is saved in the id_rsa. pub file, while the private part is saved in the id_rsa file. Both files can be accessed from this location using Explorer: C:\Users\[your user name]\.
According to your description the data in files and form fields should only ever be used on the client. There is simply no need to use public-key-encryption in this case. You should use a symmetric block cipher like AES to encrypt this data and send it to the server. The single random symmetric key will be generated in the client browser and stored in localStorage possibly protected by a password (e.g. second layer of AES). The AES key is 128/192/256-bit long binary string and it should never leave the client browser.
I think localStorage is the only viable option, because it is implemented by all modern browsers.
There may be other solutions like browser plugins or even a custom browser, though.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With