Web Password Save Okt 2016
For storing sensitive information like passwords on my server and have this information accessible on a web page I obviously need security, or rather confidentiality.
While I developed my "web save" already several years ago, it only had some of the classical mechanisms:
- HTTPS
- basic authentication
- server side symmetric encryption with AES for storing data
Not that it would be worth stealing my passwords, but I wanted to improve it. So what does the term end-to-end encryption practically mean?
The password I enter on the web page now will never go over the wire. Instead it is used for client-side symmetric encryption (AES) with the help of javascript. For this I use CryptoJS.
So before data is saved (send over to the server) it is encrypted and also after it has been received from the server it needs to be encrypted in the web browser. This way there is no chance on the server or on the wire to steal information.
Souces available on GitHub: https://github.com/micgn/websave