As I was pointing out in a comment to your question, the vector of attack you're envisaging (compromised server) implies that the JavaScript is likely to be compromised too, in which case the JavaScript code running on the client shouldn't be trusted anyway. (It would be quite easy to make the JavaScript send the deciphered data back to the server with an asynchronous request in the background: again, since the server would be under the attacker's control, there wouldn't be any need for tricks to circumvent same-origin policies there. ).
As I was pointing out in a comment to your question, the vector of attack you're envisaging (compromised server) implies that the JavaScript is likely to be compromised too, in which case the JavaScript code running on the client shouldn't be trusted anyway. (It would be quite easy to make the JavaScript send the deciphered data back to the server with an asynchronous request in the background: again, since the server would be under the attacker's control, there wouldn't be any need for tricks to circumvent same-origin policies there. ) I would suggest going down the route of a standalone application (such as Java WebStart), perhaps signed (with a private key that's not held on the server).
If you're still willing to go ahead with this sort of architecture, avoid releasing the user's private key into the JavaScript at all cost. This could compromise the user's private key, not just the encrypted data. When you use a private key in your browser for SSL/TLS client-certificate authentication, the private key isn't exposed to any code used by the server.It's used by the browser for the handshake, and the server gets the certificate (which is public), but the private key doesn't go anywhere near what the HTML+JS code can see.
(In fact, in OSX with Safari, the private key is used by the underlying SSL/TLS library, and not even exposed to the user process. ) The JavaScript libraries for RSA that I've seen require direct use of the private key, that is, they need to be able to use the private exponent directly. That's clearly not good if you're in a situation you can't trust the server.
Being able to use a private key within the browser for RSA operations, without letting the script get hold of the private material itself would require tighter integration with the browser, in particular, some API to sign and decipher that would use these functions directly in the browser's security mechanism, without exposing the private key material (overall, a similar approach to what PKCS#11 offers to applications using it). As far as I'm aware, the current Mozilla crypto JavaScript API doesn't provide functions to decipher/sign using the browsers (it's only for certificate request and key generation). There seems to be plans to do this, though: https://wiki.mozilla.
Org/Privacy/Features/DOMCryptAPISpec/Latest http://mozilla.ddahl.com/domcrypt/demos/demo.html On the IE plaform, CAPICOM should have been of interest, but it seems to be deprecated nowadays.
An firefox could store the private key secure, even if the webpage got defaced by an attacker. I already stumpled upon the Mozilla Crypto API and sadly it really doesn't support this yet, I hadn't have to ask if it would have been supported :-( – Tobias P. Jun 23 at 13:16 Indeed.To be honest, I haven't tried DOMCrypt (as mentioned here), but it's also open-source, so it's probably worth investigating: github.
Com/daviddahl/domcrypt. You'll certainly need to install the plugin, but it doesn't seem to be a bad solution for what you're looking for. – Bruno Jun 23 at 13:23 not the answer I hoped to get but i'll no use my backup plan to build an independent tool installed while there seems to be no good interoperable solution in javascript for a custom firefox plugin – Tobias P.
Jun 26 at 21:51.
Encrpytion is complex and expensive - particularly assymetric encrpytion (in most cases the assymetric encryption is only used to encrypt a randomly generated symmetric algorithm key). There are implementations of RSA (and probably other asymmetric algorithms in javascript) and in some cases, compatible implementations in other languages (usually C) - try google for specifics - but I'm not aware of any which handles x509 encryption. OTOH writing a java applet to do this would be trivial.
But why bother? From my understanding of what you've written, you'd get just as much functionality for a lot less effort by using a symmetric algorithm and never sending the key back to the server: allow the user to enter some data in a web page allow the user to enter an encryption key encrypt the data using the key send the encrypted data back to the server provide a decryption page where the user can retrieve the encrypted content and enter the key decrypt the contents.
... but I'm not aware of any which handles x509 encryption": There's nothing specific about X.509 encryption. If it's an X.509 cert with an RSA key, what matters is the RSA algorithm, not so much the X.509 wrapping (more so, because only the private key is required to decipher, which is independent from way the public key is "packaged": in X.509 cert, PGP cert or plain public key). (Same applies when using an DSA key in the X.509 cert, with DSA.) – Bruno Jun 23 at 11:26 I am aware that asymetric encryption is expensive, but i'll need to encode only a few bytes.
Symetric Encryption is no solutions since the server has (temporary) to know the keys, this is a no-go for this purpose. While the "user" is not aware of the encryption, he sends the data to the server without any knowledge of encryption and it's stored there encrypted for the admin to look at the data. – Tobias P.
Jun 23 at 13:08 @Tobias P. : "server has (temporary) to know the keys" - you are thinking that by using lots of sophisticated algorithms you are making the system secure. The only reason the server would need to temporarily know the keys is for transient access to the encrypted content - and you can do that by sending back an unencrypted copy along with the encrypted one.
– symcbean Jun 24 at 9:39.
Think about this. If there is a server hack, the hacker will have access to your encrypted data and to all your site source code. Including the one used to decrypt the data.
And it can get those from the website interface in plain javascript by looking at the source of the page.
It won't get the private key of the end user, though. This still requires action from the legitimate user. – Bruno Jun 23 at 11:28 @Bruno.
Found some www-cs-students.stanford. Edu/~tjw/jsbn – TheBrain Jun 23 at 11:31 @TheBrain: What do you mean? Sure, you can implement RSA algorithms in JavaScript, but how does it help the attacker gain access to the private key?
For a secure system, the browser should never release the private key to the JS anyway. – Bruno Jun 23 at 11:34 @Bruno: yes you realised the problem, but a firefox plugin - which is coded in js - is not accessible by an attacked web page, so the key could be stored there in a secure manner but even allowing to interact with the encrypted data. – Tobias P.
Jun 23 at 13:14 @TheBrain: I already stumpled upon the stanford library but they do only implement plain RSA which has some weaknesses. – Tobias P. Jun 23 at 13:18.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.