-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypt messages inside database #20
Comments
One idea that crossed my mind is to use the WebCrypto APIs before sending the message to the server. As @tgs suggests, you could generate a 32 character primary key, and a 32 character key for encrypting the message, but instead of having the URL be: https://server/m/(64 chars) as @tgs suggests, it could be: https://server/m/primary_key#encryption_key The portion of the URL after the hash doesn't get sent to the server, but it's available to javascript in the browser. The process could be:
When a user clicks the URL
As a result, the server never has possession of the plaintext message or the keys to decrypt the ciphertext, but the workflow for the user is still as simple as copying and pasting a URL. |
Just a thought. You could encrypt messages inside the database, each with its own random key. The encryption key could become part of the URL; the server would throw it out. This would secure people's messages against someone hacking into the database and downloading it (hello Patreon!). Although the combination of the database and the web server logs could still be used to decrypt things (since the key is in the url), so the logs would need to be deleted or anonymized promptly to get full protection out of this.
Creation of a message:
Accessing a message:
What if someone modifies part of the encryption key? Then the web page would display gibberish?
The text was updated successfully, but these errors were encountered: