End to end encryption in JS Web Apps
Asymmetric encryption suffers from the same problems as OpenID, it’s a complex subject and if its success is conditional on being understood by your average user then it will never be popular in the mainstream. The only way to deal with crypto is to do what we programmers do best: abstract it and make it work transparently behind the scenes.
The issue is with ‘The Cloud’. A lot of communication applications, perhaps the majority of them, are served and hosted remotely. So how can we add encryption to hosted web apps? We need to solve three problems:
- Asymmetric (RSA) encryption/decryption routines in the browser
- Public key discovery
Continue reading →