在浏览器中存储私人加密密钥的最佳方法?
[英]Best way to store private crypto key in browser?
问题描述
I would like to encrypt some user data before it's sent to the server. 
我想在将一些用户数据发送到服务器之前对其进行加密。 That is, the data will be encrypted on the client side in browser using JavaScript. 也就是说,数据将使用JavaScript在浏览器中在客户端加密。
My question is, what options are available for storing private keys on the client side (it will be used for decrypting the data when user views it later on)? 我的问题是,有哪些选项可用于在客户端存储私钥(当用户稍后查看时,它将用于解密数据)?
HTML5 local storage or just reading local text file containing the key from JavaScript seems a bit off... Is it possible to use personal certificates for this purpose? HTML5本地存储或只是从JavaScript读取包含密钥的本地文本文件似乎有点关闭...是否可以为此目的使用个人证书? Or is there any other option? 或者还有其他选择吗?
EDIT: 编辑:
Slight clarification, 稍作澄清,
All the sensitive data that needs to be encrypted is generated on the client machine and it should never leave it in plain-text. 需要加密的所有敏感数据都是在客户端计算机上生成的,并且永远不应该以纯文本形式保留。 The data in question is mostly files which user will upload to the server, however we might want to encrypt some form fields as well in the future. 有问题的数据主要是用户将上传到服务器的文件,但是我们可能希望将来加密某些表单字段。
Once the encrypted data is sent to server it is stored in ciphered form and will never be decrypted anywhere else other than the same client machine. 一旦加密数据被发送到服务器,它就以加密形式存储,并且永远不会在除同一客户机之外的任何其他地方解密。 For example if the user decides to download his files back, he will receive encrypted files which will be decrypted in browser using JavaScript. 例如,如果用户决定重新下载他的文件,他将接收加密文件,这些文件将使用JavaScript在浏览器中解密。
Also it's crucial for us that the Public-Private key pair is generated on the same client machine. 此外,对于我们来说,在同一客户端计算机上生成公钥 - 私钥对至关重要。 This will be done only once manually by the user or with the help of some automated solution. 这只能由用户手动完成一次,或者在某些自动化解决方案的帮助下完成。
Bottom line is, private key nor plain-text data should ever leave client's machine. 底线是,私钥或纯文本数据应该离开客户端的机器。
1 个解决方案
解决方案1
3 已采纳 2015-02-06 13:13:46
According to your description the data in files and form fields should only every be used on the client. 根据您的描述,文件和表单字段中的数据应该只在客户端上使用。 There is simply no need to use public-key-encryption in this case. 在这种情况下,根本不需要使用公钥加密。 You should use a symmetric block cipher like AES to encrypt those data and send them to the server. 您应该使用AES之类的对称分组密码来加密这些数据并将它们发送到服务器。 The single random symmetric key will be generated in the client browser and stored in localStorage possibly protected by a password (eg second layer of AES). 单个随机对称密钥将在客户端浏览器中生成并存储在localStorage可能受密码保护(例如,第二层AES)。 The AES key is 128/192/256-bit long binary string and it should never leave the client browser. AES密钥是128/192 / 256位长的二进制字符串,它永远不会离开客户端浏览器。
I think localStorage is the only viable option, because it is implemented by all modern browsers. 我认为localStorage是唯一可行的选择,因为它是由所有现代浏览器实现的。
There may be other solutions like browser plugins or even a custom browser , though. 但是,可能还有其他解决方案,如浏览器插件或自定义浏览器 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.