Hidding my private key RSA on angular front-end app
Question
I am new to Stack Overflow. I am developing a digital signature application in spring boot (back-end) and angular(front-end). I have already set up a keycloak server for authentication and rights management... The purpose of digital signature is for the server to send its public key, hash the document, encrypt the document hash with its private key and sending the document unhashed and the suggestion obtained by encrypting the document. I am using an RSA protocol. I would like to do the same for the front-end part, ie the client has a private key only sends the public key to the server, the server then decrypts with this public key. But I don't know where to put my private key or front-end level, at my Angular application level, so that it cannot be stolen.
3 answers
solution1
1 2021-02-18 18:45:45
You can't hide any code on front-end. It is recommended against storing sensitive data on front-end.
solution2
1 2021-02-18 18:46:04
unfortunately this is impossible. Any code, keys, etc. you give to the client (Angular app) will be able to be read, either in plain text or by inspection of your code, by a user.
You should never give your client private keys.
solution3
1 2021-02-18 21:15:42
In addition to the other answers:
Store the private key on the server, authenticate all users properly, authorize all requests and let the server act as a proxy for signing operations.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.