[JDEV] Encryption on client - key on server

[David Waite]

*grin*

I had a particularly evil idea last night for a PGP-supporting applet: the
remote server has a 'secure' store of a user's public and private key. After
authenticating against the server, all of this information (username,
password, and keyring) are sent via a dynamically generated page over SSL as
embedded applet parameters in the HTML page.

The big problem (besides making people I describe it to look at me like an
insane person, which I am) is the keyring modification. You would probably
want all the keyring modification stuff to be on the SSL page, and to send new
keys to you in packets encrypted with the user's own private key.

-David Waite

Thomas Charron wrote:

> > I would like to implement this encription schematic on our private jabber
> > based message
> > system, with Visual Basic client. Client uses encryption (twofish or
> > blowfish) with simmetric key.
> > It is possible to hardcode key into client exe file, but to be able
> changing
> > it from time to time,
> > I think it will be better to place it on jabber server and clients will
> get
> > it after authentication.
> > How it can be done? Through jabber.xml?
> > May be sombody successed in this?
>
>     Ok, Devils Advocate point of view here..
>
>     You have a client, that wants to encrypt data sent to other clients.
> You want to encrypt to keep traffic confidential.  Yet, you want to be
> storing and transmitting the key?  Isn't that kinda defeating the purpose?
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev