On Wed, Nov 20, 2013 at 3:12 PM, jose llopis <[email protected]> wrote: > i was wondering how to safe cipher my data on the client for sending it to a > server, getting a response and doing something with the returned (also > ciphered) data ??
This is the exact problem that TLS (HTTPS, WebSockets over TLS, etc.) solves. Note that when you send the encrypted data to the server, the server has to know what encryption key to use to decrypt the data from the client and the key to use to encrypt the data it sends back to the client. This is what public key cryptography (RSA, ECDSA, ECDH, etc.) is for. And, in order to be useful, encryption has to be authenticated. This is what certificates are for. TLS puts all of these things together into an easy to use package that can be used for most things. If you need something specialized that won't allow you to use TLS and you really need AES, then there are some JS crypto APIs you can use, such as [1]. I've never used them but others at Mozilla have. Still, I recommend avoiding this type of approach if possible, as there are limitations regarding how secure these implementations can be. For example, they are prone to timing attacks. At some point, we may have some built-in APIs for crypto primitives in Gecko, but now we don't. [1] http://crypto.stanford.edu/sjcl/ Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
