Can you describe what you mean by: the attacker will still not have the private key since all cryptography happen in the nodejs of the user.
It seems as though you are saying that there will be a web server running client side, from which the web app will make ajax calls to. Is this what you mean? On 5/22/14, Apostolis Xekoukoulotakis <[email protected]> wrote: > Thanks Felix. Your advice is sound. I am going to look at your references. > > So my app is indeed packaged but I don't use node-webkit. In my case, if > the client is compromised in the browser, the attacker will still not have > the private key since all cryptography happen in the nodejs of the user. > > But he would be able to ask the server to sign arbitrary documents which is > still really bad. > On May 22, 2014 11:33 AM, "Felix Hammerl" <[email protected]> wrote: > >> Hi, >> >> you have to trust the server in a host-based security setting. If you >> want >> to mitigate that, have you considered packaged (not hosted!) apps? Check >> out Chrome Apps, Firefox Apps, node-webkit, atom-shell, ... >> It all boils down to what you threat model is. Also, you probably don't >> want to roll your own authentication mechanism. You also might want to >> avoid doing funky stuff with removing the script sources and loading them >> from arbitrary locations... >> Recommended read for js security and threat models (be sure to check out >> the discussion, too!): >> http://tankredhase.com/2014/04/13/heartbleed-and-javascript-crypto/ >> >> >> Cheers >> Felix >> >> >> On Wed, May 21, 2014 at 7:57 PM, Apostolis Xekoukoulotakis < >> [email protected]> wrote: >> >>> Hello everyone. I am thinking of using openpgp as an authentication >>> mechanism form my site and more. Send a random number to the client, the >>> sessionId, which he then has to sign and send back. >>> >>> I was also worried that if someone could attack my server, he could send >>> arbitrary js code to the client and thus all clients would be >>> compromised. >>> So I decided to create a nodejs app that users would have to install >>> locally that would provide them those js scripts. >>> >>> They would only have to contact the server for content. So now I am >>> worried about someone injecting js code into the content. >>> If I wrote a parser that removed script tags, I suppose this would be >>> secure, right? >>> >>> The apps goal is to let users issue new currencies, that is why is >>> security is very important. >>> >>> _______________________________________________ >>> >>> http://openpgpjs.org >>> Subscribe/unsubscribe: http://list.openpgpjs.org >>> >> >> >> _______________________________________________ >> >> http://openpgpjs.org >> Subscribe/unsubscribe: http://list.openpgpjs.org >> > _______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
