Denis wrote:
After doing a little reading, it looks like what I had in mind is not possible with SSL.
In SSL the data sent by the server is encrypted using a symmetric key which is different for each session.
Is there a protocol understood by web browsers where the server data is encrypted with its (unchanged) private key instead?
Alternatively, does one of the SSL encryption scheme allow for pre-encryption, in which the symmetric key is used for a second step encryption only?
I want the "untrusted" server to be unable to read the contents of the data it is serving unless it asks explicitely the "trusted" server for the key. I also want any client to read the contents of the data sent by the "untrusted" server without additional software installed.
-- Denis.
I'm still not sure if I understand what you want to do.
I guess that you are trying to use something like free webspace and you do not trust the untrusted server's administrator and s/he should not be able to read the documents you are distributing to you users.
In this case I'd say that there is no way doing this in the way you want to do, that is displaying the content inline with a standard web-browser without plugins.
One approach would be not to use a web server but an email server (possibly triggered by a web server). Then you can send eMails which might be pre-encrypted using S/MIME to your clients and S/MIME-Clients like Thunderbird usually can show documents inline without user interaction (other than entering their passwords if so configured).
I hope you already realized that solving your problem demands the management and distribution of client certificates/keys for encrption to your users, whereas the server's key would only be needed to sign your documents.
Hope it helps. Ted ;)
-- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
