security - Decrypt stored secret using HTTPS transport -
i considering developing software safely storing files on server.
let's have secret document stored on client computer want upload server. requirements here file on server should encrypted @ times , since private key on client, unreadable accessing server directly. maybe can javascript or maybe need develop full fledged app handle upload. either way ok need able download , decrypt file using web browser only.
this got me thinking. can configure https (ssl) in way can precalculate encrypted response server client. in case can while uploading , when document requested can return pre-encrypted data decrypted ssl stack on client.
i know there random number exchange prevents this. there way configure ssl response server client same always. in case replay attacks server client acceptable , not issue.
in ssl handshake, client generates pre-master secret used derive session key. since appear have control on server, cannot prevent client steering conversation in particular (cryptographic) direction.
Comments
Post a Comment