I am working on security implementation in web application. I have developed a node.js web server and a clients in HTML for displaying the data to end users. I want that the data shown to the clients be encrypted and sent from server. I though that i will encrypt the data using AES at node.js server and decrypt it at client. But decryption at client will need keys to be stored in the client application which is not recommended. I read about SubtleCrypto interface of WebCrypto API. But these are not supported in all browsers. Now I am not able to understand that how I implement encryption and decryption of data in my web application. Where should I keep the keys. Please advice any suitable architecture and technology so that I should be able to serve encrypted data to the clients without compromise of keys. Please suggest if symmetric or asymmetric encryption algorithm will be suitable for my scenario.
Aucun commentaire:
Enregistrer un commentaire