0

Some reference material for SSL using Node.js: http://nodejs.org/api/https.html

I need to build a proof of concept secure SSL connection between a Node.js server and a browser.

The client needs to encrypt the data it sends and then the server needs to store that data in the database encrypted.

I guess this means I need client side JS to encrypt the data? How would I go about doing this if so (client OR server)? Thanks!

Improve this question

1 Answer 1

Reset to default
1

For the client you have no alternative than to use the build in browser TLS/SSL. You can implement JavaScript SSL if it would come to that, but you cannot distribute a trusted database of certificates to the browser.

Once a secure and trusted path has been created from client to server, you can additionally encrypt data using a public (RSA or EC) key send to the client and hybrid cryptography. That way you can use application level cryptography on top of transport security - although the application level crypto will always be dependent on the security and trust that TLS/SSL provides.

Whatever scheme you will be using, you must understand cryptography and the issues with JavaScript cryptography in the browser if you go this route. Just coding stuff won't give you any security, only a false sense of security.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I guess the thing to do then is encrypt it on the server just prior to storing it?
That would be a sensible strategy, yes. In the end, the security will have to rely on the server anyway.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.