[erlang-questions] crypto in erlang and javascript
John Kemp
john@REDACTED
Fri Sep 30 18:10:18 CEST 2011
Joe,
On Sep 30, 2011, at 11:57 AM, ext Joe Armstrong wrote:
>>
>> How will you deliver the secret key to the browser such that the JS can encrypt securely for some period of time?
>
> I won't - The following seems ok
>
> 1) the browser gets the RSA public key of the server. This is hard wired
> or "well known"
>
> 2) the browser generates a random session key and encrypts it with
> the server's public key.
>
> 3) the encrypted session key is sent to the server
>
> 4) Only the server can decrypt this key
>
> 5) both sides use the session key
>
>> If you trust the server to deliver crypto code + key, why not trust the server to do
>> SSL/TLS which will require less new code?
>
> Because I haven't implemented SSL myself :-)
Well, that is what you're doing, based on the steps you write above, but presumably with just the key parts, and no CAs or certs involved ;)
> - it's an opportunity to
> learn a bit more
> about number theory.
As long as you _want_ to re-implement SSL/TLS, then… enjoy!
Cheers,
- John
>
> /Joe
>
>
>
>>
>> - John
>>
>>>
>>> Any ideas?
>>>
>>> I want both side to be reasonably efficient with non-restrictive
>>> licenses.
>>>
>>> /Joe
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
More information about the erlang-questions
mailing list