0

Our requirements is to persist some of the data on the client side as the part of local storage as we have a need to access our application offline also, but we want that some of those file should be encrypted for some reasons but that encryption and decryption should not be completely on client side as it will be than accessible for clients too (security threat) and if it will be dependent on server side than it will be problem for offline access .

in a nutshell i want an application that will be accessible offline too. with some encrypted file (stored on client side) and that encryption method (as well as the files) must also be really secured.

i don't have any idea about how to overcome this problem (i also don't have much idea about encryption and decryption and its algorithms). any suggestion that how this problem can be solved ??

Novice
  • 401
  • 7
  • 27
  • See http://stackoverflow.com/questions/5976046/html5-client-side-data-encryption-what-are-my-options – Noam Rathaus Nov 27 '13 at 13:01
  • @nrathaus i got some idea with the link you gave, but still they are also struggling with problem that where to store the key, since you cant store it on client side and storing it on server will fail my purpose. – Novice Nov 27 '13 at 13:22
  • When you say "as it will be than accessible for clients too (security threat)," who is the attacker? If you mean that your user is the attacker, then there is no solution to this problem. You can only obfuscate. Applications cannot protect themselves from their users (if they could, then DRM would always be highly effective). – Rob Napier Nov 27 '13 at 14:04
  • If you are protecting the user from actual attackers, then the above link should be helpful. The key will be generated by the user providing some secret (such as their password). – Rob Napier Nov 27 '13 at 14:06
  • @RobNapier yes my user may be attacker, actually there is one kind of manifest file which i want to protect from the user as it may contain some info about other users too that's why i want it to be encrypted. – Novice Nov 27 '13 at 14:12
  • 3
    This is not a solvable problem. Once you send data to a user, along with code to read that data, you cannot then prevent the user from accessing the data. The best you can do is obfuscate the data, but that is unlikely to be sufficient if the data you're sending is other users' sensitive information. (That said, if you're sending other users' sensitive information at all, you're already in trouble; this cannot be secured even when you are online.) – Rob Napier Nov 27 '13 at 14:17
  • @RobNapier Hmm.. i understand the concern and i am agree with you, then we have to figure out some thing else. Thanks a lot. – Novice Nov 27 '13 at 14:19

0 Answers0