0

How can an offline website (zip, MHTML, SingleFile) be made secure? Are there techniques (obfuscating, encrypting) or anything within the specs of HTML or JavaScript (ECMAScript) that would allow for an offline website to be secure on its own?

By "secure" I mean that if a user has a local copy of the website, they may not still have access to the contents without a password. Imagine a level of security approximating that which is used in PDF documents.

Community
  • 1
  • 1
Luke
  • 18,811
  • 16
  • 99
  • 115
  • Here's the originating idea: http://stackoverflow.com/questions/29778763/what-technical-things-can-be-done-with-pdf-but-not-an-html-website – Luke Apr 22 '15 at 00:18
  • For regular user it's ok, but if someone really wants to decrypt your data the will manage to do it. – Pedro Lobito Apr 22 '15 at 00:33
  • 1
    @PedroLobito - I understand that anyone with a local copy of the site can eventually get access, I would only be looking for a level of protection roughly equal to that being used in common PDF documents. – Luke Apr 22 '15 at 00:37
  • @Luke How does user initially obtain "a local copy of the website" ? – guest271314 Apr 22 '15 at 00:48
  • Why would the user have a local copy? Are they opening the local copy with their browser? How do they specify the decryption password if they do open their local file? – Neil Smithline Apr 22 '15 at 00:57
  • @guest271314 -- Is that important? I don't have a set distribution method in mind -- they would download it, get it in an email, or from a USB drive. – Luke Apr 22 '15 at 01:07
  • @Luke Was not certain if user obtained website independently ; with expected result that user could not then access file. – guest271314 Apr 22 '15 at 01:20

2 Answers2

1

You may use an offline js function (https://code.google.com/p/crypto-js/#Ciphers here are some algorithms that will do) to encrypt all the data, and ask for a password to decrypt it. Note that you shouldn't store the correct password, but instead check if it is correct by decrypting with the password given by the user a known message (encrypt "hello world" with the correct password, and then check if the password given by the user works).

Random Developer
  • 43
  • 7
0

Yes; you can encrypt the data, then decrypt it in Javascript.

Note that any user with the encryption will always have full access to the data.

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964