1

I have created a web application that allows two devices to transfer files to each other through a web server.

The application does not support peer-to-peer connections.

I am trying to achieve a point where the server can serve all pair of clients file transferring, without having a way to know the file's contents.

After a bit of research I've found one way and it is to use PKI. So I don't really understood the part of how it makes it secure.

So currently I reached this point:

enter image description here

Where client A get's B's public key and vice-versa, and use the public key to encrypt the file and the other side has the private key to unlock the file.

However this can be cheated, if the server sends a fake public key, for instance, his own public key, and then unlocks the file and save it locally, and then encrypt using the real public key which makes it not 100% trusted.

Now the PKI part comes in, and it is to use a CA like LetsEncrypt, but how can A get B's public key through the server without giving the server an option to cheat and see the real data? Even if you send a signed certificate, if the other client can use it, then the server can do it as-well?

ben berizovsky
  • 759
  • 1
  • 6
  • 17
  • 1
    In my opinion crypto design questions like these are off-topic. However, there's nothing radically different between a web application and any other application, so you can examine white papers for the [Signal](https://www.signal.org/) app to see how they solve this difficult problem. – President James K. Polk Sep 14 '21 at 21:51
  • In web-applications the certificate is only signed by a CA if you control the server behind the name within the certificate. You do need *some way* to establish trust between A and B, and then work from there, not the other way around. If A and B cannot trust each other, even if by proxy, then you've lost the game. You're not doing anything in JavaScript yet, please take a look at [security.se] but read their help before posting. – Maarten Bodewes Sep 14 '21 at 22:13

1 Answers1

1

Where client A get's B's public key and vice-versa, and use the public key to encrypt the file and the other side has the private key to unlock the file.

Server does not have private key of either A or B, thus sending file or public keys though server is quite safe. This is what PKI is...!!

Only Asymmetric cryptography can't help encrypt and decrypt large files but it does help you establish symmetric key.

On browser side, you may use any browser extension to access user's certificate store for certificate sharing or for decryption. My Co. provides free Signer.Digital browser extension which is documented in this SO Answer

Bharat Vasant
  • 850
  • 3
  • 12
  • 46
  • Yes, but the server can trick you. Imagine A sends it's public key to B through the server. The server can generate its own public/private keys and send B the server's public key and say "Hey this is A's public key". Now when B sends an encrypted message with that fake public key of A which is server's public key, the server will unlock the file and save it locally, and then encrypt it again with A's real key and B will receive the encrypted file and you will not notice that the server just stole your data and fooled you. The same can be done with a CA, in my opinion – ben berizovsky Sep 20 '21 at 13:43
  • You mentioned **CA like LetsEncrypt** so the solution is there... you don't exchange public keys... Certificates are signed public keys, signed by trusted CA. You write code on client to verify certificate before trusting public key contained in the certificate..! – Bharat Vasant Sep 20 '21 at 13:47
  • But you can’t generate or get a certificate and validate it on the client because the web api doesn’t let you do it without an extension from what I understood, and I can’t force my customers to use an extension – ben berizovsky Sep 20 '21 at 15:59
  • You are mixing up the problems... User A got B's Certificate (via server or anyhow...!). He can Verify and Trust it; and vice versa. Thus your PKI trust issue is resolved. Using Extension or any other method is how you will program it in JavaScript. – Bharat Vasant Sep 20 '21 at 17:06