[Security] End-to-end encryption with JavaScript client

Pavel Simerda pavlix at pavlix.net
Sat Aug 30 04:15:42 CDT 2008


On Sat, 30 Aug 2008 09:47:08 +0200
Bartosz Malkowski <bmalkow at wp.pl> wrote:

> Hello!
> 
> Is there any method to encrypt messages between two clients if one of
> those client is JavaScript client working in web browser?

Hello

First, users of Javascript clients don't care about e2e security.

Second, can you start direct XMPP connections from Javascript at all?
Ok, you could use some in-band connections and even employ some of the
crypto stuff but... first applies. Lots of work for no real reason.

But if you really want it, the trust model won't work with Javascript
anyway (you don't have access to local data). But the SAS method
discussed earlier would work.

> I can implement RC4 cipher or similar (DES JS implementation exists
> as I remember) but key management is very big problem. I can't
> implement PGP or x509 key management in JS/Google Web Toolkit.
> Maybe Java applet may be a solution? Applet for encryption and key
> exchange only.

Feels weird.


-- 

Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net


More information about the Security mailing list