--- Michael Holstein <[EMAIL PROTECTED]> wrote: > > > I have what may perhaps seem like a strange > > question. Is there any commonly used software for > > encrypting and decrypting web pages? > > > > > Let me explain that a little better: > > imagine a web > > site which has content destined for specific > > individuals. For each individual there is > > separate content on separate pages, and no > > one but the individual for whom the content > > is destined should be able to read the > > content, not even the creator of the content! > > > > In other words, is there a private/public key > > mechanism similar to PGP (or even a PGP web page > > plugin) that will work transparently while > > browsing the web? The transparently part would > > mean that a user can provide a private key to a > > browser and any > > pages encrypted with the user's public key would > > automatically be decrypted for him when he views > > them.
... <cut all SSL suggestions which did not seem to be applicable to the hostile server scenarrio> ... > If you had a scenario where you needed to deploy a > webserver in "hostile territory" and needed to > ensure the security of the data thereon, Yes, that is the scenario I am trying to deal with. When it comes to anonymity/secure communications I would assume all hosting services could be hostile. > you > could conceivably gzip and GPG each .html page and > associated items with multiple public keys based on > some other criteria (like what cert the > browser provided) and then let the end-user decrypt > it with their private .. but this definitely won't > be "automatic" Yes the fallback is a manual process, I was looking for an automated way, say by using SSL in some weird way where the SSL was preencrypted on the server and without a client key negotitation since the client already has the key to decrypt it? But I can't figure that one out, plus it would seem to require a different web server (different key) for each user! > .. but you could wrap it in Java to make > it somewhat portable if you wanted. For portability? Java is the least portable language I have ever programmed in! ;) Despite my bias, an embedded java app would not work since it would be controlled (provided) by the hostile server right? -Martin ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ