On 4/25/10 10:19 AM, Derrell Lipman wrote: > Along comes Public Key Cryptography. With public key cryptography, > there is no one shared secret key. Instead, a pair of keys is used: a > private key and a public key. Text encrypted with the public key can > be decrypted using the private key. I don't recall the exact mechanism > used in https, but the principle is that the server could send the > browser its public key. The browser could then encrypt a password > using that public key and send the encrypted password to the server, > which could decrypt the password using its private key. In actuality, > IIRC, since public key cryptography algorithms are much slower than > private key cryptography algorithms, that the public key cryptography > is used to send a shared secret key so that private key cryptography > can be used henceforth. FYI, the browser uses an SSL key. The browser contains a cache of trusted site's public keys, such as Verisign, etc. The website sends a public key that has been signed by one of the trusted sites, which the browser can then use to verify the signature of the public key. Once that trust has been established, the browser then uses the public key to encrypt communications. The server then uses its private key (which is never sent to anyone, including the issuing authorities) to decrypt the communications. This is the "web of trust" you may have heard of.
This allows client browsers to efficiently determine trust, because a set of absolutely trusted public keys from key authorities can be distributed with the installation of the browser, rather than figuring out some other way to download the keys on demand and determine their authenticity. Additionally, because the signing algorithm is basically reverse encryption, it can be absolutely trusted to establish identity. No querying of key authorities need be done to establish the authenticity of the public key, which is another added benefit the designers of the X.509 key format built into the file format. In other words, you should simply use https with a key verified by a major key authority (i.e. not self-signed) to absolutely secure communications: nothing else you could do even comes close to being as effective or as efficient, and there is no added benefit in re-implementing https inside javascript. If you really need security higher than what https provides, then you're probably better off writing a desktop client which can do something with higher grade encryption, for instance based on 2048-bit GPG keys. Greg ------------------------------------------------------------------------------ _______________________________________________ qooxdoo-devel mailing list qooxdoo-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel