Hi, I would like to write a web app that stores a list of passwords securely. The reason why it has to be a web app is because I want to access the site using blackberry (rim handheld).
My idea is to decrypt the password list using a public key, and when a valid user logs in, the password list are decrypted using the user's private key. If another user accidentally access the password list of different people, he still can't read the password list because he doesn't have the matched private key. The problem that I can see is that the webserver somehow need to have access to the public/private key pair. If the webserver is compromised, the passwords could potentially be read. Any thought on that? TIA, wooi.
