David Banes wrote:
I'll hover here and chip in, we went through all of this with CipherIM our proprietary Im client in the late 90's 'til 2001.We did end up generating a key pair at client install time (including testing password strength with a little feedback 'progress bar' ) and then storing the public part of our keys on the client domains server. It all worked fine. We setup SSL client -> server, then generated a one time symmetric key for each session.I did write all this up earlier, happy to re-post if I can find it.
Sure, that'd be great! /psa
smime.p7s
Description: S/MIME Cryptographic Signature
