Discussions

Communication encryption - other methods

Tags:
+
0 Votes
Locked

Communication encryption - other methods

gabi
I have created a web application php / mysql based.
Now I have a little problem: being an encryption service it should be run on a secured line ? that means the communication between the server [Apache in this case] and the client?s browser should be secured. I know about the SSL communication but that means you need a certificate. In this case the communication is encrypted so if some one tries to intercept the communication it will not be able to se the information in plain text. A certificate is rather expensive for me right now so I am asking about alternatives. I was thinking about a java script function to encrypt the information on the local machine and than, encrypted information is sent via internet to the server where it should be decrypted and encrypted using the strong well known algorithms supported by mcrypt extension, before stored in the database.
I would need/like an opinion regarding the use of java script function to encrypt the information before sending it on the ?wild?  ? I don?t expect this method to be stronger than a certificate and a SSL connection, but what are the other options to protect the information traveling over internet? Maybe some example of good java script functions? I have seen only very light functions ? more to be use in didactic scopes!

Thank you in advance!

http://antisystem.info
  • +
    0 Votes

    pgp

    bob_steel

    PGP -

    http://www.pgpi.org/download/

    but if you're building an application for an encryption service, NOT having SSL is an economy too far IMHO. You're talking about 35 uk quids - whassat about $70 US ?

    If $70 is too much (please help me Lord) - Then make and sign your own cert and make a 'thing' of getting the key to the customer for them to install - this can be quite impressive if you do it right. If there are lots of customers accessing your system . Maybe not try this one.

    Stop being a tight-arse and splash out on a cert. lol!

    +
    0 Votes
    gabi

    Regarding the money problem I will not comment :) ... we are from different parts of the world.

    On the other hand, I am building up this application for an exam at my faculty. So I am searching for an alternative method of securing the communication. You say "Then make and sign your own cert and make a 'thing' of getting the key to the customer for them to install" ... can you give me a link on where to search some practical information? I understand the concept of encryption key ring ... but I didn't really find anything about how to create correctly a certificate and how to use it on a web server! I will get an old server for testing so ... maybe if you know some links with useful information...

    Thank you!

    +
    0 Votes
    bob_steel

    Sorry - my comments over money were tongue-in-cheek.

    Here's a link I've just found that may be a good starting
    point:

    http://www.tc.umn.edu/~brams006/selfsign.html

    It's pretty straightforward when you get used to it.
    Another alternative is to use the key generated by
    something like webmin when it sets itself up. Or if you
    like - let me know and I'll make you a cert and mail it
    over. - FREE! lol!

    +
    0 Votes
    gabi

    I will have a look at the link. The point is to learn so first I will try to use the information you gave me in ordder to see how the things are working :)

    Thanks again!

    +
    0 Votes
    gabi

    I was able to create the certificate myself using the last link. Very usefull. I test it on the local machine. And it works ok. The problem is I am keeping my site at a shared hosting provider. Do you have any sugestions? What should I send to the server admin ?

  • +
    0 Votes

    pgp

    bob_steel

    PGP -

    http://www.pgpi.org/download/

    but if you're building an application for an encryption service, NOT having SSL is an economy too far IMHO. You're talking about 35 uk quids - whassat about $70 US ?

    If $70 is too much (please help me Lord) - Then make and sign your own cert and make a 'thing' of getting the key to the customer for them to install - this can be quite impressive if you do it right. If there are lots of customers accessing your system . Maybe not try this one.

    Stop being a tight-arse and splash out on a cert. lol!

    +
    0 Votes
    gabi

    Regarding the money problem I will not comment :) ... we are from different parts of the world.

    On the other hand, I am building up this application for an exam at my faculty. So I am searching for an alternative method of securing the communication. You say "Then make and sign your own cert and make a 'thing' of getting the key to the customer for them to install" ... can you give me a link on where to search some practical information? I understand the concept of encryption key ring ... but I didn't really find anything about how to create correctly a certificate and how to use it on a web server! I will get an old server for testing so ... maybe if you know some links with useful information...

    Thank you!

    +
    0 Votes
    bob_steel

    Sorry - my comments over money were tongue-in-cheek.

    Here's a link I've just found that may be a good starting
    point:

    http://www.tc.umn.edu/~brams006/selfsign.html

    It's pretty straightforward when you get used to it.
    Another alternative is to use the key generated by
    something like webmin when it sets itself up. Or if you
    like - let me know and I'll make you a cert and mail it
    over. - FREE! lol!

    +
    0 Votes
    gabi

    I will have a look at the link. The point is to learn so first I will try to use the information you gave me in ordder to see how the things are working :)

    Thanks again!

    +
    0 Votes
    gabi

    I was able to create the certificate myself using the last link. Very usefull. I test it on the local machine. And it works ok. The problem is I am keeping my site at a shared hosting provider. Do you have any sugestions? What should I send to the server admin ?