General discussion

Locked

Communication encryption - other methods

By gabi ·
I have created a web application php / mysql based.
Now I have a little problem: being an encryption service it should be run on a secured line ? that means the communication between the server [Apache in this case] and the client?s browser should be secured. I know about the SSL communication but that means you need a certificate. In this case the communication is encrypted so if some one tries to intercept the communication it will not be able to se the information in plain text. A certificate is rather expensive for me right now so I am asking about alternatives. I was thinking about a java script function to encrypt the information on the local machine and than, encrypted information is sent via internet to the server where it should be decrypted and encrypted using the strong well known algorithms supported by mcrypt extension, before stored in the database.
I would need/like an opinion regarding the use of java script function to encrypt the information before sending it on the ?wild?  ? I don?t expect this method to be stronger than a certificate and a SSL connection, but what are the other options to protect the information traveling over internet? Maybe some example of good java script functions? I have seen only very light functions ? more to be use in didactic scopes!

Thank you in advance!

http://antisystem.info

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

pgp

by bob_steel In reply to Communication encryption ...

PGP -

http://www.pgpi.org/download/

but if you're building an application for an encryption service, NOT having SSL is an economy too far IMHO. You're talking about 35 uk quids - whassat about $70 US ?

If $70 is too much (please help me Lord) - Then make and sign your own cert and make a 'thing' of getting the key to the customer for them to install - this can be quite impressive if you do it right. If there are lots of customers accessing your system . Maybe not try this one.

Stop being a tight-arse and splash out on a cert. lol!

Collapse -

How to ?

by gabi In reply to pgp

Regarding the money problem I will not comment :) ... we are from different parts of the world.

On the other hand, I am building up this application for an exam at my faculty. So I am searching for an alternative method of securing the communication. You say "Then make and sign your own cert and make a 'thing' of getting the key to the customer for them to install" ... can you give me a link on where to search some practical information? I understand the concept of encryption key ring ... but I didn't really find anything about how to create correctly a certificate and how to use it on a web server! I will get an old server for testing so ... maybe if you know some links with useful information...

Thank you!

Collapse -

no problem

by bob_steel In reply to How to ?

Sorry - my comments over money were tongue-in-cheek.

Here's a link I've just found that may be a good starting
point:

http://www.tc.umn.edu/~brams006/selfsign.html

It's pretty straightforward when you get used to it.
Another alternative is to use the key generated by
something like webmin when it sets itself up. Or if you
like - let me know and I'll make you a cert and mail it
over. - FREE! lol!

Collapse -

Thanks

by gabi In reply to no problem

I will have a look at the link. The point is to learn so first I will try to use the information you gave me in ordder to see how the things are working :)

Thanks again!

Collapse -

Done :)

by gabi In reply to no problem

I was able to create the certificate myself using the last link. Very usefull. I test it on the local machine. And it works ok. The problem is I am keeping my site at a shared hosting provider. Do you have any sugestions? What should I send to the server admin ?

Back to Networks Forum
5 total posts (Page 1 of 1)  

Hardware Forums