Reputation: 1257
SSL using self-signed cert over Node.js
Some reference material for SSL using Node.js: http://nodejs.org/api/https.html
I need to build a proof of concept secure SSL connection between a Node.js server and a browser.
The client needs to encrypt the data it sends and then the server needs to store that data in the database encrypted.
I guess this means I need client side JS to encrypt the data? How would I go about doing this if so (client OR server)? Thanks!
Upvotes: 0
Views: 114
Answers (1)
Reputation: 93948
For the client you have no alternative than to use the build in browser TLS/SSL. You can implement JavaScript SSL if it would come to that, but you cannot distribute a trusted database of certificates to the browser.
Once a secure and trusted path has been created from client to server, you can additionally encrypt data using a public (RSA or EC) key send to the client and hybrid cryptography. That way you can use application level cryptography on top of transport security - although the application level crypto will always be dependent on the security and trust that TLS/SSL provides.
Whatever scheme you will be using, you must understand cryptography and the issues with JavaScript cryptography in the browser if you go this route. Just coding stuff won't give you any security, only a false sense of security.
Upvotes: 1
Related Questions
- nodejs - error self signed certificate in certificate chain
- How do I use a self signed certificate for a HTTPS Node.js server?
- Trust self-signed certificate | express
- Make request with a self-signed cert in js (using request-promise from npm)
- Node HTTPS request SELF_SIGNED_CERT_IN_CHAIN
- NodeJS application and HTTPS with Certificate
- Https server with self signed certificate
- Using Node's crypto Library to Create a Self-signed Certificate?
- How do I trust a self signed cert using https?
- HTTPS proxy with a self-signed certificate in Node.JS