10
End-To-End Encrypted (EE2E) Websites?
(lemmy.world)
Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development
Web development is the process of creating websites or web applications
Some webdev blogs
Not sure what to post in here? Want some web development related things to read?
Heres a couple blogs that have web development related content
Honestly I would rely on just using HTTPS if you can, it's very easy to get crypto stuff wrong.
My old self-implemented encryption implementations were absolutely horrible. I did not understand what salting was, IVs, or any of that. Most of which I still don't. The application I developed at the time was using AES, a symmetric encryption algorithm, which meant that if you were to decompile or take it apart, you'd have access to the same keys being used by the backend server - meaning that while data was technically "encrypted", all the keys were freely accessible to decrypt any traffic that was intercepted. Thankfully the application (an offsite smartcard authentication client) has been long been put out of use, and the backing infrastructure no longer exists.
Aside from that, here's an interesting write up of how Valve used a javascript RSA implementation prior to HTTPS being as widespread as it is now: https://web.archive.org/web/20210108003523/https://owlspace.xyz/cybersec/steam-login/ (provided archive link as original site no longer exists). RSA is not a symmetric algorithm so worked fine for this, at least for back then in that time period.
If you would still prefer to not use HTTPS, I would strongly recommend using something well known and popular, like Signal's battle tested E2EE protocol (used for RCS messages and WhatsApp messages)