Menu
We are building an offline web app that uses indexedDb for storage of data on the client side. Data will be stored offline and when there is network it will sync this data to a server.
Problem
We are using aes to encrypt the data in the indexedDb but we are not sure how to manage the encryption key on the client side. There seems to be no way to maintain an encryption key in javascript without it being available to anyone that can use dev tools. We cannot rely on the server since the app might not be able to connect to the server for weeks.
Does anyone have any ideas as to how we can securely manage this encryption key on the client side?
893
AFAIK there is no 100% security to the information that is stored offline. But you can give very tough time to the hackers/crackers by minifying and obfuscating your JavaScript files.
Example :
http://dean.edwards.name/packer/
http://www.danstools.com/javascript-obfuscate/index.php
If you don't want to submit your valuable algorithm online, then try searching for minifying/obfuscating tools which works offline.
Hope, this answer helps you.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
