1

Using web crypto API and it won't let me store an AES key in the indexeddb (it requires a public/private key).

Does anyone have suggestions on how to do this? Should I/could I create a public/private key, store it in the indexeddb and use it to secure the AES key?

The idea is to have shared workspaces for messages and documents, all encrypted with AES. The AES key is generated client side by the person creating the workspace and then distributed to each member. The server should never be able to access the key (needs to be zero knowledge).

kaboom
  • 11
  • 2
  • E2EE - don't want the server (or db ) knowing anything about the key. The key is generated client side, then secured , stored and then has to be shared with every other member in the workspace so they can encrypt/decrypt. – kaboom Feb 19 '20 at 15:43
  • Why don't you use existing solutions like sparkleshare – kelalaka Feb 19 '20 at 16:25
  • because this is way more than just a file share. The product already exists but we're just moving from server side to client side encryption and looking for the most secure implementation. thanks – kaboom Feb 19 '20 at 17:01
  • Is it unique AES key for each document or there is only one AES key? – kelalaka Feb 19 '20 at 17:51
  • One key per channel, multiple conversations and documents in the channel. We have all this part working - it's encrypting/decrypting on the client - just trying to figure out the best way to secure the AES key in the browser. – kaboom Feb 19 '20 at 18:03

0 Answers0