Sharing encrypted data between JavaScript and WebServer

advertisements
  1. I have a Rails WebServer based on REST API
  2. I have a AngularJS app, which connects to this WebServer

What is the best way to encrypt login and password on client side and decrypt these credentials on server side?


If you are using RSA you have to have keys in the browser. The keys can't get to the browser unless they go over the unsecured HTTP connection. If an attacker has the keys by sniffing the HTTP connection, and the algorithm from your javascript code, you aren't protecting anything since decrypting your traffic becomes trivial.

I suggest putting an nginx proxy in front of your web server. You can configure nginx to do the TLS handshake, and you can get a Comodo SSL certificate for less than $15 a year. I've done this myself in front of a Python server and truly, that's all it cost.