Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a Chrome extension that I am working on that will POST data to a remote server. I wish to encrypt the data before it gets sent. My server doesn’t have HTTPS so I have to send it over plain HTTP.
I currently use RSA 4096-bit public key encryption in the extension in Javascript, and SHA1 hash the data and send the hash and encrypted data via an Ajax post request.
Is this acceptable encryption to be sent over HTTP?
Client: Hash your message. Append the hash to your message. Encrypt your message + hash. Send your encrypted message + hash.
Server: Decrypt your message + hash. Split the message and the hash. Hash the message. Make sure that the hash on the server side is the same as the hash from the client side. If these don’t match, then there was either some bits that switched on the wire, or someone has altered your message.
And yes, RSA 4096-bit public key encryption is more than sufficient.