I have an app using HTML5 caching for an “offline mode”. When the app is offline, data is stored via javascript in localStorage to be sent to the server when the app comes back “online”. I would like to run some of this data through an encryption before sticking it in localStorage in a way that can only be decrypted on the server.
I was thinking that a public/private key would be the way to do this. Is that a reasonable way to go about things? Are there any good javascript libraries for handling this sort of thing client-side? Are there good ruby/rails libraries/gems for handling this server-side?
If you only want to encrypt data in localStorage, you can use public key cryptography. Don’t generate the keys in JS, do it server side, and send the public key with the page. Unfortunately, I don’t know any well tested and maintained crypto library in Javascript.
For the level of security you’re aiming at (just a little layer to prevent the user from reading the data), you can choose whatever implementation you want.
On server side, you can use the OpenSSL gem with the class OpenSSL::PKey::RSA.
For anyone else reading this: Don’t use Javascript crypto, it’s bad!