I wrote a Java Applet which encrypts some form fields and then decrypts on the server. This works fine on desktop computers. But for tablets and mobile platforms, there’s either very limited support or none at all, especially for iOS devices.
Does there exist any alternatives for running code within the mobile device’s browser to, in my case, encrypt form fields safely?
I could write an encryption scheme in JavaScript and obfuscate the JavaScript code, but that’s a stone throw away from searching how to de-obfuscate JavaScript code.
Anyone got any ideas?
Disclaimer: I am just the messenger. I am told to write an applet, so I write an applet. They don’t want to use SSL and are doing everything they can to avoid it.
Thank you.
OK messenger:
Then it’s not the code you need to protect – you need to protect your encryption key, which means using PGP (public Key on client, private key on server).
Not quite as good as two-way SSL, so it depends on your reason for encryption. You’re still more vulnerable to man-in-the-middle attacks.
You could always generate a new PGP key pair per session, if you want to start managing this kind of state on your server.
http://www.hanewin.net/encrypt/