I implemented Felix Kling’s idea and wrote a node.js script to automate the process. Basically it takes your (original) HTML page and a password as input, and generates an HTML page that embeds an encrypted copy of the original one. When you browse to this generated HTML page, it prompts you for a password to unlock it.

This is just a proof of concept, so there’s a lot you would have to do to make this production-ready. You’d definitely want some friendly error messages if you put in the wrong password, for example. And it would probably be really irritating to enter the password every time you move between pages on the site, so you might consider saving the password in a cookie or passing it along in the URL every time. Also, as currently designed you can only have one password that everyone shares. This is a solvable problem, just re-encrypt the main key once for each unique username/password pair and put all that data right in the web page.

Anyway, here’s a demo (the password is “ItWorks”). I put the code for the tool on GitHub.

There are lots of reasons why this approach is not particularly secure, but if you really cared about security you’d pony up for web hosting with .htaccess and script support, right? 🙂