Topic: Encrypt/Decrypt PW

Hi! I am newbie @ this forum & RoR itself and I *really* need your advice :)

I have e.g. such form:

<input name="user[password]" type="password"/>

or

<% form_for :user, @user, :url => {:action => 'login'} do |form| %>
...
<%= form.password_field :password, :size => 20 %>
...
<% end %>

I have generated public & private keys in OpenSSL and want to use them for encrypted transfer of user password between browser and server.

Password will be decrypted on server using these lines:
private_key_path = File.join(RAILS_ROOT, 'public', 'keys', 'private.pem')
private_key = OpenSSL::PKey::RSA.new(File.read(private_key_path), 'fizmats')
decrypted_password = private_key.private_decrypt(Base64.decode64(encrypted_password))

And there is the big *Q* - how shall I made encryption on client-side???
probeably I could somehow use this code:
<%
public_key_path = File.join(RAILS_ROOT, 'public', 'keys', 'public.pem')
public_key = OpenSSL::PKey::RSA.new(File.read(public_key_path))
encrypted_password = Base64.encode64(public_key.public_encrypt('password'))
%>

...but how can I get password from that field *exactly at time* when form is submitted and isn't sent to server? maybe I could use JavaScript for client-side encryption, but I haven't found any library that could cope with OpenSSL's keys. :(

Re: Encrypt/Decrypt PW

You basically can't encrypt on the client side.

If you run your site over an SSL connection, the data will be encrypted by the broswer when submitted via HTTP.

Toby Hede
===================================================
FiniteStateMachine - Software Development for Social Networks
===================================================

Re: Encrypt/Decrypt PW

Also consider using a hashed and salted password storage mechanism.