Browser-based encryption/decryption with private key from browser keystore

Asked 6/10, 2012 at 23:21 Answered 25/5, 2020 at 20:18

Solved javascript encryption client-side

My situation:

Medical staff wants to enter sensitive data of patients into a web browser (!) in order to store it to some database and later retrieve it again.
These data are not allowed to be seen by anyone else except the medical staff itself. This means that it must be encrypted using some secret token before it is transferred to the server. It also means that neither IT staff (having access to the server/database) nor anyone else should be able to decrypt it without the secret token. (If the token is lost, the data would never be accessible anymore.)
No additional software should be installed on the client machine, except some token (e.g., a private key) that one would export once and import it into all browsers from which data access should be granted.

So my question is:

Is there a way to encrypt/decrypt data on the client-side (e.g., using JavaScript) using some secret browser token that can be exchanged between browsers easily (I.e., exported/imported similar to X.509 certificates)?

If not, which alternative solutions would be possible? Since conditions 1 and 2 are mandatory, only condition 3 may be modified, if necessary. However, still as little installation effort as possible should be necessary on the client-side.

EDIT: SSL is obviously only part of the answer to this question!

Sedberry answered 6/10, 2012 at 23:21 Comment(4)

I've got three letters for you: S, S and L. – Crowns 6/10, 2012 at 23:42

No, please read my question carefeully. – Sedberry 7/10, 2012 at 11:32

I don't have the answer, but probably looking into how OAuth works may give you sime ideas. – Arianaariane 7/10, 2012 at 15:49

Have you looked at Virgil Security? Its what I use. Granted I am not dealing with hospital data but you can manage access by encrypting the data for a certain set of users PK's. – Broadleaf 25/5, 2020 at 20:30

Take a look at Web-browser encryption of personal health information, whose "Abstract" section seems to describe your same problem. However, their "passcode" that generates the encryption key must be shared, which wouldn't let you differentiate medial staff.

We describe a system for remote data entry that allows the data that would identify the patient to be encrypted in the web browser of the person entering the data. These data cannot be decrypted on the server by the staff at the data center but can be decrypted by the person entering the data or their delegate. We developed this system to solve a problem that arose in the context of clinical research, but it is applicable in a range of situations where sensitive information is stored and updated in a database and it is necessary to ensure that it cannot be viewed by any except those intentionally given access.

Swallow answered 20/4, 2013 at 23:24 Comment(3)

Thanks for your suggestion! In principle it works. We found already a similar implementation, inspired by code.google.com/p/memwords, which follows the same approach. – Sedberry 29/4, 2013 at 21:16

@Sedberry A way to get around requring a single key is a method I found out is used by, I think, boxcryptor. When some data is created, a symmetric key is created on the user's side (in this case the browser), which is then encrypted with that users asymmetric public key and sent to the server. If that user wants to share that data, they need to take that symmetric key and encrypt it with whatever staff member's asymmetric public key and store that on the server in addition to their own (and any other) encryptions of that symmetric key. ... (continued below) – Lambrecht 10/3, 2016 at 3:42

On access, a user downloads the key encrypted with their public key, decrypt it, and use the symmetric key to decrypt the main data. This still requires that the symmetric key is exposed to everyone who has access, but they can all use different asymmetric key pairs. If a user is removed from access, the data must therefore be reencrypted with a new key. – Lambrecht 10/3, 2016 at 3:43

There's a javascript implementation of AES encryption which encrypts the plaintext in the browser. If you build something around those tools, the server side would store only the encrypted text and would not have the passphrase.

http://www.fourmilab.ch/javascrypt/

Shouldn't require any extra installation on the client side, but probably will require some development effort to get the user experience right.

Mullen answered 4/11, 2012 at 21:24 Comment(0)

Due to ProtonMail's efforts, there is now an open source PrivateKey implementation in the browser at: https://openpgpjs.org/

This has had multiple security audits and is the basis of protonmail.com, so it has a fairly good records and maintainer in place. They also have a good summary of important security browser models.

Moscow answered 15/3, 2018 at 11:26 Comment(0)

The Web Crypto API has pretty good support in all modern browsers. It supports many algorithms, both symmetric and public key. With a good reminder for the user to keep their keys secure and may be backed up somewhere else, this should be the way to go.

Demount answered 25/5, 2020 at 20:18 Comment(0)

Recommended topics

Hot tags