FrankChen021
commented
6 years ago if it's decrypted on the client side, how to share a page to a user who has not registered in this app?
Closed FrankChen021 closed 6 years ago
FrankChen021
commented
6 years ago if it's decrypted on the client side, how to share a page to a user who has not registered in this app?
FrankChen021
commented
6 years ago key stored at both client and server side currently. see f682cfd195e6beebdb910e4a278ccc85dd2a0a1f
after authentication by password, a request for device authorization token can be sent to sever. and the server issue a token and bind the device with the token, also, the server returns the key which is used to content encryption to client.
after that, device can log into the server with {device token, device id, key}.
at stage 2, all the encryption/decryption can be done on the client side instead of server side, so that it's more security for clients content.
as the key is also kept at the client side, a reset to main key can be supported. after environment check, the client send the {NewKey, Encrypt(key, NewKey)} to the server. also , the server clear all the device tokens to require re-login