ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
all my searches keep matching free Javascript tutorial sites. but what i am looking for is sites offering free Javascript code. anyone know how to get search engines show the free code sites?
i am looking for Javascript code that can take text entered on a form and encrypt it with a given key or passphrase before sending it to the server. also code to decrypt what comes from the server before it gets displayed or saved.
or maybe i do need to learn Javascript (i hope it can invoke SSL).
You shouldn't be searching for "code sites" that provide untested buggy snippets, instead search for tested and standardized libraries for the relevant piece of functionality.
As for that example, you don't need any JavaScript - the functionality is already included in every browser/client and every server - all you need to do is add a single letter 's' in the URLs, after the word http and before the colon, and your requests and responses are automatically encrypted and decrypted at the appropriate points.
You shouldn't be searching for "code sites" that provide untested buggy snippets, instead search for tested and standardized libraries for the relevant piece of functionality.
that's good advice i should be attentive to.
Quote:
Originally Posted by boughtonp
As for that example, you don't need any JavaScript - the functionality is already included in every browser/client and every server - all you need to do is add a single letter 's' in the URLs, after the word http and before the colon, and your requests and responses are automatically encrypted and decrypted at the appropriate points.
what i am trying to achieve is end-to-end security with encryption the server cannot decrypt. the server is just like a file server with some added automation to queue and find messages as well as store them and fetch them. so HTTPS cannot do this since it decrypts at the server. however, all this would be done in the secure transport HTTPS provides. the idea is that i can store a message and another person with the right key can fetch it, decrypt it, and read it.
what i am trying to achieve is end-to-end security with encryption the server cannot decrypt. the server is just like a file server with some added automation to queue and find messages as well as store them and fetch them. so HTTPS cannot do this since it decrypts at the server. however, all this would be done in the secure transport HTTPS provides. the idea is that i can store a message and another person with the right key can fetch it, decrypt it, and read it.
I’d do that by saving the message at a location requiring login to access…encryption of the content is not necessary if only “person with the right key can fetch it”. Use the web server auth functionality.
I just want to be clear on what you’re actually trying to solve. Are we talking about a site that users log into? Does it currently have user accounts, any kind of authentication, and/or a registration system?
The reason I’m asking is because I think the answer is no, and you’re trying to add a layer of security without having to change it to yes. Your incredibly strange problem statement makes a lot more sense that way.
I’ll make a leap here. I know the answer is no, and you just want to have freeform “key” fields in the forms to submit and retrieve messages. In that case, I’d just implement a Caesar cipher. You can do that without looking at an example, can’t you?
And no, you can’t use SSL for that. If only because you’re talking about a symmetric encryption scheme and SSL is an asymmetric encryption scheme.
What we now have here is a classic "XY Problem." What you are really asking for is not what you initially asked for.
And, happily for you, what you are asking for is a problem that has already been thoroughly and completely solved – several times, in fact.
Now, as to your original question: two essential sites are GitHub and SourceForge. Both of these are "code repository sites" which use the git version-control system but which also allow files and entire projects to be downloaded directly. You need to keep both of these sites in your online Rolodex, because they can save you a lot of time.
Basically – today, no matter what it is that you are setting out to do, you should assume that "somebody else has already done it, much better than I could, and then shared it with the world." You stand on the shoulders of incredibly-generous giants.
(Although, as a Linux user, I guess you knew that already?)
Quote:
Actum Ne Agas:"Do Not Do A Thing Already Done."
For example, I recently had a client who planned to build a "ticket system" in PHP. They expected to take about a year to do it ... until I was able to point out that such a system already existed, which had taken the contributor(!) longer than this to develop. Therefore, it took just a month or so of "kit-bashing" to get them extremely close to their business goal. This sort of thing happens all the time now. One can only speculate how much salary-expense this company had spent on initially doing this ... yet they gave it away.
Last edited by sundialsvcs; 01-14-2022 at 11:25 AM.
I’d do that by saving the message at a location requiring login to access…encryption of the content is not necessary if only “person with the right key can fetch it”. Use the web server auth functionality.
i want to create a server where it can be shown (by looking at the client side code) that even the server (operators, admins) cannot access the message at any time. unless it is encrypted, anyone with physical (including court ordered) access to the server can read any message. anyone can promise not to read any message, but failure to comply with a court order can result in a raid by a law enforcement agency. so a promise is not good enough.
i would also require login access (in HTTPS) to the server to store or fetch or even produce a list. even logged in users would not be able to discover names of other users.
And no, you can’t use SSL for that. If only because you’re talking about a symmetric encryption scheme and SSL is an asymmetric encryption scheme.
either symmetric or asymmetric would work. users could substitute any encryption they want to use. asymmetric would have some potential benefits for the users.
HTTPS would be used to protect the login and completion of the session.
login would be used to control service access so that this resource can be limited and users can limit who gets to know of or confirm their activity.
client encryption would ensure the server and its operator(s) cannot read any clear message. savvy users could add another layer of encryption.
issues i still need to work out include the server logging relationship between IP addresses of user pairs that store and fetch a message (8.8.8.8 stores a message that 1.1.1.1 fetches both the day before a big event).
LOL. Someone here wants to be the next Julian Assange. And he starts by asking or "free code sites".
Anyway, there's a prefab solution for this. You just replace the "messages" with GnuPG-encrypted email.
Julian Assange never made it so he could not know about the content he handled.
if GnuPG were in JavaScript, lots of useful code could be found there. i don't want this design to require users to copy and paste content between applications.
if i do this as a distinct client in python maybe i can find what i need. python seems to be fairly portable and there is a lot of free code including strong encryption.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.