For sending the data across the network in the encrypted format in web,the ssl implementation will do that.But I wanted to sent the
password field in encrypted format.Consider the client sending
request for the myform.htm where he enters the username and password.
After submitting the form the data from the myform.htm should
go in encrypted format,so I included an applet Sapplet which
contains the MessageDigest class and generated the encrypted data.
The coded form of password can be viewed at the querystring after
submitting the form.But how to validate it at the server which
containd the actual password stored,What is required to decrypt the
data and compare it with the password stored in the database.
The request goes to the login.jsp from the the myform.htm.
How should be the jsp coded?
In that case you shall do the following :
1. Generate the key pair when the jsp page is called.
2. Send the private key to the user which can be used for encryption.
3. The encrypted message can reach you and you can decrypt with the public key.
So even in between the whole encrypted doc is exposed there should'nt be any problem.
You can use the standard JCE package for implementation of the above program.
Trust U get it.
The concept is clear but please correct in the following
proceeding which I will work with.
Considering the encrypted password to be send to the server.So the client is request is being send to the
login.jsp.Now in the login.jsp the keys will be generated
amoung which the public key is send back to the client,so
once you said the key I believe it to be .class file
and the object should work at the client place,for which
the .class file has to loaded at the client side.Is the
loading of .class file(keys) be done only by loading
After loading the public key at the client browser the
submittion of the login form should ENCRYPT the password
with the keys class of the Applet.So the data goes in the
secure format to the server.
At server the string format of the encrypted password
can be acheived which has to be converted to appropriate
object(which I dont know) in order to get the decrypted
password.That is it.
Is the flow right?
Also once we get the certifacate and send it to the
client does the public key within the certificate does
all the encryption at the back ground?
Plese let me know about this