I have been thinking and writing some diagrams and have changed my mind.
Hypotheses:
1. Even if the user provides the public RSA key the user still can't be sure his/her/it's key is used when making the AJAX call.
2. If the TLS connection is compromised, compromised code can be added to the runtime adding keyloggers and other nasty stuff
3. RSA isn't efficient for large data blocks ( so the file downloading part I will have to approach in a different way)
Questions:
1. Is "browser" end-to-end encryption a myth? If the TLS connection is compromised doesn't that also mean that JS can be injected to sites lite ProtonMail?
New Approach:
1. Client: Before sending data to the server, Axios middleware will request
https://server.com/auth/key
2. Server: Generate keypair (maybe 2048bits if performance allows it)
3. Server: Encrypt
privateKey
with
applicationKey
(set in .env)
4. Server: Store
encryptedPrivateKey
in DB with an random
keyId
5. Server: Return
publicKey
and
keyId
to Client
6. Client: The middleware will then encrypt the original payload with this
publicKey
and also provide the
keyId
7. Client: Sends request
8. Server: Looks up
keyId
in DB and gets
encryptedPrivateKey
9. Server: Decrypts
encryptedPrivateKey
and gets
privateKey
10. Server: Decrypts request
11. Server: Handles request