Encrypted Web Pages?

Martin Fick mogulguy at yahoo.com
Mon Dec 17 18:01:29 UTC 2007


--- Michael Holstein <michael.holstein at csuohio.edu>
wrote:
> 
> > Is there a mechanism to use HTTPS to 
> > preencrypt web pages so that they 
> > are encrypted on the server (and so the 
> > server does not have the keys to decrypt 
> > them!)  
> 
> Not using HTTPS per-se, but you can use SSL to
> encrypt files.

Agreed.
 
> > My initial constraints are that once the data
> > is put on the server that no one except for
> > the intended recipient could decrypt it, 
> > including the original poster, server admin...
> 
> Or, to basically do with HTTP what GPG does with
> email. The original 
> poster would necessarily need to have access to the
> plaintext, as they 
> would need to encrypt it with the end-user's public
> keys (each of them 
> individually).

Yes, but they should be able to discard it 
once it is encrypted.  (see #5 in my reply 
to Jonathan D. Proulx)
 

> I'm not a mathematician, but it can't be wise to
> store multiple copies 
> of the same plaintext encrypted by the same cipher
> using different keys 
> .. much crypto has historically been broken that
> way.

Well, I think that is exactly what you will get 
if you use pgp or gpg to send an encrypted email 
to multiple recipients. 

-Martin



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs



More information about the tor-talk mailing list