Storing semi-confidential data
I'm developing a diary/journal web-app - there are many things that make this better over using a diary but the obvious disadvantage is that you can hide your diary under the bed and be pretty sure noone is reading it. While I can say in a privacy policy I'm not going to read any entries you make that's still up to the user to trust me on that. So what I'm looking for is a method to encrypt (and decrypt) the text entries made by the user.
I'm really not very knowledgeable on encryption so I'm looking for some advice on how to do this. My main idea at the moment is to have a key that is never stored and is entered each time they login and used throughout the session to encrypt and decrypt each text entry. Again the user can't necessarily know the key is not being stored but as far as the implementation goes this seems ok. This also has the added benefit of users being able to store entries under different keys so that there isn't a single key to unlock them all.
Is there a better/more common way of doing this?
1 comment
[ 3.4 ms ] story [ 14.4 ms ] thread