0

How can I store sensitive client user information in my backend without having the ability to decode data? But the user can request this data from backend on another client and can decode data.

For example, lets assume a backend and 2 clients. Client 1 can send data to Client 2 but the communication is async and the backend has to store this data. But the backend has to assure client users that it has no intention on reading the data and no ability to decode this data.

Iarwa1N
  • 315
  • 1
  • 9
  • What is "backend"? Do you mean a network server? If so, how can it be possible to ensure the client users the data won't be misused? They can never know that for sure - it will always be a case of trust. – Squonk Nov 03 '13 at 18:08

1 Answers1

1

You could implement the principle of PGP:

Client 1 would be left on the image, client 2 on the right, and your server inbetween.

Client 1 would be left on the image, Client 2 on the right, and your server inbetween. Since the clients only need to know each other's public keys, your server can take care of exchanging their keys. The only trust issue that could arise is the storage of the private keys: this would be handled by your app. Clients have to be sure that this is handled in a proper way. One way for them to check would be to decompile your app.

Community
  • 1
  • 1
ln e
  • 1,095
  • 1
  • 7
  • 16