0

I'm trying to solve the following problem:

The user has a public-private keypair. The public key is known, while the private key is kept secret by the user.

The webserver has data that was encrypted using the user's public key.

I want the user to be able to decrypt the webserver data using their private key (using a browser extension like MetaMask that has their private key stored), and then display that data to the user in a web page, while also PREVENTING the web page from being able to store that data.

Any suggestions on how this might be done?

Paul Fidika
  • 103
  • 2
  • 7
  • If the user can see it then the user can save it. – President James K. Polk Mar 09 '22 at 22:34
  • I'm not trying to stop the user from saving it; I'm trying to stop the website itself from being able to save it. Like suppose it's important personal information--I wouldn't want a malicious website displaying the data to save that information in plaintext. I would want the website to be forced to display it once and then never show it again. – Paul Fidika Mar 09 '22 at 23:28
  • I don't know if this is a thing, but maybe a protected iframe? Or maybe a (encrypted data) tag; the wallet, because it's a browser extension, could grab the encrypted data inside the and then replace it with the decrypted data after the page has rendered. Hopefully the webpage won't be able to run a script to grab data from its own DOM and read that data after the fact. – Paul Fidika Mar 09 '22 at 23:31

1 Answers1

0

Update; you can indeed do this with an iframe. Iframes are surprisingly secure actually. The browser effectively partitions the iframe from its parent, and vice-versa, even though to the user they look like they're the same page to the user. You can inject private information into a protected iframe on a webpage without giving that webpage access to the data. This is the method Stripe uses to embed credit-card entry fields directly into websites.

Paul Fidika
  • 103
  • 2
  • 7