I have a pair of generated private key and public key (hard coded and never change)
Every time user visit my page, my page will send the public key to particular user.
When user login account, the user will make encryption by public key and send to my server.
My server will use the private key to decryption and do validation.
1. After I send the public key to user, where should the public key store at client-side ? SESSION or COOKIE ? (can give some example code ?)
2. How to make the Client-side encryption happen ? (because i need encrypt the data before send to server, not after sent to server) Does the encryption perform by client-browser ? How to tell the browser do the encryption and use which encryption standard algorithm that my server using. (can give some example code?)
I'm avoiding SSL, this project is my college final year project, I'm not gonna pay for the SSL