I am looking for something like https but back. The user generates his private key (in advance), and then (only later) provides the web application with the associated public key. This part of the exchange should (if necessary) take place out of band. The connection is then encrypted / decrypted using these keys.
I thought of some weird JavaScript approaches for implementing this (from the client’s point of view: form submissions are encrypted when they exit (in response to ajax) the web content is decrypted. I admit it’s terrible, but you can "I deny it would be a fun hack, but I wondered if there was anything there ... something is commonly used in browsers and web application servers.
This primarily refers to compromised security when (unconsciously) exchanges through a rogue access point that can intercept https connections and issue its own certificates. Recently (on my own network) I recreated this and (with horror) soon saw my Gmail password in plain text! I have a web application that only I and several others use, but where security (in terms of training) should be at the highest level.
I must add that the solution should not be practical
In addition, if there was something inwardly wrong in the process of my thought, I would greatly appreciate it if someone would set me on the right path or direct me to the appropriate literature. Science is not about finding the best answers; the science of shaping more complex issues.
,
O∴D