Cryptography solution between browser and server without using HTTPs
Hi All,
I am looking for a cryptography solution which I shall be using to encrypt the password being sent from the browser to the middle tier. My requirements are as follows :
1. I need to only send the traffic in one way ie from browser to the java tier. So I guess I only need to generate 1 public private key pair .The public key can be generated in the server but shoud be sent to the browser and through java script I want to be able to do the encryption .
2. In the java tier , I should be able to do decryption using the private key generated for that session.
3. For every user session the public and the private key should be different.
I know that the standard way of encryption between the browser and the server is HTTPs but we can't use this as we already know that many of our customers that run on an intranet do not use HTTPs. So this solution is ruled out .
I feel like already out of the box there are various implementations of public key private key system in Java and if somehow I am able to port the encryption logic from java to java script , my problem is solved. Please help .
