The encryption algorithm and protocol is similar in concept to that of SSL or HTTPS.
(B) Return Encrypted Data from Server to Browser
As mentioned, the random key generated by the applet is used to perform the data encryption and
this key can be securely sent to the server by encrypting it using the public key. Thus, the
starting point must always be the applet. If the requirement was to just send encrypt data from
server to the browser, there is a need to first serve out a "dummy" page to run the
applet and sent the encryption key to the server. This dummy page is similar to the
one given in section (A) but without any data to update.
- Prepare the data at the server side
Use the update and done methods. The following is an example in jsp.
<%@ page import="endtoend.*" %>
<%
EndtoEndServer endtoEndServer =
new EndtoEndServer("/usr/safe/private.key", "password");
// You must unpack the key from the applet first
Hashtable hashtable = endtoEndServer.unpack(request.getParameter("encdata"));
endtoEndServer.update("bankaccount","201-8827381-1");
endtoEndServer.update("balance","$84,572");
%>
- Embed the encrypted data
Put the server side encrypted data to the return page. Javascript is required to decrypt the data
using the unpack method in the applet.
One easy method is to put it directly into the html javascript code.
The get method will extract the required value. The following is an example where the
decrypted data are shown in a form.
<script language="javascript">
function decode() {
document.e2e.unpack("<%= endtoEndServer.done() %>");
document.bankform.bankacc.value = document.e2e.get("bankaccount");
document.bankform.dollars.value = document.e2e.get("balance");
}
....
<form name="bankform" >
Your Bank Account Number: <input type="text" name="bankacc">
Balance = <input type="text" name="balance">
</form>
That's all there is to it! For more details, refer to the javadoc in the download.