Are there any asymmetric encryption options for JavaScript?

Question

I have to transfer some sensitive information over a JavaScript AJAX Call, over an unencrypted channel (HTTP, not HTTPS).

I\'d like to encrypt the data, but encrypti

Answer 1

asymmetric public key/ private key is the only way to do this. To protect against MIM attacks the server can hash the public key with the users password, then the user (in the browser) re-computes the hash - if they match then the user can be confident that the public key sent from the server has not been tampered with - this relies on the fact that only the server and the user know the users password.

PS I wanted to write this as a comment as that would be more appropiate than an answer, but I don't have enough points :)

See:openpgp.js for examples