Add support for client-side encryption

Here's my understanding of the proposed solution: encryption happens on the browser side by adding a js library and encrypting the field before sending it to the server. Server-side it's just a single string of text to store.

If that's the case, I feel like it mostly deserves to be its own module separate from the encrypt module. At least so far, the encrypt module is focused on key management and keeping track of what encryption method was used on which string and then being able to get the right key and use the right settings to decrypt a string. The encrypt.module doesn't add any javascript nor does it store encrypted data - it's just an api with UI for configuring the API.

If you're open to maintaining it inside this project I could see adding it here. I'm just not sure there's much overlap beyond the name.

Not sure what the other encrypt maintainers think - perhaps they can add their thoughts.

I'm all for having as many ways to encrypt and decrypt data as possible, so adding client-side functionality sounds great to me. If it's possible to integrate the client-side options to the Encrypt API, without providing a specific encryption method, we should include the integration. A separate, contributed module could then provide support for Crypton as an encryption method.

This requirement can be fulfill with password-based public-key encryption which uses ownCloud’s Data Encryption 2.0 Model. There is a advance security method available which enables client-side encryption so i think we can use this.

@colan you concern being that passwords are hashed server side? and server would know passwords in plaintext?

One possibility is for users to create another passcode / password when registering that would encrypt RSA's private key with symmetric AES-256. Keys generation would happen client side (both RSA pair and AES encryption) so server would know the passwords used for encryption at all.

Another security mechanism would be "scrambling" keys array for each encrypted data => working on hashes will decrease assigning of user => key by an attacker.

For better security password may be entered every time that encrypted data is accessed (JavaScript prompt), this way the passhprase is not stored on the client (e.g. localStorage, cookies). That would also decrease harm of possible mitm / code injection attacks. May use another auth mechanism already existing in Drupal, I think that's a good idea to keep user passwords and encryption passwords separate.

On security of web client-side encryption: http://www.cs.tufts.edu/comp/116/archive/fall2015/mseltzer.pdf

Can share my design document upon request.