Persist Sensitive Data In Browser? Possible?

I was wondering if these is some kind of technique so persist sensitive data out of a web app. I know that you should never store sensitive data in the local storage or cookies. Wh

Solution 1:

It is recommended to do basic threat analysis. It helps to recognise what attack vector take into account and then you can choose the right method of protecting the key. There are several possibilities of key protection. See following examples:

• you can rely on browser origin policy and assume your JS code as trusted and store the key in localstore - key is not protected from an adversary having access to the user profile
• you can let the user enter reasonably strong password each time then private need to be accessed and store the key using password based encryption and then the encrypted private key can be stored anywhere (localstore, cookie) - an adversary capable of accessing user password is able to get the key
• you can create private key encryption key by combining user password and some secret sent by server after successful authentication of the user -