(no title)
md-
|
8 years ago
the whole thing is basically a webmail service, but the client provides crypto-functions to encrypt and decrypt messages locally using a smart card reader. The client software has an API which is provided as a webservice on localhost:9998 (FQDN: bealocalhost.de). At first they ran this service with a certificate that was signed by a trusted CA. I reported them for disclosing the private key of that cert.
Communication between the client (java-application) and the webmail service (website) is done via javascript in the browser, which connects to services on localhost using websockets.md
No comments yet.