Please see the original article for a full explanation. Please feel free to comment, question and criticize there as well!
Requires https://www.npmjs.com/package/simple-free-encryption-tool
- compiled from multiple sources and much trial and error, feel free to use and pass on
- this is not exhaustive, it's meant only as a guide
This is required to create an encrypted bi-directional channel between client and server. For initialization, the client sends it's RSA key AES-encrypted to the server using a secret delivered by a second-factor authentication device (email, sms), and the server responds in the regular format with a randomly generated message key encrypted with the RSA key and the payload encrypted with the message key.
The keys are generated when initializing the session and are stored in memory - in the browser I use HTML5's local storage, on the server I store it in a database or cached.