Is there a way to develop and website using JS (and perhaps PHP) to create an E2EE website. Were all packets sent between the server and the userw device are E2EE, wrapped in a layer of encryption?
I know there is HTTPS but I am looking for something stronger than HTTPS.
By using some JS or PHP E2EE package, would I have to write or structure the website code very differently than you normally would?
Mega uses your account password to decrypt a master key, they only store the encrypted master key on the servers. And all the files you upload and download are decrypted with the same key, and the password never leaves your browser. Thus Mega doesn’t have any visibility in the contents of the files and doesn’t have the ability to decrypt the key nor the files.
It’s fully transparent to the user, no skills required. It pretty much just works. The only downside is if you lose your password your files are gone, there’s no password recovery. And of course if your password leaks, 2FA doesn’t get you very far.
And it’s an extremely bad customer experience to be unable to restore your user’s files, so it doesn’t get used that often because users don’t care. They trust the company and don’t care how safe or unsafe it is, but they want their files to be there without hassles.