I have an application that has frontend as HTML, Javascript, and backend as Java, I need to use RSA to send passwords and sensitive stuff. I'm using JSEncrpt in javascript and Bouncy castle in java. I need to know how can I manage keys. If I create keys dynamically in javascript how can I send private key to my backend or vice-versa. My javascript code is visible to user storing private key in javascript is not an option.
Javascript code:
var text = "Hello World";
var privkey="MIICdQIB..........";
var pubkey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvFZQtGLPQKV0h....";
var encrypt = new JSEncrypt();
encrypt.setPublicKey(pubkey);
var ciphertext = encrypt.encrypt(text);
console.log("ciphertext : " + base64ToHex(ciphertext));
var decrypt = new JSEncrypt();
decrypt.setPrivateKey(privkey);
var plaintext = decrypt.decrypt(hexToBase64(cipher));
console.log("plaintext : " + plaintext);
and for java code see example on : http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html