How might one arrange for these encrypted web pages residing on an (unsecure) server to get decrypted only at the client's machine? This should work as transparently as possible for the user; except possibly for a userid/password query it should look like a normal web browsing session. For now, we can assume that the decrypted web pages contain only HTML and images in .gif format.
It seems like it could be done by writing a plug-in that passed the encrypted page to pgp (or had it internally) and used that to decrypt it. The plug-in could store the pass-phrase locally and clear when the user disconnected. It *might* also be possible to do this with java. I don't know enough java to say for sure, but couldn't you build an interface that took the encrypted data passed it though whatever and then displayed it on the local screen. The applet could produce a viewer with a 'sigoff' button telling the applet to forget the pass-phrase. Comments? Joseph Sokol-Margolis joseph@genome.wi.mit.edu Systems Administrator