how to encrypt private messages so they can't be read by system administrator

I am not sure if this is the right place but lets see.

I am developing an system to send private messages from one user to an other use. Under the hood runs PHP 5.2.x .

Now I am looking for any way to encrypt private messages in a way that i cant access them. At the moment I have no idea how to realize such a system, where I don't know the encryption key.

My first idea was to combine it with something like OAuth.

Some more requirements to clarify the problem:

• Public 开发者_高级运维Webpage
• good usability

it will never work if you're doing the decryption on your server. You need to do the decryption completely on client side with javascript.

Ideas for looking for information on javascript crypto engines:

• http://www.ohdave.com/rsa/
• http://www.movable-type.co.uk/scripts/aes.html

If your users all use modern browsers with support for client side database storegae, you can use this to store the keys: an example

you should know, that it would be not very secure if you want the de-/en-cryption to be fast, or it will be really slow, because javascript is not the best language to do crypto stuff.

what about RSA and other public-key cryptography? http://en.wikipedia.org/wiki/Public-key_cryptography

You could use the Diffie-Hellman protocol to generate encryption keys that are only known to the users.

But as a user, you have to have access to those keys in order to read your messages. So you'd have to find a way to store the key at the client instead of your server, otherwise you'd still be able to decrypt the messages. This would be quite a challenge for a PHP site, so I doubt it can be accomplished.

How about you just don't store the key?