pcarbonn

For a Web App, I'd like to encrypt user entries on the client side before sending them to the server (and decrypt them after receiving them from the server). The encryption salt (chosen by the user) would be saved in the session on the client-side, NOT on the server.

The benefit for the user is that his data is fully protected in case of a server breach. Also, I would have no way to see his confidential data, so he does not have to trust me so much. (On the other hand, I would also have no way to help the user recover his salt if he loses it).

I don't recall seeing that approach used anywhere. Do you know of any reason ?

Is it because of a legal requirement to be able to assist government investigation, and thus be able to read user data saved on the server ??