Search code examples
javascriptnode.jsencryptiondesktop-applicationoffline

Secure SCORM content in Offline player

I am developing Desktop Application (which launches a zip containing index.html in browser). I want to secure that zip from end user so that zip's content can not be accessed without App.

NOTE: zip will consist couple of HTML, JS and CSS files and my app will consume it by displaying it's index.html file in browser.

I can encrypt my content but before using/launching content's index.html (through my app in browser) I will have to decrypt and extract zip into local file system. At that time user will get access of decrypted content. Is there any way to somehow keep decrypted content in in-memory from where browser can access HTML file and display them?

Solution

  • The options you have:

    1. one of in-memory filesystems: the simplest and the least useful that answer directly the question "a way to somehow keep decrypted content in in-memory from where browser can access HTML file and display them". If you are going to use a standard browser, the content should be accessible to it, so the user can read it as well.
    2. local web server: no much better, if you keep using standard browser. You can use something like electron's webview or alternative embedded browsers in combination with client certification. This way you can ensure the content is being visible only in legitimate browser. It can be done with nodejs (+ desktop integration) and will protect the content from non-technical users. Anyone with a bit of coding skills will be able to reverse-engineer it tho.
    3. custom web browser: a regular compiled desktop app. You will need to implement your own browser, and can decrypt the archive directly in the app's memory.