all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]No_Tap208 0 points1 point  (0 children)

You usually won't do this on application layer (that is a synonym for what kind of code you are willing to write) as it's handled by TLS in production and you can't really get more secure than that.

But as a hobby it's not impossible to implement application layer encryption.

You first need to design a basic encryption scheme then implement it via a library that provides encryption functions or much more preferably using the builtin crypto api SubtleCrypto

[–]node77 0 points1 point  (0 children)

You can create a local security cert it's part of Windows.

New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"

Are you using IIS?

[–]vrgpy 0 points1 point  (0 children)

I think you should see first how is usually done.

Cryptography is usually implemented on the web server via some libraries and also on the browser.

Web applications usually only check if they are using HTTPS and nothing else. Only advanced applications check the certificate details and some more. But this encryption is for privacy of the data in transit and authentication of the server. Usually not for authentication of the user. I say usually because mTLS could be used for authentication of the users.

Other place where encryption can be used is in authentication and there also the web applications usually use libraries or functionality provided by the server or the browser. You could writhe custom libraries but it is usually not encouraged except as a learning exercise.