[drdoom]

We have been doing this in all of our web applications for over a decade now. Essentially, whenever there is an error, we don't just display the error message as-is. All the technical or trace info it contains seems to scare users. So, we simply encrypt it and display a base64-encoded version of it. It also gets saved into a log file.

Users are more comfortable with this way: they simply copy/paste the text to us and we have all the info we need.

[grogenaut]

What happens if there's an error in the crypto handling system? Edit: Not a troll, I'm seriously interested in "minimum required functional systems" in the case.

[drdoom]

There is no other dependency in the encoder/decoder functions so there is no point of failure there. Those functions were developed a long time ago and have not changed. They work with any stream of data and automatically chop off the input after the first few hundred characters. This contains more than enough info for the developers to see exactly what caused the error.

In any case, even if, as you say, if the crypto handling system failed, and it returned nothing, there was no critical information that was lost. Only information on an error message, which you will hear from the user anyway.

[grogenaut]

Aah, I was thinking you might be encoding stack traces or equivalents which you'd want to protect a lot more than the head of user submitted data which the user chooses to re-submit through a seperate channel that is about as secure (esp for the purposes (email)) as the original channel. A hard coded key would be fine for this imho as you don't have to protect the user from the user's own data.

Cool idea btw.