Is there any javascript function that can encrypt data: For example i want to use encrypted data in my URL passed by ajax GET request,
http://sample.com/mypage/TDjsavbuydksabjcbhgy
where TDjsavbuydksabjcbhgy an encrypted data equivalent to 12345. Now i want to retrieve that data in PHP by decrypting it, so that i can use the 12345.
Is it possible? or any suggestion on how to do that.
Thanks in advance.
I'm not sure what you would gain by doing encryption in javascript. Your entire routine and encryption key are effectively available to the public. If you are trying to protect against sniffing, you should use SSL.
You could use AES + Base64, there's a JS aes library at http://www.movable-type.co.uk/scripts/aes.html, should be doable in php as well http://www.movable-type.co.uk/scripts/aes-php.html.
What you are probably looking for is RSA encryption. You generate a key for your server to use which has a public version and a private version. Your javascript will contain the public version which can be used to encrypt the data, and your php will use the private version to decrypt the data.
As a jumping off point, you can start here for javascript public/private key examples: http://shop-js.sourceforge.net/crypto2.htm
And here for the PHP side: http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/
I think you will have to use SSL to encrypt everything.
I found (Bridge between server and client) is the perfect way. the server-side encrypting and decrypting using php is not the matter. but client side and javascript encrypting means no Security because your code, encryption key, alghoritm and all is available for public users. (I found this answer and SSL use as described above). Finally i encrypt both client and serverside with a trick. you can load you random encryption key first of php script and use it in your jquery and so every user have many keys per request which will be usefull for same request. every session encrypted afterwards it's a unusable key. For Maximum Security you can extend this idea (Because of some security purpose I can't describe more but Solved this way.) Example: index.php
<?php
$curl = curl_init();
$url='http://some.xyz/keygen.php';
###we set url in a var to insure that anyone can't change it way.
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$reply=curl_exec($curl);
//$reply-< session key is generated in another page and replied to this
//ex :15984762255sadasf4a5sfd5asfda745
?>
Client-side(same index.php page)-using forge or cryptojs for encrypting: we echo random generated recieved key for encryption by php in jquery script and do this for all inputs of form.**
<script>
$('#form').find('input').each(function(){
rsa.keypair = keypair;
var pemPublic = forge.pki.publicKeyToPem(<?php echo($reply); ?>,
encoded=rsa.keypair.publicKey.encrypt($("#cleartext").val()),
final = forge.util.encode64(encoded);
</script>
Send Final by ajax and decrypt server side by php. Don't forget You Keep Private key for decryption in database or any safe place for decryption. Notice : You must do many shortcuts like this to achieve 100% secuirty. Hope To Be Helpful.
