473,324 Members | 2,356 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Encrypt at client side and decrypt at server side

There are persons who think that encryption at client side doesn't work, because if you need to transfer critical information you can always use SSL.

But there is a big exception, and it happens when you have to fight against HTTP header readers.

As not everybody know, headers are in plain text at client side even if you use SSL, and if you use a header reader (like HTTPfox, firefox add-on) you can see any password that the client sends in any form field.

All this introduction was just to see if anyone knows a javascript encrytion library compatible with any othe ASP.net at client side.

By the way, not always two libraries are compatible even if they use the same encryption algorithm, there are a lot of other things involved, like character codes, url transformation, and not always the libraries are strictly implemented.

Any help would be appreciated.
Thanks in advance.
Oct 21 '08 #1
8 17244
iam_clint
1,208 Expert 1GB
one method I have seen to fight this is to md5 the password client side and send the md5 hash to server for verification.
Oct 21 '08 #2
one method I have seen to fight this is to md5 the password client side and send the md5 hash to server for verification.
Thanks I´m already using your suggestion, but the problem is for other confidential fields that I need to read at server side. That's why I need a simmetric encryption algorithm as AES or Blowfish.

Thanks...
Oct 21 '08 #3
rnd me
427 Expert 256MB
POST data submitted over HTTPS if encrypted.

Expand|Select|Wrap|Line Numbers
  1. <script type="text/javascript"  id = "base">function jcipher(p,s){var i=0,P=0,K=0,b="",Max=0,d=[];if(p.slice(0,3)=="zz,"){var slen=s.length + 1;d=p.split(",");p = "";var junk=d.shift(),Scc=String.fromCharCode; Max=d.length;var tr = [Max];for(var i=0;i<Max;i++) {P = d[i];K = s.charCodeAt(i % slen);tr[i]=Scc(P ^ K);}return tr.join("");}else{var slen=s.length+1;b="zz,";Max=p.length;var tr=[Max];for(i=0;i<Max; i++){P=p.charCodeAt(i);K=s.charCodeAt(i%slen);tr[i]=P ^ K;if(!(i % 40)){tr[i]+=" ";}}return b+tr.join(",");}return false;}</script>
  2.  
  3.  
that said, try a nice ciphering.
you could generate a nice long, random char password on the server when you print the page.
you then encode the data to this password using the above code.

you can then decode on the server using the same password you sent.

the code runs an any ECMA script compatible environment, like asp.
Oct 21 '08 #4
Thanks rnd me
As I see in the algorithm the same function works for encrypting and decrypting.
I will try and let you know.
Thanks again
Oct 22 '08 #5
The solution is working fine, but I need something to use in .NET
¿Can I use javascript server side in ASP.net? I don't think so...

Thanks.
Nov 4 '08 #6
rnd me
427 Expert 256MB
you could probably do it.

i use it in asp3 just fine.

you may have to be a little stricter about the var declarations,

i don't do .net on the server, (i like ecmaScript).

don't quote me on this, because i cannot find it now, but i can swear i remember using the routine in a jscript.net exe i made a while back. if the exe .net is the same as the server .net, it should be easy to get it to work. i don't remember any major rewriting of it...

if all .net is the same, and you want me to,. i can test it out in an exe.
Nov 4 '08 #7
pronerd
392 Expert 256MB
headers are in plain text at client side even if you use SSL,
This is NOT true. 1. Form data is not send in the HTTP Header. 2. ALL data sent via SSL is encrypted.



and if you use a header reader (like HTTPfox, firefox add-on).
You can see the header data with those tools because they are viewing the data before it is encrypted and sent to the server. Use a packet sniffer to see what the data actually looks like that is being transmitted to the server.

Do you really think that everyone in the world has been transmitting sensitive information across the internet for the last 15 years and no one noticed until now?
Nov 4 '08 #8
In an SSL implementation password are not exchange in http headers. They are exchanged with a key exchange algorithm as Diffie Hellmman. This is the reason for the SSL certificate usage. The certificate doesn't encrypt text. A symmetric encryption (normally AES) encrypts data. AES need a secure key that the client and the server must have. They negotiate it not in the header of the HTTP protocol but using a key exchange algorithm.

I hope this could resolve your doubt. For others details about how cryptography works you can read:

http://www.we-coffee.com/knowledge/BIB_A5R7T.aspx
http://www.we-coffee.com/knowledge/BIB_R5YWR.aspx
Sep 26 '09 #9

Sign in to post your reply or Sign up for a free account.

Similar topics

9
by: Kathryn | last post by:
Hiya I have a problem with using some client side and server side scripting together in an ASP. I'm using VBScript. What I'm trying to achieve is this - - Page loads up and some server side...
1
by: Stephen | last post by:
Hey Everyone, I have a problem with a web application due to the use of both client-side and server side script on the on-click event of a button. The client side script runs first as expected...
1
by: Stephen | last post by:
Hey Everyone, I have a problem with a web application due to the use of both client-side and server side script on the on-click event of a button. The client side script runs first as expected...
1
by: Stephen | last post by:
Hey All, I have a problem with a web application due to the use of both client-side and server side script on the on-click event of a button. The client side script runs first as expected however...
2
by: Matt | last post by:
I guess the principal differences between client-side and server-side code is that client-side code is processed in web browser, and server-side code is processed in web server. In ASP.NET web...
5
by: Mong | last post by:
Hi, I have a webform with various asp controls on it such as textboxes and dropdownlists. I'm fairly new to asp.net coming from VB6 and am wondering when it's best to use client side events and...
1
by: shri124 | last post by:
please tell me what is the difference between the client side and server side controls?
5
by: Ankur | last post by:
Hi Folks, I am new for this group. I want to clarify one thing what's a basic difference between Client Side Java Script and Server Side Java Script. how we can differentiate it. Why we called...
1
by: nudrat | last post by:
I have a form, where new text boxes are generated by onclick event of a button. The function required to generate text boxes is written in Java Script. but i have to count no of text boxes generated,...
3
by: sasimca007 | last post by:
Hello friends, I want to know what is the difference between 1.) client-side project and server-side project 2.) client-side programming and server-side...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.