0

I have encrypted the data on clientside using javascript by using the following methods.

var en_uname = CryptoJS.DES.encrypt(uname, "networks");
var en_pwd = CryptoJS.DES.encrypt(pwd, "networks");

Now I would like to decrypt them at server sude using php. How do I do that?

Rasclatt
  • 12,498
  • 3
  • 25
  • 33
Girish
  • 9
  • 3
  • whats wrong with php function? and use ssl certificate? – NullPoiиteя Nov 24 '15 at 06:55
  • 1
    Please don't use DES. It's not secure anymore. CryptoJS provides TDEA/3DES and AES. Also, you can use the [password-based approach](http://stackoverflow.com/a/27582253/1816580) in PHP and JavaScript, but you really should be using PBKDF2 to derive a key from the password. – Artjom B. Nov 24 '15 at 09:50

2 Answers2

0

You can not easily decrypt some encrypted value without having the encryption algorithm ! I guess you just want to compare the encrypted string with something... In that case you can encrypt the second value on your server-side app and just compare the two encrypted strings.

var a = encrypt('foo');
var b = encrypt('bar');
if 'foo' == 'bar' then 'a' is also == 'b'
Babak
  • 419
  • 2
  • 16
  • well what you are telling is true about hash but not for every kind of encryption http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms – NullPoiиteя Nov 24 '15 at 06:48
0

Since java script code can be viewed in client side, If you use symmetric key encryption the key is exposed. So better use asymmetric key encryption.

Try jcryption

It uses OpenSSL.

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
<script type="text/javascript" src="jquery.jcryption.3.0.1.js"></script>

And than call jCryption on your form

$(function() {
    $("form").jCryption();
});

enter image description here

Harikrishnan
  • 9,688
  • 11
  • 84
  • 127