4

I would like to have a public key encryption where i want some javascript function to encrypt some data. Is there any Javascript encryption techniques with high security?

Thanks

user229044
  • 232,980
  • 40
  • 330
  • 338
user695663
  • 11,856
  • 8
  • 26
  • 32

4 Answers4

8

Javascript AES encryption provides a good solution to this question.

I think that encrypting things with javascript can work just fine, if you have a good use case for it. The fact that the code is open shouldn't matter at all, because encryption algorithms are well known anyway. Where you are going to run into problems is the way in which the private key is supplied. DO NOT put the private key in your javascript code. The key should be provided by the user only. As long as you follow that rule, you should be good.

Community
  • 1
  • 1
Dustin Wilhelmi
  • 1,769
  • 2
  • 13
  • 27
  • 1
    +1 for actually answering the question. There are *some* valid use cases for this (for example, a HTML5 offline app). – Kevin Tighe Mar 25 '13 at 21:47
0

I would generally suggest that there is little reason to encrypt anything in JavaScript. If you need to transport something over the wire, utilize a secure wire protocol instead.

JavaScript has a number of deficiencies for this sort of thing, not the least of which is the fact that it sits in very accessible memory space if used in a browser context.

John Green
  • 13,241
  • 3
  • 29
  • 51
  • 3
    I hate when everyone fails to mention that ssl/tls is not a secure protocol, but in fact prone to attacks, especially from goverments which all serious security statements should ultimately consider. If you can't trust the NSA or the certificate provider, how can I ensure security between the user and my server? Further more, the user should also be protected against me, the server! I believe ssl/tls + javascript encryption is the way to go, and the motivitaion is secure javascript delivery + isolated private and public key generation. – mjs Jan 10 '12 at 09:37
  • The random key problem can be addressed by having the user move the mouse and enter keys as a true random generator. – mjs Jan 10 '12 at 09:38
0

javascript code is in plain view online so any encryption method via javascript will be plainly visible, i don't think there's any realistic way to do that without using a server side language (i.e. php)

blackbourna
  • 1,223
  • 2
  • 16
  • 29
0

If you put your web page(s) under https, then ALL your data will be encrypted, no need for additional algorithms/libraries/headaches

Tudor Constantin
  • 26,330
  • 7
  • 49
  • 72