views:

714

answers:

3

I am looking for way to encrypt string in C# and to decrypt it using JavaScript. JavaScript in this case is a scripting language for internal system, so I should not worry about people accessing private key/password which will be required for decryption.

Searching online for solution it seems that AES encryption should do the trick. I’ve looked into slowAES and RijndaelManaged solution, but had no luck getting it to work.

I’ve used C# code which Cheeso provided and received identical cipher text. But when I’ve attempted to use slowAES to encrypt same piece of data I’ve received completely different cipher.

var testString = new Array("w", "a", "t", "s", "o", "n", "?");
var test = slowAES.encrypt(testString, slowAES.modeOfOperation.CBC, "12345678901234567890123456789012", slowAES.aes.keySize.SIZE_256, new Array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0));
alert(test.cipher);

Can someone point me into right direction? I don’t care on the method, as long as I can achieve results. My goal is to take URL for example:

www.test.com/clientid=123

use .NET (C#) to encrypt it to look like

www.test.com/clientid=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh

and then use JavaScript to convert it back to

www.test.com/clientid=123

Thanks, ITRushn

A: 

Encryption/decryption operations occur on binary data. Therefore, you must preserve that binary data between C# and javascript. Encoding the output as a base64 or hexadecimal string is probably the best way to do that.

Reason why I need to implement this is to improve security. That’s why I am looking for a way to encrypt using a key, and to decrypt it on other side using same key. Base64 or hexadecimal will not provide any level of security since they don’t require key to be decrypted.
ITRushn
John is not suggesting you use base64 for encryption, rather just for transport of the encrypted text so that it's not corrupted in transit.
recursive
Ohh that’s make sense, but it’s a secondary issue which I’ll deal with once I’ll figure out the first one.
ITRushn
A: 

Option 1

If your only intent is securing sensitive data between the server and client that is a solved problem, use SSL.

Option 2

  • given the url www.test.com/clientid=123

  • use .NET (C#) to encrypt it and to point to a different location: www.mywebserver.com/forward.aspx?url=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh

  • and then in the forward.aspx page, decrypt and redirect to www.test.com/clientid=123

  • the client then follows the HTTP redirect and prest-o-done. No shared keys, easy to implement, it just works.

Note:

As for your original solution it can not be done securely without COM or some other means of inter-op. The reason I say this is that the JScript would need access to a public/private key pair which, to the best of my knowledge, is not possible. Without a public/private key the server would be required to share a symmetric key with the client. With no means by which to securely transfer this key you have not secured the data, only obfuscated it.

I think the simplest approach would be to use SSL, followed by that of the forwarding URL.

csharptest.net
I do have SSL setup already; however I need to hide original value of clientid parameter. It’s not about securely exchanging information (it’s already implemented), it’s about prevent users from substituting ids.
ITRushn
Option 2 will work however once again once HTTP redirect is performed it’s easy to capture headers/packets and then use that information to substitute clientid parameter.
ITRushn
JavaScript is not being displaying on the page, so it does have access to public/private key security. It’s not traditional JavaScript which lives somewhere on the page, instead its part of larger system where JavaScript is used as scripting language to call apis. To give you better idea, JavaScript implementation in this case is similar to classic ASP. Client doesn’t see anything, since its being executed on the server level.
ITRushn
OIC, makes more sense now. Not sure what more help I can be without understanding the system better.
csharptest.net
You still can help me to find encryption which can be used in C# to encrypt a string, and JavaScript library which can be used to decrypt that string.
ITRushn
+1  A: 

I’ve managed to solve my issue using RC4 encryption. You can get more information about implementation on my blog.

ITRushn