tags:

views:

714

answers:

3
Q: 

Encrypt in C# decrypt in JavaScript

I am looking for way to encrypt string in C# and to decrypt it using JavaScript. JavaScript in this case is a scripting language for internal system, so I should not worry about people accessing private key/password which will be required for decryption.

Searching online for solution it seems that AES encryption should do the trick. I’ve looked into slowAES and RijndaelManaged solution, but had no luck getting it to work.

I’ve used C# code which Cheeso provided and received identical cipher text. But when I’ve attempted to use slowAES to encrypt same piece of data I’ve received completely different cipher. 

var testString = new Array("w", "a", "t", "s", "o", "n", "?");
var test = slowAES.encrypt(testString, slowAES.modeOfOperation.CBC, "12345678901234567890123456789012", slowAES.aes.keySize.SIZE_256, new Array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0));
alert(test.cipher);

Can someone point me into right direction? I don’t care on the method, as long as I can achieve results. My goal is to take URL for example:

www.test.com/clientid=123

use .NET (C#) to encrypt it to look like

www.test.com/clientid=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh

and then use JavaScript to convert it back to

www.test.com/clientid=123

Thanks, ITRushn

A: 

Encryption/decryption operations occur on binary data. Therefore, you must preserve that binary data between C# and javascript. Encoding the output as a base64 or hexadecimal string is probably the best way to do that.

 2009-09-24 00:09:48
Reason why I need to implement this is to improve security. That’s why I am looking for a way to encrypt using a key, and to decrypt it on other side using same key. Base64 or hexadecimal will not provide any level of security since they don’t require key to be decrypted.
ITRushn  2009-09-24 00:19:16
John is not suggesting you use base64 for encryption, rather just for transport of the encrypted text so that it's not corrupted in transit.
recursive  2009-09-24 00:56:39
Ohh that’s make sense, but it’s a secondary issue which I’ll deal with once I’ll figure out the first one.
ITRushn  2009-09-24 17:57:19
A: 

Option 1

If your only intent is securing sensitive data between the server and client that is a solved problem, use SSL.

Option 2

  • given the url www.test.com/clientid=123

  • use .NET (C#) to encrypt it and to point to a different location: www.mywebserver.com/forward.aspx?url=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh

  • and then in the forward.aspx page, decrypt and redirect to www.test.com/clientid=123

  • the client then follows the HTTP redirect and prest-o-done. No shared keys, easy to implement, it just works.

Note:

As for your original solution it can not be done securely without COM or some other means of inter-op. The reason I say this is that the JScript would need access to a public/private key pair which, to the best of my knowledge, is not possible. Without a public/private key the server would be required to share a symmetric key with the client. With no means by which to securely transfer this key you have not secured the data, only obfuscated it.

I think the simplest approach would be to use SSL, followed by that of the forwarding URL.

csharptest.net  2009-09-24 00:50:36
I do have SSL setup already; however I need to hide original value of clientid parameter. It’s not about securely exchanging information (it’s already implemented), it’s about prevent users from substituting ids.
ITRushn  2009-09-24 01:09:44
Option 2 will work however once again once HTTP redirect is performed it’s easy to capture headers/packets and then use that information to substitute clientid parameter.
ITRushn  2009-09-24 01:10:28
JavaScript is not being displaying on the page, so it does have access to public/private key security. It’s not traditional JavaScript which lives somewhere on the page, instead its part of larger system where JavaScript is used as scripting language to call apis. To give you better idea, JavaScript implementation in this case is similar to classic ASP. Client doesn’t see anything, since its being executed on the server level.
ITRushn  2009-09-24 01:11:04
OIC, makes more sense now. Not sure what more help I can be without understanding the system better.
csharptest.net  2009-09-24 03:31:05
You still can help me to find encryption which can be used in C# to encrypt a string, and JavaScript library which can be used to decrypt that string.
ITRushn  2009-09-24 17:58:51
+1  A: 

I’ve managed to solve my issue using RC4 encryption. You can get more information about implementation on my blog.

ITRushn  2009-10-17 07:56:10

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?