views:

2272

answers:

7

I'm developing an ASP.NET MVC application in which I want to encrypt a short string on the server, using C#, and send it to the client-side.

Then on the client-side it will be decrypted through Javascript code.

Any thoughts on how to implement this?

Do you know of a simple encryption algorithm (doesn't have to be bullet-proof secure) that can be easily translated from C# to Javascript or vice-versa?

NOTE: I could do this entirely in C# and do the decryption through Ajax, but I'd prefer not to do it this way, as I want to reduce website traffic as much as possible.

A: 

Can you use HTTPS to encrypt all traffic between the client and server? This is probally the most secure method that you will find.

JoshBerke
I'd rather not use HTTPS, since this is just a simple "brochure" site, and all I'm encrypting is email addresses, in order to spam-proof them.I don't want to go through the hassle of setting up HTTPS.
jonathanconway
Who are you trying to protect the data from then?
JoshBerke
+1  A: 

In terms of the simplest thing that could possibly work, it seems that you want a simple form of obfuscation, rather than anything really secure.

Rot-13 might be enough, provided that you're dealing with an audience with ASCII email addresses. If you need to support Unicode, then you might need something slightly more sophisticated.

Bevan
+3  A: 

The System.Security.Cryptography has a bunch of symetric (and asymetric) encrytion algorithms ready to use. (For something super secure use aes)

You should be able to find matching Javascript implementation for most (here are a few aes implementations in JS)

Note: If you are planning to use private key based encryption then keep in mind, your web page is going to have the key embedded in it and that means that it all becomes kind of pointless cause anyone with access to the page can do the decryption, at best you would be making the life of the screen scrapers a little bit harder. If making screen scrapers life harder is your goal you could just use an obsfucation algorithm. Any trivial implementation would make very impractical for screen scrapers that do not have a javascript engine:

Eg.

function samObsfucated()
{
    return("s" + "a" + "m" + "@" + "s" + "." + "com");
}

Then onload populate your email fields with the output of these functions.

Javascript encryption has a really good use case for software that stores passwords for users ala clipperz

Sam Saffron
+2  A: 

What about a simple XOR Cipher?

These two implementations are fully compatible:

CMS
A: 

It sounds like you want an obfuscation or encoding, not encryption. Base64 encoding should work well here. The result will look nothing like an email address, and the encoding process is fast.

In C#, you can use:

string emailAddress = "[email protected]";
string encoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(emailAddress));

And you should be able to use this Javascript function to decode it (this is untested):

function Base64Decode(encoded) {
   var output = "";
   var chr1, chr2, chr3;
   var enc1, enc2, enc3, enc4;
   var i = 0;

   do {
      enc1 = keyStr.indexOf(encoded.charAt(i++));
      enc2 = keyStr.indexOf(encoded.charAt(i++));
      enc3 = keyStr.indexOf(encoded.charAt(i++));
      enc4 = keyStr.indexOf(encoded.charAt(i++));

      chr1 = (enc1 << 2) | (enc2 >> 4);
      chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
      chr3 = ((enc3 & 3) << 6) | enc4;

      output = output + String.fromCharCode(chr1);

      if (enc3 != 64) {
         output = output + String.fromCharCode(chr2);
      }
      if (enc4 != 64) {
         output = output + String.fromCharCode(chr3);
      }
   } while (i < encoded.length);

   return output;
}
John Rasch
A: 

lol I'm trying to do exactly the same thing with PHP and JS. I think I'm gonna use the Base64 method that John Rasch has suggested. :D

Jamie Billingham
A: 

I think this is what i need.. But what is the definion of keyStr in the javascript progaram?

systalent