I need a simple javascript function that allows me to encrypt textarea data with a key (The key is the users password stored as a hashed session variable, printed by PHP into a field)
I essentially want the textarea data to be encrypted when the user clicks a button within the form.
EDIT: There obviously appears to be some ambiguity. The person who i don't want intercepting that data is the MITM. Basically, the javascript function serves to encrypt the data before it gets sent. Here's a source mockup
function encrypt()
{
var key = <?php echo $_SESSION[password]; ?>;
encrypts(getElementbyID['content'].value, key)
}
Then on the server side
function decrypt()
{
$key = $_SESSION[password];
decrypts($_POST[data], key);
}
I just need a encrypt + decrypt algorithm Thanks
I need a simple javascript function that allows me to encrypt textarea data with a key (The key is the users password stored as a hashed session variable, printed by PHP into a field)
I essentially want the textarea data to be encrypted when the user clicks a button within the form.
EDIT: There obviously appears to be some ambiguity. The person who i don't want intercepting that data is the MITM. Basically, the javascript function serves to encrypt the data before it gets sent. Here's a source mockup
function encrypt()
{
var key = <?php echo $_SESSION[password]; ?>;
encrypts(getElementbyID['content'].value, key)
}
Then on the server side
function decrypt()
{
$key = $_SESSION[password];
decrypts($_POST[data], key);
}
I just need a encrypt + decrypt algorithm Thanks
Share Improve this question edited Jan 9, 2013 at 13:16 PiTheNumber 23.6k17 gold badges113 silver badges189 bronze badges asked Jan 9, 2013 at 10:19 user1310420user1310420 8- 6 javascript encryption with a key? You may as well hide your doorkey under the mat, but put a sign on the door indicating which mat its under. – Jamiec Commented Jan 9, 2013 at 10:21
- 1 @Jamiec — as opposed to encryption without a key?! – Quentin Commented Jan 9, 2013 at 10:22
- 1 If you need data secrecy use ssl.... – damiankolasa Commented Jan 9, 2013 at 10:23
- 1 What problem are you trying to solve? The client can obviously decrypt everything, and somebody listening in on the traffic can get the key since "The key is [...] printed by PHP into a field". So @fatfredyy is right, you need SSL and not such a broken scheme. – CodesInChaos Commented Jan 9, 2013 at 11:06
- 1 @Quentin Encryption is easy, key-management is hard. – CodesInChaos Commented Jan 9, 2013 at 11:07
2 Answers
Reset to default 5Depending on what you are doing it is probably better to use HTTPS.
If it's not possible to use HTTPS, you would need a asymetic encryption to make this secure. Have a look at jscryptolib. It supports public key cryptography like RSA. You would need to send the public key to the client, encrypt the message and decode it with the private key on the server.
Why would you want to do that?
If you need to protect users' input, use HTTPS as your transport mechanism.
Encryption in script on the browser is quite open to manipulation and interception. Maybe if you used a public key algorithm and only transferred the public key in the hidden field you speak of, you could keep prying eyes from reading contents, but even then it's easy for a third party to modify the contents of your HTTP traffic without detection.
Weak security is no security at all.