I want to encrypt some text in URL with a simple java-script algorithm and then decrypt it at code behind of an ASP.NET page using C#.

ROT13 is a good choice but unfortunately I cannot use it due to some confidential details. Anything like that would help but I don't know the famous ones. Security is not a matter at all, just twisting the string in some way and retrieve it later.

I want to encrypt some text in URL with a simple java-script algorithm and then decrypt it at code behind of an ASP.NET page using C#.

ROT13 is a good choice but unfortunately I cannot use it due to some confidential details. Anything like that would help but I don't know the famous ones. Security is not a matter at all, just twisting the string in some way and retrieve it later.

• c#
• javascript
• encryption-symmetric

• double ROT13? sorry, couldn't resist. Encryption with Javascipt is futile, you cant sufficiently hide the encryption algorythm, making it worthless. – Jamiec Commented May 10, 2011 at 12:11
• I don't want encryption. I just want to bypass some IDS/IPS. – Xaqron Commented May 10, 2011 at 12:14
• @Xaqron - are you saying that you'd like our help in breaking into someone's system? – tvanfosson Commented May 10, 2011 at 12:17
• Is your point that you just need some automated process to not be able triggered by something ing over the wire? How about ROT1 then? @Jamiec - not true, encryption security should have no dependence on knowledge of the algorithm. That's just security through obscurity. One-way encryption (hashing) is great for use in things like simple authentication, e.g.. If you need to decrypt then you're talking RSA or the like, but a javascript implementation would be no less secure than any other. But kind of pointless since SSL does the same thing. – Jamie Treworgy Commented May 10, 2011 at 12:21
• I know about all of that you mentioned. Security is not the point here. I need obscurity. It's a kind of miss understanding to device since it is word sensitive and sometimes drop client requests. – Xaqron Commented May 10, 2011 at 12:25

4 Answers 4

Who are you trying to hide it from? The end-user or someone listening on the wire? Given that anyone can use a browser-based debugger and inspect variables at run time, it doesn't really make much sense to rely on encryption to hide the information from the end-user (unless you encrypt it before you send it to the client and don't decrypt it until it's been sent back). If you're trying to hide the information on the wire, using SSL is definitely the way to go.

Javascript and C# both support a number of different "real" encryption algorithms.

check out Javascript DES and 3DES
Question: Triple DES decryption in classic ASP?
example: http://jsbin./oguye3
source: http://cheeso.members.winisp/srcview.aspx?dir=DES

DES has known weaknesses, but that library also supports 3DES, which is stronger.

Also check out Javascript and AES
Getting SlowAES and RijndaelManaged class in .NET to play together

Here's a working demo of AES in the browser:
http://jsbin./itiye5/3

If you are looking for RSA (assymentric encryption) the you can use jsbn http://www-cs-students.stanford.edu/~tjw/jsbn/ javascript library for client side and the standard .Net RSACryptoServiceProvider for server side.

They do cooperate perfectly between each other.

I hope this helps!

Caesar cipher is a quite simple method for encrypting a text. Or you could simply encode the text in BASE64, which also makes it hard to read for humans. BASE64 naturally offers no security at all, but you can use standard libraries for encoding and decoding.