0

I'm developping a web app and I need encrypt strings in javascript to compare with strings from the server (.net C#) that are encrypted.

I need to do this by this way, to comprar the encrypted strings in the client with javascript.

How can I encrypt the string in client and server by the same way and get the same encripted string?

Improve this question
2
  • 4
    Encryption is not idempotent. You may want a hash. Commented Jun 21, 2012 at 13:46
  • Hashing isn't idempotent :-/ Commented Nov 30, 2012 at 12:51

2 Answers 2

Reset to default
1

First thing, since the client-side Javascript needs access to the encryption functionality but not, presumably, the decryption functionality (otherwise why encrypt?) you need to use an asymmetric encryption algorithm. Something like RSA. Alternatively, you could use a cryptographic hash, which is a one-way function. Might help if you gave us some context on what you are trying to achieve, but from the description so far, I suggest you look for implementations of a hash algorithm like one of the SHA-2 family in JavaScript - the System.Cryptography namespace in C# has these already.

If you're implementing some sort of security client-side, beware. If you are, for example, trying to compare a password hash with what's on the server, and you make the comparison on the client side, a malicious user could simply attach a debugger and bypass your logic....

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hi David M. Thenk you for answer.
Hi David M. Thenk you for answer. Your Last sentence is exactly what i'm trying to do and i'm aware about the riscs, but my customers want this implementation and they are aware about the riscs too. I'll cache the encripted password for a time to user be able to perform same functionalities offline. Whem the sistems get into online mode, the operations will be validate with server. But i need alert the user if he missis the password. Do you have same link or example code? Thank you.
I think that an asymmetric encryption algorithm is the bast implementation for my problem.
I disagree. If what you're passing from the server to the client is a password, then to pass it encrypted in a potentially reversible way, even if asymmetric, is far less desirable than passing a hash of that password. I might add: why are you even storing the passwords? You should be salting and hashing them on the server side as well.
Thank you so much. I solved my problem using SHA2. To C# i used clsCrypto To JavaScript i used jsSHA2
0

I would use Ajax and use RSA encrpytion from the serverside, that way you use the same code for both.

However if you want genuine javascript RSA encrpytion you can use this library:
Cryptico.js


And for the server side C# code you can check out this site:
C# RSA Example

Improve this answer

1 Comment

Thank you so much. I solved my problem using SHA2. To C# i used clsCrypto To JavaScript i used jsSHA2

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.