11

I'm developing an ASP.NET MVC application in which I want to encrypt a short string on the server, using C#, and send it to the client-side.

Then on the client-side it will be decrypted through Javascript code.

Any thoughts on how to implement this?

Do you know of a simple encryption algorithm (doesn't have to be bullet-proof secure) that can be easily translated from C# to Javascript or vice-versa?

NOTE: I could do this entirely in C# and do the decryption through Ajax, but I'd prefer not to do it this way, as I want to reduce website traffic as much as possible.

Improve this question

6 Answers 6

Reset to default
10

What about a simple XOR Cipher?

These two implementations are fully compatible:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

10

It sounds like you want an obfuscation or encoding, not encryption. Base64 encoding should work well here. The result will look nothing like an email address, and the encoding process is fast.

In C#, you can use:

string emailAddress = "[email protected]";
string encoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(emailAddress));

And you can use this JavaScript function to decode it:

function Base64Decode(encoded) {
   var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
   var output = "";
   var chr1, chr2, chr3;
   var enc1, enc2, enc3, enc4;
   var i = 0;

   do {
      enc1 = keyStr.indexOf(encoded.charAt(i++));
      enc2 = keyStr.indexOf(encoded.charAt(i++));
      enc3 = keyStr.indexOf(encoded.charAt(i++));
      enc4 = keyStr.indexOf(encoded.charAt(i++));

      chr1 = (enc1 << 2) | (enc2 >> 4);
      chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
      chr3 = ((enc3 & 3) << 6) | enc4;

      output = output + String.fromCharCode(chr1);

      if (enc3 != 64) {
         output = output + String.fromCharCode(chr2);
      }
      if (enc4 != 64) {
         output = output + String.fromCharCode(chr3);
      }
   } while (i < encoded.length);

   return output;
}

The C# application encodes the string [email protected] into YWJjQGV4YW1wbGUuY29t, and the JavaScript version will decode YWJjQGV4YW1wbGUuY29t back into [email protected].

Improve this answer

Comments

6

The System.Security.Cryptography has a bunch of symetric (and asymetric) encrytion algorithms ready to use. (For something super secure use aes)

You should be able to find matching Javascript implementation for most (here are a few aes implementations in JS)

Note: If you are planning to use private key based encryption then keep in mind, your web page is going to have the key embedded in it and that means that it all becomes kind of pointless cause anyone with access to the page can do the decryption, at best you would be making the life of the screen scrapers a little bit harder. If making screen scrapers life harder is your goal you could just use an obsfucation algorithm. Any trivial implementation would make very impractical for screen scrapers that do not have a javascript engine:

Eg. 

function samObsfucated()
{
    return("s" + "a" + "m" + "@" + "s" + "." + "com");
}

Then onload populate your email fields with the output of these functions.

Javascript encryption has a really good use case for software that stores passwords for users ala clipperz

Improve this answer

Comments

2

In terms of the simplest thing that could possibly work, it seems that you want a simple form of obfuscation, rather than anything really secure.

Rot-13 might be enough, provided that you're dealing with an audience with ASCII email addresses. If you need to support Unicode, then you might need something slightly more sophisticated.

Improve this answer

Comments

0

Can you use HTTPS to encrypt all traffic between the client and server? This is probally the most secure method that you will find.

Improve this answer

2 Comments

I'd rather not use HTTPS, since this is just a simple "brochure" site, and all I'm encrypting is email addresses, in order to spam-proof them. I don't want to go through the hassle of setting up HTTPS.
Who are you trying to protect the data from then?
0

Very Simple Functions,

function Encrypt(value) 
{
  var result="";
  for(i=0;i<value.length;i++)
  {
    if(i<value.length-1)
    {
        result+=value.charCodeAt(i)+10;
        result+="-";
    }
    else
    {
        result+=value.charCodeAt(i)+10;
    }
  }
  return result;
}
function Decrypt(value)
{
  var result="";
  var array = value.split("-");

  for(i=0;i<array.length;i++)
  {
    result+=String.fromCharCode(array[i]-10);
  }
  return result;
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.