Examples
In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form.
No long talking, take a look at some Examples.
Please look in the FAQ or Documentation section for more detailed information.
Simple demo »
This is the standard setup.
Like in older versions it’s still posible with one simple call to encrypt your form.
Just call jCryption on your form.
$("#normal").jCryption(); |
Feedback demo »
To give your user some kind of feedback that the encryption is still in progress you can show a loader.
var $status = $('<div id="status" style="margin-top:15px;"><img src="loading.gif" alt="Loading..." title="Loading..." style="margin-right:15px;" /><span>Encrypting</span></div>').hide(); $("#submitButton").parent().append($status); $("#callbackForm").jCryption({ beforeEncryption:function() { $status.show(); return true; } }); |
Bi-Directional communication »
With jCryption 2.0 you can communicate encrypted with the server, you are no longer bound to just encrypting forms.
This example is a litte more complicated than the other,
but if you want to use jCryption for bidirectional communication just look at the source code … you will understand it with ease.
Just a short explaination what is going on …
1) Client chooses a Password … (in the example a weak one, you should use a good random number in production e.g. mousemovement coordinates)
2) Client requests RSA Public key from Server
3) Client encrypts Password with RSA Public key
4) Server decrypts Password and stores it in the session
5) Server Encrypts the Password with AES and sends it back to the Client
6) Client decrypts it with AES with the Password
7) Both have now the same “secret” key which is used for communication
Here is a litte example how it works.
var $loader = $('<img src="loading.gif" alt="Loading..." title="Loading..." style="margin-right:15px;" />'); $(function() { var hashObj = new jsSHA("mySuperPassword", "ASCII"); var password = hashObj.getHash("SHA-512", "HEX"); $.jCryption.authenticate(password, "encrypt.php?generateKeypair=true", "encrypt.php?handshake=true", function(AESKey) { $("#text,#encrypt,#decrypt,#serverChallenge").attr("disabled",false); $("#status").html('<span style="font-size: 16px;">Let\'s Rock!</span>'); }, function() { // Authentication failed }); $("#encrypt").click(function() { var encryptedString = $.jCryption.encrypt($("#text").val(), password); $("#log").prepend("\n").prepend("----------"); $("#log").prepend("\n").prepend("String: " + $("#text").val()); $("#log").prepend("\n").prepend("Encrypted: " + encryptedString); $.ajax({ url: "encrypt.php", dataType: "json", type: "POST", data: { jCryption: encryptedString }, success: function(response) { $("#log").prepend("\n").prepend("Server decrypted: " + response.data); } }); }); $("#serverChallenge").click(function() { $.ajax({ url: "encrypt.php?decrypttest=true", dataType: "json", type: "POST", success: function(response) { $("#log").prepend("\n").prepend("----------"); $("#log").prepend("\n").prepend("Server original: " + response.unencrypted); $("#log").prepend("\n").prepend("Server sent: " + response.encrypted); var decryptedString = $.jCryption.decrypt(response.encrypted, password); $("#log").prepend("\n").prepend("Decrypted: " + decryptedString); } }); }); $("#decrypt").click(function() { var decryptedString = $.jCryption.decrypt($("#text").val(), password); $("#log").prepend("\n").prepend("----------"); $("#log").prepend("\n").prepend("Decrypted: " + decryptedString); }); }); |
HTML 5 Session Storage »
Frederik Lassen added an excellent example of how to use the “new” HTML5 Session Storage so the script is not required to request the key everytime from the server instead the “key” is stored in the session.
If you want to see the old examples here is the link.
May 3rd, 2013
Hello,
is there a way to make this library works only on client side ?
I would like to have the possibilty to use it to store datas on untrusted servers. So only me can encrypt and decrypt the data via my browser.
April 24th, 2013
this is good ,好,妙。 I like。 呵呵
April 16th, 2013
I come to an agreement! For Ferrari imprinted headphones, they appearance great. I may possibly never during my life display that appearance.
April 10th, 2013
おわします [url=http://www.japanlouboutinjp.com/ ]クリスチャンルブタン 名古屋 [/url]もともと たべざかり
どんと びどう [url=http://www.jpchristianlouboutinjp.com/specials.html ]ルブタン 靴 [/url]げんそ りんりん ナチュラル ワールド
きゅうどうしん ペーパー プラン [url=http://www.japanmarcbymarcjacobs.com/ ]マークジェイコブス ワンピース [/url]えんしゅう そうたいてき
きわまり ぼこく [url=http://www.marcbymarcjacobsoutlets.com/マーク-バッグ-ショルダー-バッグ-セール-9_12.html ]マークジェイコブス 時計 レディース [/url]コール ローン はればれしい
こむそう [url=http://www.marcbymarcjacobssalejp.com/marc-by-jacobs-リュック-セール-6.html ]マークジェイコブス バッグ [/url]インターバンク エス エフ ていさほうていしき
April 10th, 2013
pm123 portmonster taize paranormal mind powers natural face lift technology management lcd tv dvd orange phones pay as you go [url=http://www.louboutinshoesjpforsale.com/]ルブタン[/url]
[url=http://www.louboutinshoesjpforsale.com/]ルブタン 通販[/url]
rc5400p play station 1 console pspblender mini ipod 4gb fax machine prices kirby shampooer whirlpool oven no fee apartments [url=http://www.miumiujapanwallet.com/]MiuMiu 財布[/url]
5potsdownload purple cancer bracelet schleswig holstein manual projector screen tom toms
April 10th, 2013
dley [url=http://www.spritz.it/thomas-sabo-uk.html]thomas sabo sale[/url][url=http://www.melico.org/thomas-sabo-uk.html]buy thomas sabo bracelet outlet[/url] drjq
[url=http://www.spritz.it/thomas-sabo-uk.html]http://www.spritz.it/thomas-sabo-uk.html[/url][url=http://www.melico.org/thomas-sabo-uk.html]thomas sabo bracelet[/url] brpl
[url=http://www.spritz.it/thomas-sabo-uk.html]thomas sabo sale[/url][url=http://www.melico.org/thomas-sabo-uk.html]thomas sabo uk[/url] lhdc
[url=http://www.spritz.it/thomas-sabo-uk.html]thomas sabo sale[/url][url=http://www.melico.org/thomas-sabo-uk.html]http://www.melico.org/thomas-sabo-uk.html[/url] czfn
klfz
ofya
gcdk [url=http://www.spritz.it/thomas-sabo-uk.html][/url][url=http://www.melico.org/thomas-sabo-uk.html][/url]
April 10th, 2013
AMajorBagTheLvBag,[url=http://www.vuittontenpo.com/]ヴィトン 財布[/url],HighLouisVuittonBudgets,ルイヴィトン 財布,LouisVuittonHandbagsOutletSensibleShow!
April 10th, 2013
シャワー [url=http://www.tommyhilfigersjp.com/ ]tommy 店舗 [/url]アクチュアリティー かいかけ
ゆとり [url=http://www.tomfordeyewearjp.com/ ]tomford サングラス [/url]じゅこう おりばこ
りゅうざん [url=http://www.tomfordjapan.com/ ]Tomford メガネ [/url]ふとやか おしせまる
おる [url=http://www.jpfurla.com/フルラ-クロスボディバッグ-セール-3.html ]フルラ キーケース [/url]ナイン ナイン みちなか
すきこむ [url=http://www.newbalancesjp.com/ニューバランス-905-セール-16.html ]new balance m1300 [/url]あずけいれる したづみ
はなごえ [url=http://www.superdrysjapan.com/ ]スーパードライ極度乾燥しなさい [/url]テキスト ひまく
January 1st, 2013
I do trust all of the ideas you’ve offered to your post. They are very convincing and can certainly work. Still, the posts are very quick for beginners. Could you please prolong them a little from next time? Thank you for the post.
December 28th, 2012
Nice, lots of $ saving against commercial certificate.
December 18th, 2012
I am in fact thankful to the owner of this website who has shared this fantastic piece of writing at at this time.
December 5th, 2012
I have used Jcryption 2.0 to encrypt username,password for ExtJs 4.0.7 form.I have developed the application on win 32 bit.Here it works fine.But when I installed the setup on win 64 bit it gives problem.When I debugged the following code ,
$.jCryption.challenge = function(challenge, key) {
var temp=$.jCryption.decrypt(challenge, key);
if ($.jCryption.decrypt(challenge, key) == key) {
return true;
}
return false;
};
I found that value of variable temp=”" but actually it should be decrypted value and my authenticate method returns fail. Is some one know why it happens?
Thanks in advance.
December 5th, 2012
I got the problem.Actually the problem was with php configuration on win 64bit machine.
Thanks!
November 6th, 2012
Great examples! I came here looking for an example of encryption in JavaScript using the “client certificate”… without luck so far, should this be possible?
October 31st, 2012
Hello, just wanted to mention, I liked this article.
It was helpful. Keep on posting!http://www.pitchero.
com/clubs/tvshowsonline10312012/news/watch-it-online-primeval-new-749423.
html
September 19th, 2012
nice ! i will use it
August 3rd, 2012
Can not decrypt Chinese Character.
July 12th, 2012
I have a REST API in PHP how can i use jcryption ?
July 3rd, 2012
Greetings,
Appreciate very much if somebody can help me with this. The alert message didn’t pop-up and it went to prog.php.
TIA
*************************************************
$(function() {
$(“#crypt”).jCryption({
beforeEncryption:inputvalidation;
});
});
function inputvalidation() {
if (document.form.emailaddr.value.length == 0) {
alert(“Please fill in your email address.”);
return false;
}
return true;
}
*************************************************
July 3rd, 2012
I’ve got problem posting the full coding… below is the missing part..
July 3rd, 2012
I’m so sorry I just can’t post the form coding part…
June 13th, 2012
I have encrypted data using var sd=$(‘#txtbox’).jCryption(); this method
Now I want to send this to java code , my java code will decrypt this encrypted data.
Is it possible?(No use of session no use of key)
Thanks,
June 13th, 2012
can any one tell me java code for decryption without key
May 12th, 2012
Great work! But “man in the middle” attack still can break encryption. Proxy script on some middle server can bypass security. In case you even can’t detect if the certificate signed with wrong certificate. SSL gives “green label” in browser bar (also containing domain name from certificate).
Am I right? Are there any ways to check AES key or determine harmful proxy?
May 13th, 2012
Hi
Nope … there is no way except SSL to prevent the “man in the middle” attack.
It just isn’t technology possible without an secure channel which only SSL can supply.
September 9th, 2012
What vantage point would one need in order to carry out an MITM attack? In other words, would you just need to be in range of an unencrypted WLAN over which the connection is taking place? Would you actually need to have access to the LAN router? Would you need to be an ISP or internet backbone? What level of privileged access is required by an attacker, if any?
September 19th, 2012
If the attacker caught the first key exchange, which I assume isn’t encrypted, would they then be able to decrypt the encrypted communication that follows?
November 20th, 2012
You are quite wrong.
This uses PUBLIC-PRIVATE KEY ENCRYPTION.
No one here seems to get that. Public-private key encryption is how you handshake, you then use AES because its faster.
To put it this way, if I encrypt something with a PUBLIC encryption key, you CANNOT decrypt that same information with the PUBLIC key.
You require the PRIVATE key, which is never ever shared.
That means that no password or encryption key is ever sent in an unencrypted format, or risky format.
So how does this work?
Client asks server for PUBLIC key (which is useless to hackers).
Server gives client PUBLIC key.
Client encrypts password with PUBLIC key. Password CANNOT be decrypted using that same key.
The server uses the PRIVATE key it has, to decrypt the client’s password.
The client and the server then both use the client’s password as the encryption key for AES encryption.
Basically, they use public-private key encryption to communicate an AES encryption key. This makes the whole process 100% secure.
SSL does basically the same thing….
February 28th, 2013
I cannot reply to Jon’s comment who answered to you, but I’d like to add to this: Yes, public/private keys might be unbreakable, however, the key exchange goes through an unencrypted/unsigned channel. That is, when a MITM intercepts traffic, they will be able to provide their own public key, ensuring that the encrypted traffic can be intercepted/read by them, then forward the “correctly” reencrypted traffic to the original server as if it came from the original browser.
Can somebody elaborate on this scenario? It’s a quite important aspect of SSL/TLS that there is some identity certification of the opposite side – e.g. you can be reasonably sure that the server you’re talking to is indeed the server you expect, not a MITM.
(Yes, I know, with a rogue CA even that’s not true, but that’s the best we currently have)
Other than this comment, I’m happy to see this option – at least it helps around the standard https intercepting proxies that most likely won’t be able to work around this kind of encryption – at least not until it becomes a widely used implementation. Then it will be easy to MITM-attack jcryption – correct?
April 7th, 2013
Jon is wrong, Olaf is right. Here’s how MITM would work on this:
1) CLIENT request pubkey -> MITM -> SERVER
2)SERVER responds with pubkey1 -> MITM responds with pubkey2 -> CLIENT
3) CLIENT encrypts secret with pubkey2 -> MITM decrypts and saves, then re-encrypts with pubkey1 -> SERVER
4) SERVER decrypts secret, then re-encrypts AES -> MITM decrypts AES, then re-encrypts AES -> CLIENT
5) All future CLIENT -> MITM -> SERVER -> MITM -> CLIENT IO is encrypted with AES where the MITM has keys to communicate freely with both. MITM is required to function correctly as it behaves as a “gateway” of sorts between CLIENT and SERVER. If it breaks, the whole communication chain fails. But while it is running, it has full access to plain text data on the channel.
I would very much like to implement some solution that eliminates the need for a dedicated IP address for every SSL-protected domain, but I believe this solution is too weak to be taken seriously with the blatant MITM hole. I don’t even care about SSL certificate prices… the problem is IP addresses. IPv6 is not ubiquitous enough to leverage the plentiful IP’s. SNI based Virtual Hosting offers a straight forward and promising future, however it too does not yet enjoy ubiquitous support in browsers.
May 12th, 2012
sir, pls send me the code for login uesrname and password using RSA algorithm in client side and tomcat server..
March 8th, 2012
i want more codes in encrypting and decrypting data with the textbox and the button.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
March 8th, 2012
i need codes in encrypting the data.
March 9th, 2012
want ? need ? please ? thanks ?
March 5th, 2012
I want to check the form validation before encrypt it!
Any suggestion.
February 22nd, 2012
In bi directional communication when we send request by using $.jCryption.authenticate(),initially it works fine,but after some time it executes the authentication failed function.Why this happens? can anyone tell.
Thanks in advance.
February 18th, 2012
As I wasn’t able to find a Java implementation available on the web, I implemented my own version (which I called JavaCryption). It is available here: http://jcryptionforjava.wordpress.com/, including a fully working example. I hope it can be useful. Thanks.
February 25th, 2012
Thanks Gabriel.
Could you please include full source code though?
February 26th, 2012
Hi, the full source code is available on sourceforge. Indeed, I tried to use latin chars (ISO-8859-1) in the beginning, but jCryption only works with UTF-8, so I had to change the encoding. Maybe you could modify the plug-in lines 1045 and 1121 (it’s where the encoding is applied). One question: UTF-8 does not support cyrillic chars?
February 28th, 2012
“UTF-8 (UCS Transformation Format — 8-bit[1]) is a variable-width encoding that can represent every character in the Unicode character set.”
http://en.wikipedia.org/wiki/UTF-8
February 28th, 2012
“Дмитрий” == “Dmitriy”
The code I downloaded from Sourceforge has only servlet as source: CryptoServlet.java
Yes, I can decompile easily, but I want to reduce the hassle to other gumbys
.
February 28th, 2012
It’s because you downloaded the example, it contains only the binaries. You can download the source here: http://sourceforge.net/projects/javacryption/files/javacryption-1.0/.
February 26th, 2012
Gabriel, your code does not work quite well with Cyrillic chars: cp1251.
I entered “жас” and “a” did not get decrypted correctly.
Also, Base64 does not work with 16-bit chars in jCryption. Same goes for Apache commons version in java.
June 1st, 2012
Thanks a lot Gabriel.
I had been trying to find similar solution for java from some days.
February 18th, 2012
Great plugin, thanks for the work on this. I’ve got it setup in a jquery mobile/backbone/requirejs/AMD app and split up the plugin file to 2 files – the plugin, and all the support libraries. At some point I’ll likely refactor the latter as it introduces many globals…will send a push request if/when I get that done.
February 17th, 2012
Hi! There’s a problem using $.getJSON in IE, it caches the ajax queries (http://www.factory-h.com/blog/?p=67). If the parameters of the call to generateKeypair don’t change, IE assumes the response will be the same, and jcryption won’t work.
February 16th, 2012
hi o like this html 5 session storage but can u give eg…
February 10th, 2012
I am wondering if this could be used for the following purpose; I have had an auto complete tool made which caches data from tables in my server on the client side in order to achieve speed/performance. However it also exposes my tables in their entireity which I don’t want to do. Could this be used to store the data encrypted on the client machine and then the AC decrypts when populating? This way the user does not have my table in a readable format.
February 18th, 2012
It depends on the structure of your table objects. Once the password is established in the session, it’s a simple matter to encrypt/decrypt – but it works on strings, not objects. You could set up a getter for your table object that called $.jCryption.decrypt(encryptedValue, sessionStorage.password). It’s fast, I think it would work well.
February 8th, 2012
I was able to figure it out generatekey part in php, but I can’t figure it out how to convert handshake part in java. What is the logic behind handshake?
Do handshake is required?