Examples
In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form.
No long talking, take a look at some Examples.
Please look in the FAQ or Documentation section for more detailed information.
Simple demo »
This is the standard setup.
Like in older versions it’s still posible with one simple call to encrypt your form.
Just call jCryption on your form.
$("#normal").jCryption();
Feedback demo »
To give your user some kind of feedback that the encryption is still in progress you can show a loader.
var $status = $('<div id="status" style="margin-top:15px;"><img src="loading.gif" alt="Loading..." title="Loading..." style="margin-right:15px;" /><span>Encrypting</span></div>').hide(); $("#submitButton").parent().append($status); $("#callbackForm").jCryption({ beforeEncryption:function() { $status.show(); return true; } });
Bi-Directional communication »
With jCryption 2.0 you can communicate encrypted with the server, you are no longer bound to just encrypting forms.
This example is a litte more complicated than the other,
but if you want to use jCryption for bidirectional communication just look at the source code … you will understand it with ease.
Just a short explaination what is going on …
1) Client chooses a Password … (in the example a weak one, you should use a good random number in production e.g. mousemovement coordinates)
2) Client requests RSA Public key from Server
3) Client encrypts Password with RSA Public key
4) Server decrypts Password and stores it in the session
5) Server Encrypts the Password with AES and sends it back to the Client
6) Client decrypts it with AES with the Password
7) Both have now the same “secret” key which is used for communication
Here is a litte example how it works.
var $loader = $('<img src="loading.gif" alt="Loading..." title="Loading..." style="margin-right:15px;" />'); $(function() { var hashObj = new jsSHA("mySuperPassword", "ASCII"); var password = hashObj.getHash("SHA-512", "HEX"); $.jCryption.authenticate(password, "encrypt.php?generateKeypair=true", "encrypt.php?handshake=true", function(AESKey) { $("#text,#encrypt,#decrypt,#serverChallenge").attr("disabled",false); $("#status").html('<span style="font-size: 16px;">Let\'s Rock!</span>'); }, function() { // Authentication failed }); $("#encrypt").click(function() { var encryptedString = $.jCryption.encrypt($("#text").val(), password); $("#log").prepend("\n").prepend("----------"); $("#log").prepend("\n").prepend("String: " + $("#text").val()); $("#log").prepend("\n").prepend("Encrypted: " + encryptedString); $.ajax({ url: "encrypt.php", dataType: "json", type: "POST", data: { jCryption: encryptedString }, success: function(response) { $("#log").prepend("\n").prepend("Server decrypted: " + response.data); } }); }); $("#serverChallenge").click(function() { $.ajax({ url: "encrypt.php?decrypttest=true", dataType: "json", type: "POST", success: function(response) { $("#log").prepend("\n").prepend("----------"); $("#log").prepend("\n").prepend("Server original: " + response.unencrypted); $("#log").prepend("\n").prepend("Server sent: " + response.encrypted); var decryptedString = $.jCryption.decrypt(response.encrypted, password); $("#log").prepend("\n").prepend("Decrypted: " + decryptedString); } }); }); $("#decrypt").click(function() { var decryptedString = $.jCryption.decrypt($("#text").val(), password); $("#log").prepend("\n").prepend("----------"); $("#log").prepend("\n").prepend("Decrypted: " + decryptedString); }); });
HTML 5 Session Storage »
Frederik Lassen added an excellent example of how to use the “new” HTML5 Session Storage so the script is not required to request the key everytime from the server instead the “key” is stored in the session.
If you want to see the old examples here is the link.
May 12th, 2012
Great work! But “man in the middle” attack still can break encryption. Proxy script on some middle server can bypass security. In case you even can’t detect if the certificate signed with wrong certificate. SSL gives “green label” in browser bar (also containing domain name from certificate).
Am I right? Are there any ways to check AES key or determine harmful proxy?
May 13th, 2012
Hi
Nope … there is no way except SSL to prevent the “man in the middle” attack.
It just isn’t technology possible without an secure channel which only SSL can supply.
May 12th, 2012
sir, pls send me the code for login uesrname and password using RSA algorithm in client side and tomcat server..
March 8th, 2012
i want more codes in encrypting and decrypting data with the textbox and the button.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
March 8th, 2012
i need codes in encrypting the data.
March 9th, 2012
want ? need ? please ? thanks ?
March 5th, 2012
I want to check the form validation before encrypt it!
Any suggestion.
February 22nd, 2012
In bi directional communication when we send request by using $.jCryption.authenticate(),initially it works fine,but after some time it executes the authentication failed function.Why this happens? can anyone tell.
Thanks in advance.
February 18th, 2012
As I wasn’t able to find a Java implementation available on the web, I implemented my own version (which I called JavaCryption). It is available here: http://jcryptionforjava.wordpress.com/, including a fully working example. I hope it can be useful. Thanks.
February 25th, 2012
Thanks Gabriel.
Could you please include full source code though?
February 26th, 2012
Hi, the full source code is available on sourceforge. Indeed, I tried to use latin chars (ISO-8859-1) in the beginning, but jCryption only works with UTF-8, so I had to change the encoding. Maybe you could modify the plug-in lines 1045 and 1121 (it’s where the encoding is applied). One question: UTF-8 does not support cyrillic chars?
February 28th, 2012
“UTF-8 (UCS Transformation Format — 8-bit[1]) is a variable-width encoding that can represent every character in the Unicode character set.”
http://en.wikipedia.org/wiki/UTF-8
February 28th, 2012
“Дмитрий” == “Dmitriy”
The code I downloaded from Sourceforge has only servlet as source: CryptoServlet.java
Yes, I can decompile easily, but I want to reduce the hassle to other gumbys
.
February 28th, 2012
It’s because you downloaded the example, it contains only the binaries. You can download the source here: http://sourceforge.net/projects/javacryption/files/javacryption-1.0/.
February 26th, 2012
Gabriel, your code does not work quite well with Cyrillic chars: cp1251.
I entered “жас” and “a” did not get decrypted correctly.
Also, Base64 does not work with 16-bit chars in jCryption. Same goes for Apache commons version in java.
February 18th, 2012
Great plugin, thanks for the work on this. I’ve got it setup in a jquery mobile/backbone/requirejs/AMD app and split up the plugin file to 2 files – the plugin, and all the support libraries. At some point I’ll likely refactor the latter as it introduces many globals…will send a push request if/when I get that done.
February 17th, 2012
Hi! There’s a problem using $.getJSON in IE, it caches the ajax queries (http://www.factory-h.com/blog/?p=67). If the parameters of the call to generateKeypair don’t change, IE assumes the response will be the same, and jcryption won’t work.
February 16th, 2012
hi o like this html 5 session storage but can u give eg…
February 10th, 2012
I am wondering if this could be used for the following purpose; I have had an auto complete tool made which caches data from tables in my server on the client side in order to achieve speed/performance. However it also exposes my tables in their entireity which I don’t want to do. Could this be used to store the data encrypted on the client machine and then the AC decrypts when populating? This way the user does not have my table in a readable format.
February 18th, 2012
It depends on the structure of your table objects. Once the password is established in the session, it’s a simple matter to encrypt/decrypt – but it works on strings, not objects. You could set up a getter for your table object that called $.jCryption.decrypt(encryptedValue, sessionStorage.password). It’s fast, I think it would work well.