Documentation
Javascript
jCryption 2.0 is now able to communicate encrypted with the server.
It uses AES for encryption now, RSA is only used for secure key exchange.
Requirements:
jQuery 1.4.2+ (already tested with jQuery 1.6.1)
Public functions:
| Name | Parameters | Description |
|---|---|---|
| $.jCryption.authenticate | AESEncryptionKey[string], publicKeyURL[string], handshakeURL[string], success(AESEncryptionKey)[function], failure(AESEncryptionKey)[function] | This function … does a few things and is required before encryption can take place. It does following … 1) Client generates a Password … (mousemovement of user used when possible) |
| $.jCryption.decrypt | data[string], key[string] | decrypts “data” with “key” with AES and returns the result |
| $.jCryption.encrypt | data[string], key[string] | encrypts “data” with “key” with AES and returns the result |
| $.jCryption.challenge | challenge[string], key[string] | only used internalydecrypts “challenge” with “key” and checks if the same as “key” for securing the server understood the request |
| $.jCryption.handshake | url[string], key[string], callback(response)[function] | only used internalytells the server the key for communication |
| $.jCryption.getKeys | url[string],callback(keys)[function] | only used internalyThis function makes a request to the server, and retruns the keys in the callback function. |
| $.jCryption.encryptKey | stringToEnrypt[string],keys[keyObject],callback(encrypted) | only used internalyThis function encrypts a string with the RSA public key and returns the encrypted value in the callback function. The keys parameter must be an key object result from the $.jCryption.getKeys function. |
For more information how to use the new functions, see the Bi-Directional example.
Options:
| Name | Default | Description |
|---|---|---|
| submitEvent | “click” | string / jQuery event Event that triggers the submit of the form. “Click” also handles the “Enter button”. |
| submitElement | “false” | jQuery selector The element where the submitEvent should get bound to. By default it try to find the submit element in the form. |
| getKeysURL | “main.php?generateKeypair=true” | string The url where the script should receive the keys. |
| handshakeURL | “main.php?handshake=true” | string The url where the script should receive the challenge/handshake. |
| formFieldSelector | “:” | string jQuery selector which fields should get selected on submit. |
| postVariable | “jCryption” | string The name of the POST/GET variable which the PHP-Script receives. |
| beforeEncryption | function() { return true; } | function() This function is called before the keys will be retrieved from the server (if you w”ant to javascript validate something do it here), return true to continue. |
PHP
Requirements:
PHP 5 (PHP 5.3 with openssl if you generate you RSA keys by yourself) with libbcmath
December 12th, 2011
Hi,
There is a little mistake in the docs, i think in the options description it should be handshakeURL instead of challengeURL
Thanks for the work
December 12th, 2011
Fixed!
Thanks for pointing that out.
November 28th, 2011
Hi,
This plugin looks real nice.
I am testing in a login form, with a input for user and another for password.
The problem I found is that if at the first attempt I type wrong the user or password then in successive tries the plugin posts $_POST["jCryption"] but also the POSTs coming from my user and pass inputs, say $_POST["user"] and $_POST["password"], and the “decrypted” version does not works:
$var = AesCtr::decrypt($_POST['jCryption'], $_SESSION["key"], 256);
parse_str($var, $result);
$result comes empty.
What I am doing wrong?
Ideas?
TIA,
beno
December 12th, 2011
Someone experiencing something like this?
January 18th, 2012
Yes same issue. As I mentioned in the post below this, I had to restart apache to get it working. Also I found the legacy encryption method without using gmp does not work for me. I’m on php 5.3.8 on ubuntu. The php is compiled manually though.
January 19th, 2012
Okay in my case it looks like culprit is invalid bcscale setting. Can anyone else verify this?
November 21st, 2011
I donot inderstand following requirement
PHP
Requirements:
PHP 5 (PHP 5.3 with openssl if you generate you RSA keys by yourself) with libbcmath
Do I need PHP5.3 or I can go with PHP5.2. Can you please elaborate on “PHP 5.3 with openssl if you generate you RSA keys by yourself”.
Regards
November 21st, 2011
If you are using the generates keys file … “100_1024_keys.inc.php” you do not need PHP 5.3 … only if you want to generate your Public/Private Keys by yourself by using … jCryption->generateKeypair(1024); … This function requires Open SSL.
November 21st, 2011
Thanks Daniel, I have not used your excellent piece of work so far, but will use it soon.
November 22nd, 2011
Hi Daniel, I have another. Your examples works straight out-of-box and I just left the browser ideal for sometime (probably 10-15min) and then server sent NULL decrypted string. Is it usual?
January 18th, 2012
This is exactly what happen to me as well, I’m currently debugging to see what could be the issue. It seems restarting apache does help.
Not sure of the solution yet, but if someone know this, please share with us. Thanks.
November 9th, 2011
a little bug report:
in jquery.jcryption.js file, there is a line:
>>var $submitElement = base.options.submitElement;<>var $submitElement = $(base.options.submitElement);<<
November 9th, 2011
oops, i mean
in jquery.jcryption.js file, there is a line:
var $submitElement = base.options.submitElement;
should it be like this?
var $submitElement = $(base.options.submitElement);
November 10th, 2011
I adjusted the documentation … jCryptions expects a jQuery element here.
October 9th, 2011
Your documentation is cut off in the description section in Fedora 15/Firefox 7. unreadable
September 24th, 2011
I see in the old documentation that in previous versions you could exclude form element types (textarea, select, etc.) from the encryption process, but the current version does not have that capability. I’m trying to use this script on a form that includes a textarea with several paragraphs of text. The sheer volume of text seems to be choking the process and causing it to timeout on the server. I don’t need the textarea data encrypted. Is there any way to exclude this textarea when encrypting?
September 26th, 2011
Nevermind. I went ahead and tweaked the code for my own use, and it works great. Very handy plugin, BTW. Thanks for sharing it.
September 6th, 2011
Is there any way to speed up the processing in the PHP function bcpowmod()? The biggest bottleneck in jCryption is that one function.
September 24th, 2011
If it’s possible use the PHP 5.3 version … it’s much faster than the PHP 4.
July 15th, 2011
Good library, but I cannot see any good reason to use callback to get the encrypted text and public keys.
June 23rd, 2011
Can I use this library without using the provided the php files? I want to send the data in encrypted form to a servlet running in tomcat. I also need to store the encrypted data in the mysql server. Please guide.
April 25th, 2011
Hi,
I have tried the PHP version and I am able to get encrypted my form data and I am able to submit the form.
But my current requirement is with Java (Spring and Hibernate), I found some information here,
http://www.michalfranc.com/articles/jcryption.html.
But some how I am failed to use this, as I am not able to submit the form to a spring controller.
Please suggest if any any body tried and its working.
Thanks in advance,
April 20th, 2011
Hello! (translated by google)
I need a function, e.g. afterEncryption who like success: work at $ ajax.. If I want to encrypt a form reloadet my page. I say at beforeEncryption “return false” then the function does nothing at all.
LG Terra
May 13th, 2011
the problem solved like this :
delete at line 37 is $(this).attr(“disabled”,true);
and always return true after return false ex => if(){return false;} return true;
May 13th, 2011
if(base.options.beforeEncryption()) {
$(this).attr(“disabled”,true);
}else{
$(this).attr(“disabled”,false);
}
March 11th, 2011
I’m trying to understand the workings of this. I am able to get the example version up on my local server. I guess I’m incorrect in thinking it’s as simple as hosting the index file on my local server (with jscripts) and the php file on the remote server (with the jcrytion.php) and make sure all the file paths are correct, because I get nada with the decrypted array output (using example 1) the encrypted bit comes through….but the array is never decrytped. what am I missing in understanding how this works….
October 22nd, 2010
Is the java version available???
August 3rd, 2010
How do i get the public key string from $.jCryption.getKeys return object?
August 31st, 2010
Right now there is none … because the hexstring gets converted in an object for the encryption. But I consider integrating that in the next version.
November 25th, 2009
have you any example for asp.net mvc?
August 31st, 2010
Sorry … not yet.
November 18th, 2009
I’m having problems. I know it encrypts, but it never moves off of the current page, like it doesn’t submit. This code is in a page that is in a subfolder, thus, the getKeysURL option. I have put the action of the form relative to the current directory. I have no idea why this is not working, because it works every other time I use this.
var field = null;
function setField(formField)
{
if( field == null )
field = formField;
}
// this submits the form via the encryption javascript
$(document).ready(function()
{
$(“#cPass”).jCryption({
getKeysURL:”../getKey.php”,
beforeEncryption:function()
{
// Various input checking tests that I know work
// If bad, return false, else return true;
}
}
)
$(“input”).removeAttr(“disabled”);
});
November 19th, 2009
I figured it out! My submit button () had the name “submit” (name=”submit”), and that caused it to not submit. When I changed the name or deleted it, it worked fine as before. YEAH!!!!!
October 22nd, 2009
Do you know why some times process of generating keypairs takes so many time and never ends up. (Some times it work great). And place next in apache error.log:
bc math warning: non-zero scale in modulus
bc math warning: non-zero scale in base
bc math warning: non-zero scale in exponent
Apache 2.2.4 / PHP 5.2.11
August 30th, 2010
same error for me in intranet production environment from 24 agost 2010.
login using jCryption was ok and in use from april 2010 since 24 agost.
Did you find why ?
Gianni
August 31st, 2010
The problem is the prime generation … it’s random and sometimes the algorithm gets some good numbers fast, sometimes it doesn’t.
In future I wanted to save some prime numbers in advanced and then pick one so the generation is not needed.
November 9th, 2010
First of all, many thanks for your nice pluggin.
The only problem I’ve got is that the Keypair generation fails with the same error in apache log “bc math warning: non-zero scale in modulus”.
This error is fired regularly which is quite embarassing on a production server.
Do you think you will provide a solution for that in the future?
Thanks
October 6th, 2009
Hey man, in your sample code above on line 19, the echo at the bottom of the if-block, you’ve got 2 parenthesis closing that, you actually only need one.
October 6th, 2009
closing that intval()***
September 29th, 2009
Has anyone tried this with Perl? Anyone knows what the ‘n’ (modulo) param is that you return with the public key? Also, what’s the point of returning “maxdigits” (instead of $keyLength, say)?
September 30th, 2009
n = modulo yes …
The maxdigits variable was used by Dave Shapiro and there was no reason to change the mechanism oder variables so I kept it.
maxdigits = keyLength*2/16+3
October 2nd, 2009
Sorry, I’m new to this RSA stuff, so it took me a while to figure out the terminology and what the params meant. I really like this library, but I couldn’t get it working with perl’s Crypt::OpenSSL::RSA or Crypt::RSA, so I ended up using a different javascript library, which worked. I suspect the problem was with padding. What kind of padding does Dave Shapiro’s library use? If you have any other thoughts that might point me to a solution, let me know. Thanks.
Incidentally, this is the javascript RSA library I ended up using, which does the PKCS1 padding that’s compatible with the perl modules I was trying to use.
http://www-cs-students.stanford.edu/~tjw/jsbn/
September 11th, 2009
Uh, I was in desperate need of this and infact planning to build one myself. Thanks to you that you saved me a lot of time.
Cheers…
Keep up the good work.
September 8th, 2009
what about decrypt in javascript?
This would be usefull for example for comunicating via ajax and getting the response encrypted. In JS you could decrypt and process the response.
September 15th, 2009
I have the same requirement. Just to clarify, jCryption is currently just one-way traffic encryption, correct?
September 15th, 2009
I am currently looking for the best method to provide a bidirectional communication. I think the best way would be changing a symmetric key via RSA and encrypt/decrypt the rest with the symmetric algorithm like AES for example. If someone has a better idea, please let me know.
October 23rd, 2009
I too am interested in bidirectional encrypted messaging portal. Existing services of “encrypted” email store text messages and attachments on a portal, but do not support HTML forms or organized responses that can be easily incorporated into a database. Current services like Tumbleweed from Axway email a form that includes security tokens to access a message via https. PGP requires installing a client and creating personal keys, too much work for many casual business clients. jQuery/jcryption could install a simple encryption/decryption client in a browser window. Ultimately, content could be stored on a web server that would be unreadable to hackers that don’t have a private key that would be emailed to the client. Any recipient of the email could access the content, but that doesn’t seem to stop these encrypted email services from touting HIPAA compliance.
August 22nd, 2009
CORRECTION:
My code did not display write:
_____________________________________
$(document).ready(function() {
$(“#loginLiteForm”).jCryption({getVariable:”encryption”, getKeysURL:”gen_keys.php”});
var count = 0;
for (i=0; i -1) {
count++;
}
}
if (count > 0) {
for (i=1; i<=count; i++) {
$("#encrypt"+i+"").jCryption({getVariable:"encryption", getKeysURL:"gen_keys.php"});
}
}
});
August 23rd, 2009
You don’t have to change any Javascript. Just change the method of the From to method=”get” .. thats all.
August 22nd, 2009
How do encrypt GET data?
Here is my jQuery setup script. Can you modify this so it will encrypt GET data?
***********************
$(document).ready(function() {
$(“#loginLiteForm”).jCryption({postVariable:”encryption”, getKeysURL:”gen_keys.php”});
var count = 0;
for (i=0; i -1) {
count++;
}
}
if (count > 0) {
for (i=1; i<=count; i++) {
$("#encrypt"+i+"").jCryption({postVariable:"encryption", getKeysURL:"gen_keys.php"});
}
}
});
August 17th, 2009
Will there be an asp.net version??
August 18th, 2009
The first priority for me is making jCryption faster and more secure, other versions will follow when everything else is done.
Although i can’t say if there will be a asp.net version because my asp skills are very limited.
August 11th, 2009
Are you planning to provide Java Version ??
August 11th, 2009
Yes there are plans on releasing alternatives to PHP.
A user posted here that he is developing a java version, as soon as he is finished and I tested it, it will be included in a future release of jCryption.
August 24th, 2009
I have been working on Cryptography from last few years, Though there are numerous algorithms are provided with Java, I would request you to re-evaluate before and provide a very flexible API similar to the one you provided for PHP. Also, I would like to participate in development of Java version.