How does jCryption work?
jCryption exchanges a generated “password” encrypted with RSA with the server. This “password” is used for all encryption and decryption.
Why do you generate the keypair on every request?
Simple answer … security. The public key is sent to the client, the private key is saved in the session. So each keypair is only one time valid and only for the user which has the right server session. If one of these parameters is not fulfilled, the encrypted string will be empty.
And because of the fact, that every keypair is only one time valid, there can’t be any plain/cyphertext/cycling attacks to the dedicated server.
In version 2.0 AES is used for from data encryption which is much faster and secure.
How secure is jCryption?
It is not made to be used in applications with sensible data. I also take no responsibility for the security of your data. It provides a good level of base security so no data that leaves the client will be readable by a human. jCryption offers no way of authentication and is therefore vulnerable against “Men-In-The-Middle-Attacks” which you can only prevent if you use a SSL certificate.
What are your future plans on extending jCryption?
I currently don’t know yet. I first wanted to see if there is a need for such a plugin, but besides that, I am trying to improve performance and security. If you have any ideas what I can do to improve jCryption please contanct me.
What is with file uploads?
Why should I use jCryption instead of SSL?
In my opinion jCryption is much easier to install and configure. Although I don’t think that jCryption is a replacement for SSL. It could be a nice addition for your contact form or login page to simply make it more secure.
The form will be sent unencrypted.
What are the requirements?