+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: encrypt with PHP, decrypt with JavaScript? (/showthread.php?tid=18821)
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]taewoo[/eluser]
Does anyone know of a package or combination of different things that can be used to achieve this?
There's bin2hex method but that's not really encrypting. And there's there are these two JS libraries (here and here, but there's no PHP equivalent of the code.
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]slowgary[/eluser]
I don't know what the goal is, but if you're decrypting it on the client side you might as well not encrypt at all as you'll be giving the clients the method of which to decrypt. That's like hanging a key on a vending machine for people to get their items out - why put them in a vending machine to begin with? You could just put them in a basket.
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]taewoo[/eluser]
well... it's actually an API that will be consumed by other developers.
the encryption is because there's some sensitive financial data that cannot be plaintext that the developer can just copy/paste.
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]slowgary[/eluser]
But won't you be allowing them to decrypt it anyways? I thought that was the point of the JS decryption.
I can actually see why one might want to decrypt with JavaScript - if you don't want to send the data in plain text over the intertubes, but it's not too sensitive to allow the client to decrypt with JS. Keep in mind though, your decryption scheme will always be available to anyone who wants it.
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]Dregond Rahl[/eluser]
If you are sending anything important for decrypting, don't. JS is terrible at keeping things secret.
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]taewoo[/eluser]
the private key is actually sent to the end user, not to the third party developer of the API.
other than opinions about why this is a bad idea... anyone know how this can be done?
encrypt with PHP, decrypt with JavaScript? - El Forum - 05-19-2009
[eluser]Dregond Rahl[/eluser]
I know decryption using base64 is possible with JavaScript
http://www.webtoolkit.info/javascript-base64.html
but pretty unsecure. If you really want you can try adding a salt generated with PHP randomly before sending info and store that salt in a cookie and PHP session. It becomes a little more secure then because the salt will change always.