Many of us have been working with JavaScript since a long time but whenever I ask people how to send encrypted data, the only answer is to use SSL . But this article shows how to send encrypted data even when we don’t have SSL enabled. This can come in to handy in many scenarios.
I used jCryption and JavaScript Library to encrypt in JavaScript and BouncyCastle Library on Javabackend to decrypt.
Here is the flow in the example:
- First generate RSA keys on server end (Store in session)
- Send public key to client (JavaScript)
- Store keys in JavaScript variable
- In all subsequent requests, use this key to encrypt data and send to server
- Use keys stored in session to decrypt data and send response to server
Keys generation utility class in Java:
package com.linkwithweb.encryption;
import java.io.IOException;
import java.security.KeyPair;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class EncryptionServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public EncryptionServlet() {
}
protected void service(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
if (request.getParameter("generateKeypair") != null) {
JCryptionUtil jCryptionUtil = new JCryptionUtil();
KeyPair keys = null;
if (request.getSession().getAttribute("keys") == null) {
keys = jCryptionUtil.generateKeypair(512);
request.getSession().setAttribute("keys", keys);
}
StringBuffer output = new StringBuffer();
String e = JCryptionUtil.getPublicKeyExponent(keys);
String n = JCryptionUtil.getPublicKeyModulus(keys);
String md = String.valueOf(JCryptionUtil.getMaxDigits(512));
output.append("{\"e\":\"");
output.append(e);
output.append("\",\"n\":\"");
output.append(n);
output.append("\",\"maxdigits\":\"");
output.append(md);
output.append("\"}");
output.toString();
response.getOutputStream().print(
output.toString().replaceAll("\r", "").replaceAll("\n", "")
.trim());
} else {
response.getOutputStream().print(String.valueOf(false));
}
}
}
All client code is there in index.jsp and framework.js.
JavaScript function that gets keys from server and stores in JavaScript variable:
function getKeys() {
$.jCryption.getKeys("EncryptionServlet?generateKeypair=true", function(
receivedKeys) {
keys = receivedKeys;
});
}
On login button clicked here is how you encrypt and send request to server:
function onLoginButtonClicked() {
var user = $("#login_user").val();
var password = $("#login_password").val();
$.jCryption.encrypt(user, keys, function(encrypted) {
encryptedUser = encrypted;
$.jCryption.encrypt(password, keys, function(encryptedPasswd) {
encryptedPassword = encryptedPasswd;
submitLoginRequest();
});
});
}
function submitLoginRequest() {
sendAjaxRequest("LoginServlet", {
username : encryptedUser,
password : encryptedPassword
}, function(data) {
if (data.length > 0) {
$("#login_status").empty();
$("#login_status").append(data);
}
});
}
And below is svn URL to download the sample source code https://linkwithweb.googlecode.com/svn/trunk/Utilities/jCryptionTutorial
The next version of the tutorial will be from flex to Java. Enjoy reading and playing with Encryption code.
A Technology evangelist with no technical language barriers. A strong believer that Simple Sofware Is Perfect Software. A staunch proponent of software / documentation automation in all domain's. And finally a true diciple of Google Search.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
