How do I decrypt data from API in client side

Question

1.00/5 (5 votes)

See more:

I have an API which will return data in encrypted manner. so I am using ajax call to consume API in .js file. so how do I decrypt the data returned by the API.
example:
{
"SNo":"#cscs3838383" -- encrypted data
}

How do I decrypt SNo in client side i.e in js file

What I have tried:

tried with AES Algorithm decrypt client side

Posted 27-Apr-16 5:26am

Member 10684458

Updated 27-Apr-16 5:46am

Add a Solution

Comments

Duncan Edwards Jones 27-Apr-16 11:28am

Are you using the algorithm specified by the target API and the decryption key provided by them?

Member 10684458 27-Apr-16 11:36am

yes. I am using the algorithm specific API.and I am using AES Algorithm for encryption in server side.

Sergey Alexandrovich Kryukov 27-Apr-16 11:29am

The question makes no sense. We have no information on how its encrypted, more importantly, why.
—SA

Member 10684458 27-Apr-16 11:37am

I am using AES algorithm.

Sergey Alexandrovich Kryukov 27-Apr-16 11:46am

And the point is..?
This is the symmetric algorithm. If you don't have the key, you cannot use it. So, you have to distribute the key. But when you do it, the key can be eavesdropped like the message itself. So, you stuck. What's the point?
—SA

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Answer 1 · 2016-04-27T05:40:00

Solution 1

In order to decrypt something, you must know how it was encrypted and which key was used.

Encryption principle:
A group share a secret (encryption method and a key), they use it to communicate safely. By design, encrypted data can't be decrypted if you don't know the secret.
The other way, you have to guess which encryption method is used guess the key too, do I have to say that it is a difficult task.

Posted 27-Apr-16 5:40am

Patrice T

Comments

Sergey Alexandrovich Kryukov 27-Apr-16 11:48am

It looks like any symmetric algorithm is just pointless — please see my comment to the question. That's why my major question to the inquirer was — why? :-)
—SA

Patrice T 27-Apr-16 11:57am

I agree with you.

OriginalGriff · Answer 2 · 2016-04-27T05:46:00

Just to add to what @ppolymorphe said: don't do it anyway.
Why not? Because it means that the client side code needs to have a copy of the decryption key sent to it - along with the PAI output data - which completely negates the purpose of the encryption in the first place, given that the whole page is transferred to the client as human readable source code...

Basically, if you must use encryption keep it inside the server and use ~~SHTML~~ HTTPS to transfer the unencrypted data to the client.