Many of us have been working with Javascript since long time but when ever i ask people how to send encrypted data, the only answer is to use SSL . But this article shows how to send encrypted data even when we don’t have ssl enabled. This can come in to handy in many scenario’s
I used jCryption and Javascript Library to encrypt in Javascript and BouncyCastle Library on Javabackend to decypt,
Here is the flow in the example
- First Generate RSA keys on server end ( Store in session).
- Send public key to client (javascript)
- Store keys in javascript variable
- In All subsequent requests use this key to encrypt data and send to server
- Use keys stored in session to decrypt data and send response to server
Keys generation utility class in Java
package com.linkwithweb.encryption; import java.io.IOException; import java.security.KeyPair; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class EncryptionServlet */ public class EncryptionServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * Default constructor. */ public EncryptionServlet() { // TODO Auto-generated constructor stub } /** * @see HttpServlet#service(HttpServletRequest request, HttpServletResponse response) */ protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if (request.getParameter("generateKeypair") != null) { JCryptionUtil jCryptionUtil = new JCryptionUtil(); KeyPair keys = null; if (request.getSession().getAttribute("keys") == null) { keys = jCryptionUtil.generateKeypair(512); request.getSession().setAttribute("keys", keys); } StringBuffer output = new StringBuffer(); String e = JCryptionUtil.getPublicKeyExponent(keys); String n = JCryptionUtil.getPublicKeyModulus(keys); String md = String.valueOf(JCryptionUtil.getMaxDigits(512)); output.append("{\"e\":\""); output.append(e); output.append("\",\"n\":\""); output.append(n); output.append("\",\"maxdigits\":\""); output.append(md); output.append("\"}"); output.toString(); response.getOutputStream().print( output.toString().replaceAll("\r", "").replaceAll("\n", "") .trim()); } else { response.getOutputStream().print(String.valueOf(false)); } } }
All client code is there in index.jsp and framework.js
Javascript Function that gets keys from server and stores in javascript variable
/** * Get Security keys from server so that we can encrypt request in future */ function getKeys() { $.jCryption.getKeys("EncryptionServlet?generateKeypair=true", function( receivedKeys) { keys = receivedKeys; }); }
On login button clicked here is how you encrypt and send request to server
/** * Called on Login Button clicked */ function onLoginButtonClicked() { var user = $("#login_user").val(); var password = $("#login_password").val(); $.jCryption.encrypt(user, keys, function(encrypted) { encryptedUser = encrypted; $.jCryption.encrypt(password, keys, function(encryptedPasswd) { encryptedPassword = encryptedPasswd; /** * As both userName and password are encrypted now Submit login */ submitLoginRequest(); }); }); } /** * Submit Login request */ function submitLoginRequest() { sendAjaxRequest("LoginServlet", { username : encryptedUser, password : encryptedPassword }, function(data) { if (data.length > 0) { $("#login_status").empty(); $("#login_status").append(data); } }); }
And below is svn URL to download sample source code https://linkwithweb.googlecode.com/svn/trunk/Utilities/jCryptionTutorial
Next version of tutorial will be from flex to java. Njoy reading and playing with Encryption code