Many of us have been working with Javascript since long time but when ever i ask people how to send encrypted data, the only answer is to use SSL . But this article shows how to send encrypted data even when we don’t have ssl enabled. This can come in to handy in many scenario’s
I used jCryption and Javascript Library to encrypt in Javascript and BouncyCastle Library on Javabackend to decypt,
Here is the flow in the example
- First Generate RSA keys on server end ( Store in session).
- Send public key to client (javascript)
- Store keys in javascript variable
- In All subsequent requests use this key to encrypt data and send to server
- Use keys stored in session to decrypt data and send response to server
Keys generation utility class in Java
package com.linkwithweb.encryption;
import java.io.IOException;
import java.security.KeyPair;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class EncryptionServlet
*/
public class EncryptionServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Default constructor.
*/
public EncryptionServlet() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#service(HttpServletRequest request, HttpServletResponse response)
*/
protected void service(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
if (request.getParameter("generateKeypair") != null) {
JCryptionUtil jCryptionUtil = new JCryptionUtil();
KeyPair keys = null;
if (request.getSession().getAttribute("keys") == null) {
keys = jCryptionUtil.generateKeypair(512);
request.getSession().setAttribute("keys", keys);
}
StringBuffer output = new StringBuffer();
String e = JCryptionUtil.getPublicKeyExponent(keys);
String n = JCryptionUtil.getPublicKeyModulus(keys);
String md = String.valueOf(JCryptionUtil.getMaxDigits(512));
output.append("{\"e\":\"");
output.append(e);
output.append("\",\"n\":\"");
output.append(n);
output.append("\",\"maxdigits\":\"");
output.append(md);
output.append("\"}");
output.toString();
response.getOutputStream().print(
output.toString().replaceAll("\r", "").replaceAll("\n", "")
.trim());
} else {
response.getOutputStream().print(String.valueOf(false));
}
}
}
All client code is there in index.jsp and framework.js
Javascript Function that gets keys from server and stores in javascript variable
/**
* Get Security keys from server so that we can encrypt request in future
*/
function getKeys() {
$.jCryption.getKeys("EncryptionServlet?generateKeypair=true", function(
receivedKeys) {
keys = receivedKeys;
});
}
On login button clicked here is how you encrypt and send request to server
/**
* Called on Login Button clicked
*/
function onLoginButtonClicked() {
var user = $("#login_user").val();
var password = $("#login_password").val();
$.jCryption.encrypt(user, keys, function(encrypted) {
encryptedUser = encrypted;
$.jCryption.encrypt(password, keys, function(encryptedPasswd) {
encryptedPassword = encryptedPasswd;
/**
* As both userName and password are encrypted now Submit login
*/
submitLoginRequest();
});
});
}
/**
* Submit Login request
*/
function submitLoginRequest() {
sendAjaxRequest("LoginServlet", {
username : encryptedUser,
password : encryptedPassword
}, function(data) {
if (data.length > 0) {
$("#login_status").empty();
$("#login_status").append(data);
}
});
}
And below is svn URL to download sample source code https://linkwithweb.googlecode.com/svn/trunk/Utilities/jCryptionTutorial
Next version of tutorial will be from flex to java. Njoy reading and playing with Encryption code
Technology Portal 