CODEWITHSUNDEEP
angularjs
Kishan
Kishan

Reputation: 388

Password encryption in AngularJS

I have one login page. when user give user name and password, i want to encrypt the password and send it to the server. I am using angular js application so i want to write that code also in angular. Please

Upvotes: 0

Views: 8705

Answers (3)

Amit
Amit

Reputation: 395

Its better to use https for sending secured data and encrypting on server. If you still want to encrypt in client code, then you can use SHA256 or SHA1 or MD5. Many are available. Angular-crypto provide many JS. Include reference to JS in html page and below line in controller.

 CryptoJS.SHA1($scope.newCustomer.password)

For good security, on server side, SALT your hashed passwords.

Upvotes: 1

Mukund Thakkar
Mukund Thakkar

Reputation: 1295

Using following ngEncryption factory you can encrypt your data in Controller.js file and pass it to apicontroller. I am using Public-Private key to encrypt data for encryption/decryption.These key can be generated in Session_Start() event in Global.asax.cs file.

app.factory
('ngEncryption', function () {
    return {
        encrypt: function (dataForEncrypt) {
            jsRequest = {};

            var str = dataForEncrypt;
            var xmlParams = $.cookie('ClientPublicKey');
            // Create a new instance of RSACryptoServiceProvider.
            var rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
            var reqArray = [];
            var reqArraySize = 200;
            if (str.length < reqArraySize) {
                var data = System.Text.Encoding.UTF8.GetBytes(str);
                // Import parameters from xml.
                rsa.FromXmlString(xmlParams);
                // Encrypt data (use OAEP padding).          

                var encryptedBytes = rsa.Encrypt(data, true);
                // Convert encrypted data to Base64.
                var encryptedString = System.Convert.ToBase64String(encryptedBytes)
                // Replace plain password with encrypted data.
                reqArray.push(encryptedString);
                //break;
            }
            else {
                var MaxCounterHeader = parseInt(Math.ceil(parseFloat(str.length / 200)));

                for (i = 0; i < MaxCounterHeader; i++) {
                    var newstring = str.substr(0, str.length > 200 ? 200 : str.length);
                    var data = System.Text.Encoding.UTF8.GetBytes(newstring);
                    rsa.FromXmlString(xmlParams);
                    var encryptedBytes = rsa.Encrypt(data, true);
                    // Convert encrypted data to Base64.
                    var encryptedString = System.Convert.ToBase64String(encryptedBytes)
                    reqArray.push(encryptedString);
                    str = str.replace(newstring, '');
                }
            }
            return JSON.stringify(reqArray);
        }
    };
});

Upvotes: -2

LD Robillard
LD Robillard

Reputation: 434

Use HTTPS to send it to the server, then encrypt/decrypt it server-side. For security reason, you don't want the frontend to do any encryption, that could led to serious security flaws.

Upvotes: 5

Related Questions