Reputation: 415
Encrypting data in php and decryption in javascript
I am working with 2 servers.
I want to create a pair of keys and store the private key in local storage and send the public key to PHP server.
basically encryption of data with the public key in PHP and decryption of data in JavaScript
Any suggestion.. what should I do.
I already tried few things but the result is not coming like for (public key)[http://phpseclib.sourceforge.net/rsa/examples.html#convert] and (private key)[https://github.com/travist/jsencrypt]
thanks.
Update:
AIM: the aim is to send data from PHP server to client side with safety.
Update Edit :
how safe is it to keep private key in php code and giving public key to client side(javascript server node.js) on call... like for sending data from node.js server to php server.... is that safe without https ??
Or if we use https then we don't need to use this methed...??
Thanks
Upvotes: 0
Views: 627
Answers (1)
Reputation: 111258
If your aim is to send data from php server to client side with safety, then consider using HTTPS.
What you're trying to do instead is extremely hard to get right. If you don't use HTTPS then it's pointless because your visitors won't be able to know who they are talking to and whether the key generation and decryption code is trustworthy. If you're using HTTPS then you already send data from php server to client side with safety (using private and public keys) and encrypting it once more wouldn't do anything.
If you are trying to protect that secret from other JavaScript code running in the browser, it will still not do anything because having the private key, encryption algorithm and encrypted message in your browser is not safer than having it in clear text.
Additionally, there is a lot of room for subtle errors in key generation, key distribution, the encryption algorithm, handling the encrypted message etc. Even if you could do all of that correctly, what you would get is at most what you already have with HTTPS.
And don't think it's easy - OpenSSL with good intentions and experienced developers is probably a world record holder for the number of CVE entries because this stuff is extremely hard to get right.
Make sure you read this classic article:
Also worth reading:
Upvotes: 2
Related Questions
- PHP encrypt and decrypt in node JS
- RSA Encryption, Encrypt in PHP (phpseclib) and Decrypt in JavaScript (crypto.subtle)
- Encrypt string in PHP and decrypt in Node.js
- How to encrypt data in javascript and decrypt in php?
- Encrypt in Javascript, decrypt in PHP, using public-key cryptography
- Encrypt in Nodejs and Decrypt in PHP
- Encryption/decryption using publickey | Crypto Module | NodeJS
- Node.js correct way to make rsa encrypt?
- Encrypt string in JavaScript and decrypt in PHP with RSA technique
- Encryption/Decryption between PHP and Javascript