How Do I encrypt post data while using ajax and JQuery?

Question

Server side we can authenticate the user but I want security of data when ajax or JQuery sends the data. Like on client side someone can only see the parameters of any call in encrypted format. So how do I do this. I have seen this scenario on this site.

EDIT

we can ignore to encrypt data when it comes form server. But atleast at sending time it is required. see the example on this site in your preference setting the checkboxes for notification. one can watch request by using firebug add-on in Mozilla firefox.

Answer 1

If your problem is just encrypting the data sent by the user, use SSL on the server so that connections to it are encrypted. Your AJAX url would be https://myserver.com/Ajax/Endpoint or whatever.

Answer 2

You could encrypt the data using some libraries, such as http://home.versatel.nl/MAvanEverdingen/Code/ but as was mentioned above it can be reverse engineered by someone using a debugger to see the key.

In order to do this securely you would need to have a public key for the server, and it would use this to get the symmetric key from the server, which encrypted the key with it's private key.

javascript then decrypts the symmetric key with the public key.

Now, this symmetric key is used to encrypt data.

If the data is small enough then you can use the public key to encrypt data, but there is size limits based on the size of your public key.

So, yes, you can do it, but it can be reverse-engineered.

Answer 3

You can't.

If the browser (i.e. JavaScript) is supposed to read/work with the values, they have to be clear text. Any encryption/scrambling scheme you might come up with will be inherently broken since JavaScript itself must be able to decrypt/unscramble the data, and therefore anyone with a medium amount of wit can access the source code will be able to figure it out.

You can do SSL requests to encrypt the server connection, hiding the data from third parties.