Simple string encryption in .NET and Javascript

Question

I'm developing an ASP.NET MVC application in which I want to encrypt a short string on the server, using C#, and send it to the client-side.

Then on the client-side it will be decrypted through Javascript code.

Any thoughts on how to implement this?

Do you know of a simple encryption algorithm (doesn't have to be bullet-proof secure) that can be easily translated from C# to Javascript or vice-versa?

NOTE: I could do this entirely in C# and do the decryption through Ajax, but I'd prefer not to do it this way, as I want to reduce website traffic as much as possible.

Answer 1

It sounds like you want an obfuscation or encoding, not encryption. Base64 encoding should work well here. The result will look nothing like an email address, and the encoding process is fast.

In C#, you can use:

string emailAddress = "[email protected]";
string encoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(emailAddress));

And you can use this JavaScript function to decode it:

function Base64Decode(encoded) {
   var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
   var output = "";
   var chr1, chr2, chr3;
   var enc1, enc2, enc3, enc4;
   var i = 0;

   do {
      enc1 = keyStr.indexOf(encoded.charAt(i++));
      enc2 = keyStr.indexOf(encoded.charAt(i++));
      enc3 = keyStr.indexOf(encoded.charAt(i++));
      enc4 = keyStr.indexOf(encoded.charAt(i++));

      chr1 = (enc1 << 2) | (enc2 >> 4);
      chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
      chr3 = ((enc3 & 3) << 6) | enc4;

      output = output + String.fromCharCode(chr1);

      if (enc3 != 64) {
         output = output + String.fromCharCode(chr2);
      }
      if (enc4 != 64) {
         output = output + String.fromCharCode(chr3);
      }
   } while (i < encoded.length);

   return output;
}

The C# application encodes the string [email protected] into YWJjQGV4YW1wbGUuY29t, and the JavaScript version will decode YWJjQGV4YW1wbGUuY29t back into [email protected].

Answer 2

What about a simple XOR Cipher?

These two implementations are fully compatible:

• Simple XOR Encryption (C#)
• JavaScript XOR Encryption

Answer 3

The System.Security.Cryptography has a bunch of symetric (and asymetric) encrytion algorithms ready to use. (For something super secure use aes)

You should be able to find matching Javascript implementation for most (here are a few aes implementations in JS)

• http://www.movable-type.co.uk/scripts/aes.html
• http://www.hanewin.net/encrypt/aes/aes.htm

Note: If you are planning to use private key based encryption then keep in mind, your web page is going to have the key embedded in it and that means that it all becomes kind of pointless cause anyone with access to the page can do the decryption, at best you would be making the life of the screen scrapers a little bit harder. If making screen scrapers life harder is your goal you could just use an obsfucation algorithm. Any trivial implementation would make very impractical for screen scrapers that do not have a javascript engine:

Eg.

function samObsfucated()
{
    return("s" + "a" + "m" + "@" + "s" + "." + "com");
}

Then onload populate your email fields with the output of these functions.

Javascript encryption has a really good use case for software that stores passwords for users ala clipperz

Answer 4

In terms of the simplest thing that could possibly work, it seems that you want a simple form of obfuscation, rather than anything really secure.

Rot-13 might be enough, provided that you're dealing with an audience with ASCII email addresses. If you need to support Unicode, then you might need something slightly more sophisticated.