Documentation

Javascript

jCryption 2.0 is now able to communicate encrypted with the server.
It uses AES for encryption now, RSA is only used for secure key exchange.

Requirements:
jQuery 1.4.2+ (already tested with jQuery 1.6.1)

Public functions:

Name Parameters Description
$.jCryption.authenticate AESEncryptionKey[string], publicKeyURL[string], handshakeURL[string], success(AESEncryptionKey)[function], failure(AESEncryptionKey)[function] This function … does a few things and is required before encryption can take place.
It does following …

1) Client generates a Password … (mousemovement of user used when possible)
2) Client requests RSA Public key from Server
3) Client encrypts Password with RSA Public key
4) Server decrypts Password and stores it in the session
5) Server Encrypts the Password with AES and sends it back to the Client
6) Client decrypts it with AES with the Password
7) Both have now the same “secret” key which is used for communication

$.jCryption.decrypt data[string], key[string] decrypts “data” with “key” with AES and returns the result
$.jCryption.encrypt data[string], key[string] encrypts “data” with “key” with AES and returns the result
$.jCryption.challenge challenge[string], key[string] only used internalydecrypts “challenge” with “key” and checks if the same as “key” for securing the server understood the request
$.jCryption.handshake url[string], key[string], callback(response)[function] only used internalytells the server the key for communication
$.jCryption.getKeys url[string],callback(keys)[function] only used internalyThis function makes a request to the server, and retruns the keys in the callback function.
$.jCryption.encryptKey stringToEnrypt[string],keys[keyObject],callback(encrypted) only used internalyThis function encrypts a string with the RSA public key and returns the encrypted value in the callback function. The keys parameter must be an key object result from the $.jCryption.getKeys function.

For more information how to use the new functions, see the Bi-Directional example.

Options:

Name Default Description
submitEvent “click” string / jQuery event
Event that triggers the submit of the form. “Click” also handles the “Enter button”.
submitElement “false” jQuery selector
The element where the submitEvent should get bound to. By default it try to find the submit element in the form.
getKeysURL “main.php?generateKeypair=true” string
The url where the script should receive the keys.
handshakeURL “main.php?handshake=true” string
The url where the script should receive the challenge/handshake.
formFieldSelector “:” string
jQuery selector which fields should get selected on submit.
postVariable “jCryption” string
The name of the POST/GET variable which the PHP-Script receives.
beforeEncryption function() { return true; } function()
This function is called before the keys will be retrieved from the server (if you w”ant to javascript validate something do it here), return true to continue.

PHP

Requirements:
PHP 5 (PHP 5.3 with openssl if you generate you RSA keys by yourself) with libbcmath

Old Documentation

Fork me on GitHub
Comments (62) Trackbacks (1)
  1. I really don’t understand how I can use ajax with jcryption to save datas without refreshing the page… :(
    I understand how to encrypt ONE data and send it to a php file with ajax, thanks to your “Bi-Directional communication” example. But how to send MANY datas from a form, crypted with jCryption, and sent to a php file ? Can you help me ?

  2. Hi Daniel:

    When I display the 1rst example I get this error and I don´t know where the error come from.
    I have not made any changes to the original code.

    I hope you can help me out.

    And by the way this is a very useful plugin. Thanks for sharing.

    orignial POST:
    Array ( [Sex] => male [Firstname] => John [Lastname] => Wayne [Email] => john@wayne.com [Food] => Array ( [0] => pizza [1] => salad ) [age] => under 18 [likes] => Array ( [0] => rainy wheater [1] => small cats [2] => I like everything ) )

    ( ! ) SCREAM: Error suppression ignored for
    ( ! ) Notice: Undefined index: jCryption in C:\wamp\www\HazAT-jCryption-2781ec8\examples\example1\main.php on line 59
    Call Stack
    # Time Memory Function Location
    1 0.0015 702304 {main}( ) ..\main.php:0
    decrypted POST:
    Array ( )

  3. How do I get the RSA public key string from $.jCryption.getKeys request. Also I want to get more data except the key from this request. Is it possible?

  4. Guys could anyone help me in implementing jcryption? I am using jquery post method for submitting form.

  5. Related to jCryption and using RSA may I see the codes for encrypting just one html element at the client side (a password), post the encrypted element (password) to the server and decrypt it at the server?
    Tanks in advance

  6. thank you very much,, the plugin is so coooool.
    i have a special case i want to know how to deal with:
    i am using a global function that all forms call on submit and inside that function i receive the data as an object and then i make my ajax call based on the user data and ajax settings inside that object. the problem is that you are using your own ajax. so how to solve this issue ?

    thanks in advance

  7. java does not support RSA with no padding and Jcryption does not pad, hence big probmlem when enc wid js and decrypt wid java

  8. Hi,

    There is a little mistake in the docs, i think in the options description it should be handshakeURL instead of challengeURL

    Thanks for the work

  9. Hi,

    This plugin looks real nice.

    I am testing in a login form, with a input for user and another for password.

    The problem I found is that if at the first attempt I type wrong the user or password then in successive tries the plugin posts $_POST["jCryption"] but also the POSTs coming from my user and pass inputs, say $_POST["user"] and $_POST["password"], and the “decrypted” version does not works:

    $var = AesCtr::decrypt($_POST['jCryption'], $_SESSION["key"], 256);
    parse_str($var, $result);

    $result comes empty.

    What I am doing wrong?

    Ideas?

    TIA,

    beno

    • Someone experiencing something like this?

      • Yes same issue. As I mentioned in the post below this, I had to restart apache to get it working. Also I found the legacy encryption method without using gmp does not work for me. I’m on php 5.3.8 on ubuntu. The php is compiled manually though.

  10. I donot inderstand following requirement
    PHP

    Requirements:
    PHP 5 (PHP 5.3 with openssl if you generate you RSA keys by yourself) with libbcmath

    Do I need PHP5.3 or I can go with PHP5.2. Can you please elaborate on “PHP 5.3 with openssl if you generate you RSA keys by yourself”.

    Regards

    • If you are using the generates keys file … “100_1024_keys.inc.php” you do not need PHP 5.3 … only if you want to generate your Public/Private Keys by yourself by using … jCryption->generateKeypair(1024); … This function requires Open SSL.

      • Thanks Daniel, I have not used your excellent piece of work so far, but will use it soon.

      • Hi Daniel, I have another. Your examples works straight out-of-box and I just left the browser ideal for sometime (probably 10-15min) and then server sent NULL decrypted string. Is it usual?

        • This is exactly what happen to me as well, I’m currently debugging to see what could be the issue. It seems restarting apache does help.

          Not sure of the solution yet, but if someone know this, please share with us. Thanks.

  11. a little bug report:
    in jquery.jcryption.js file, there is a line:
    >>var $submitElement = base.options.submitElement;<>var $submitElement = $(base.options.submitElement);<<

  12. Your documentation is cut off in the description section in Fedora 15/Firefox 7. unreadable

  13. I see in the old documentation that in previous versions you could exclude form element types (textarea, select, etc.) from the encryption process, but the current version does not have that capability. I’m trying to use this script on a form that includes a textarea with several paragraphs of text. The sheer volume of text seems to be choking the process and causing it to timeout on the server. I don’t need the textarea data encrypted. Is there any way to exclude this textarea when encrypting?

    • Nevermind. I went ahead and tweaked the code for my own use, and it works great. Very handy plugin, BTW. Thanks for sharing it.

  14. Is there any way to speed up the processing in the PHP function bcpowmod()? The biggest bottleneck in jCryption is that one function.

  15. Good library, but I cannot see any good reason to use callback to get the encrypted text and public keys.

  16. Can I use this library without using the provided the php files? I want to send the data in encrypted form to a servlet running in tomcat. I also need to store the encrypted data in the mysql server. Please guide.

  17. Hi,
    I have tried the PHP version and I am able to get encrypted my form data and I am able to submit the form.
    But my current requirement is with Java (Spring and Hibernate), I found some information here,

    http://www.michalfranc.com/articles/jcryption.html.

    But some how I am failed to use this, as I am not able to submit the form to a spring controller.

    Please suggest if any any body tried and its working.

    Thanks in advance,

  18. Hello! (translated by google)

    I need a function, e.g. afterEncryption who like success: work at $ ajax.. If I want to encrypt a form reloadet my page. I say at beforeEncryption “return false” then the function does nothing at all.

    LG Terra

    • the problem solved like this :
      delete at line 37 is $(this).attr(“disabled”,true);

      and always return true after return false ex => if(){return false;} return true;

    • if(base.options.beforeEncryption()) {
      $(this).attr(“disabled”,true);

      }else{
      $(this).attr(“disabled”,false);
      }

  19. I’m trying to understand the workings of this. I am able to get the example version up on my local server. I guess I’m incorrect in thinking it’s as simple as hosting the index file on my local server (with jscripts) and the php file on the remote server (with the jcrytion.php) and make sure all the file paths are correct, because I get nada with the decrypted array output (using example 1) the encrypted bit comes through….but the array is never decrytped. what am I missing in understanding how this works….

  20. Is the java version available???

  21. How do i get the public key string from $.jCryption.getKeys return object?

  22. have you any example for asp.net mvc?

  23. I’m having problems. I know it encrypts, but it never moves off of the current page, like it doesn’t submit. This code is in a page that is in a subfolder, thus, the getKeysURL option. I have put the action of the form relative to the current directory. I have no idea why this is not working, because it works every other time I use this.

    var field = null;
    function setField(formField)
    {
    if( field == null )
    field = formField;
    }
    // this submits the form via the encryption javascript
    $(document).ready(function()
    {
    $(“#cPass”).jCryption({
    getKeysURL:”../getKey.php”,
    beforeEncryption:function()
    {
    // Various input checking tests that I know work
    // If bad, return false, else return true;
    }
    }
    )
    $(“input”).removeAttr(“disabled”);
    });

    • I figured it out! My submit button () had the name “submit” (name=”submit”), and that caused it to not submit. When I changed the name or deleted it, it worked fine as before. YEAH!!!!!

  24. Do you know why some times process of generating keypairs takes so many time and never ends up. (Some times it work great). And place next in apache error.log:

    bc math warning: non-zero scale in modulus
    bc math warning: non-zero scale in base
    bc math warning: non-zero scale in exponent

    Apache 2.2.4 / PHP 5.2.11

    • same error for me in intranet production environment from 24 agost 2010.

      login using jCryption was ok and in use from april 2010 since 24 agost.

      Did you find why ?

      Gianni

    • The problem is the prime generation … it’s random and sometimes the algorithm gets some good numbers fast, sometimes it doesn’t.
      In future I wanted to save some prime numbers in advanced and then pick one so the generation is not needed.

    • First of all, many thanks for your nice pluggin.
      The only problem I’ve got is that the Keypair generation fails with the same error in apache log “bc math warning: non-zero scale in modulus”.
      This error is fired regularly which is quite embarassing on a production server.

      Do you think you will provide a solution for that in the future?

      Thanks

  25. Hey man, in your sample code above on line 19, the echo at the bottom of the if-block, you’ve got 2 parenthesis closing that, you actually only need one. :)

  26. Has anyone tried this with Perl? Anyone knows what the ‘n’ (modulo) param is that you return with the public key? Also, what’s the point of returning “maxdigits” (instead of $keyLength, say)?

    • n = modulo yes …
      The maxdigits variable was used by Dave Shapiro and there was no reason to change the mechanism oder variables so I kept it.
      maxdigits = keyLength*2/16+3

      • Sorry, I’m new to this RSA stuff, so it took me a while to figure out the terminology and what the params meant. I really like this library, but I couldn’t get it working with perl’s Crypt::OpenSSL::RSA or Crypt::RSA, so I ended up using a different javascript library, which worked. I suspect the problem was with padding. What kind of padding does Dave Shapiro’s library use? If you have any other thoughts that might point me to a solution, let me know. Thanks.

        Incidentally, this is the javascript RSA library I ended up using, which does the PKCS1 padding that’s compatible with the perl modules I was trying to use.

        http://www-cs-students.stanford.edu/~tjw/jsbn/

  27. Uh, I was in desperate need of this and infact planning to build one myself. Thanks to you that you saved me a lot of time.
    Cheers…
    Keep up the good work.

  28. what about decrypt in javascript?
    This would be usefull for example for comunicating via ajax and getting the response encrypted. In JS you could decrypt and process the response.

    • I have the same requirement. Just to clarify, jCryption is currently just one-way traffic encryption, correct?

    • I am currently looking for the best method to provide a bidirectional communication. I think the best way would be changing a symmetric key via RSA and encrypt/decrypt the rest with the symmetric algorithm like AES for example. If someone has a better idea, please let me know.

      • I too am interested in bidirectional encrypted messaging portal. Existing services of “encrypted” email store text messages and attachments on a portal, but do not support HTML forms or organized responses that can be easily incorporated into a database. Current services like Tumbleweed from Axway email a form that includes security tokens to access a message via https. PGP requires installing a client and creating personal keys, too much work for many casual business clients. jQuery/jcryption could install a simple encryption/decryption client in a browser window. Ultimately, content could be stored on a web server that would be unreadable to hackers that don’t have a private key that would be emailed to the client. Any recipient of the email could access the content, but that doesn’t seem to stop these encrypted email services from touting HIPAA compliance.

  29. CORRECTION:
    My code did not display write:
    _____________________________________
    $(document).ready(function() {
    $(“#loginLiteForm”).jCryption({getVariable:”encryption”, getKeysURL:”gen_keys.php”});
    var count = 0;
    for (i=0; i -1) {
    count++;
    }
    }
    if (count > 0) {
    for (i=1; i<=count; i++) {
    $("#encrypt"+i+"").jCryption({getVariable:"encryption", getKeysURL:"gen_keys.php"});
    }
    }
    });

  30. How do encrypt GET data?

    Here is my jQuery setup script. Can you modify this so it will encrypt GET data?
    ***********************
    $(document).ready(function() {
    $(“#loginLiteForm”).jCryption({postVariable:”encryption”, getKeysURL:”gen_keys.php”});
    var count = 0;
    for (i=0; i -1) {
    count++;
    }
    }
    if (count > 0) {
    for (i=1; i<=count; i++) {
    $("#encrypt"+i+"").jCryption({postVariable:"encryption", getKeysURL:"gen_keys.php"});
    }
    }
    });

  31. Will there be an asp.net version??

    • The first priority for me is making jCryption faster and more secure, other versions will follow when everything else is done.
      Although i can’t say if there will be a asp.net version because my asp skills are very limited.

  32. Are you planning to provide Java Version ??

    • Yes there are plans on releasing alternatives to PHP.
      A user posted here that he is developing a java version, as soon as he is finished and I tested it, it will be included in a future release of jCryption.

      • I have been working on Cryptography from last few years, Though there are numerous algorithms are provided with Java, I would request you to re-evaluate before and provide a very flexible API similar to the one you provided for PHP. Also, I would like to participate in development of Java version.

Leave a comment

You must be logged in to post a comment.