locked
Encription-Decription RRS feed

  • Question

  • User-115208871 posted

    hi all,

                how can i encript my querystring of a url using javascript and how can i decript that querystring value in C#...

    (Encription using javascript and Decription using C#) 

    Thursday, May 9, 2013 7:02 AM

Answers

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 9, 2013 7:07 AM
  • User-492460945 posted

    Hi,

    You first find the algorithm used in encryption function in javascript and key string. then you can use below C# methods to decrypt using same algorithm and key string..

    public string GenerateAPassKey(string phrase)
    {
    // Pass Phrase can be any string
    string passPhrase = phrase;
    // Salt Value can be any string(for simplicity use the same value as used for the pass phrase)
    string saltValue = phrase;
    // Hash Algorithm can be "SHA1 or MD5"
    string hashAlgorithm = "SHA1";
    // Password Iterations can be any number
    int passwordIterations = 2;
    // Key Size can be 128,192 or 256
    int keySize = 256;
    // Convert Salt passphrase string to a Byte Array
    byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
    // Using System.Security.Cryptography.PasswordDeriveBytes to create the Key
    PasswordDeriveBytes pdb = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
    //When creating a Key Byte array from the base64 string the Key must have 32 dimensions.
    byte[] Key = pdb.GetBytes(keySize / 11);
    String KeyString = Convert.ToBase64String(Key);

    return KeyString;
    }

    public string Decrypt(string encryptedText, string KeyString)
    {
    RijndaelManaged aesEncryption = new RijndaelManaged();
    aesEncryption.KeySize = 256;
    aesEncryption.BlockSize = 128;
    aesEncryption.Mode = CipherMode.ECB;
    aesEncryption.Padding = PaddingMode.ISO10126;
    byte[] KeyInBytes = Encoding.UTF8.GetBytes(KeyString);
    aesEncryption.Key = KeyInBytes;
    ICryptoTransform decrypto = aesEncryption.CreateDecryptor();
    byte[] encryptedBytes = Convert.FromBase64CharArray(encryptedText.ToCharArray(), 0, encryptedText.Length);
    return ASCIIEncoding.UTF8.GetString(decrypto.TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length));
    }

    Here in the method GenerateAPassKey 'SHA1' is the algorithm and its input parameter is the string you are using to encrypt. Hope this helps you..

    -Rajesh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 9, 2013 7:11 AM

All replies

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 9, 2013 7:07 AM
  • User-492460945 posted

    Hi,

    You first find the algorithm used in encryption function in javascript and key string. then you can use below C# methods to decrypt using same algorithm and key string..

    public string GenerateAPassKey(string phrase)
    {
    // Pass Phrase can be any string
    string passPhrase = phrase;
    // Salt Value can be any string(for simplicity use the same value as used for the pass phrase)
    string saltValue = phrase;
    // Hash Algorithm can be "SHA1 or MD5"
    string hashAlgorithm = "SHA1";
    // Password Iterations can be any number
    int passwordIterations = 2;
    // Key Size can be 128,192 or 256
    int keySize = 256;
    // Convert Salt passphrase string to a Byte Array
    byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
    // Using System.Security.Cryptography.PasswordDeriveBytes to create the Key
    PasswordDeriveBytes pdb = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
    //When creating a Key Byte array from the base64 string the Key must have 32 dimensions.
    byte[] Key = pdb.GetBytes(keySize / 11);
    String KeyString = Convert.ToBase64String(Key);

    return KeyString;
    }

    public string Decrypt(string encryptedText, string KeyString)
    {
    RijndaelManaged aesEncryption = new RijndaelManaged();
    aesEncryption.KeySize = 256;
    aesEncryption.BlockSize = 128;
    aesEncryption.Mode = CipherMode.ECB;
    aesEncryption.Padding = PaddingMode.ISO10126;
    byte[] KeyInBytes = Encoding.UTF8.GetBytes(KeyString);
    aesEncryption.Key = KeyInBytes;
    ICryptoTransform decrypto = aesEncryption.CreateDecryptor();
    byte[] encryptedBytes = Convert.FromBase64CharArray(encryptedText.ToCharArray(), 0, encryptedText.Length);
    return ASCIIEncoding.UTF8.GetString(decrypto.TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length));
    }

    Here in the method GenerateAPassKey 'SHA1' is the algorithm and its input parameter is the string you are using to encrypt. Hope this helps you..

    -Rajesh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 9, 2013 7:11 AM
  • User2027516926 posted

    if u dont want the user to be able to see the querystring, just use action=POST instead of get in ur form tag (by default action=GET). this would hide the querystring from the user. or you could write functions in js to encrypt and decrypt the request url. (use any of the encryption algos.) but i'd still suggest using post action

    Thursday, May 9, 2013 7:11 AM
  • User-434868552 posted

    @ rockonrocks    Welcome to forums.asp.net

    (a) you need strong encryption, in a form like PGP ... that means you use a public key on the JavaScript side to encrypt and only your c# code has the private key to decrypt.

    (b) you are vulnerable on the client side

    (c) you should also use SSL

    (d) why do you think that you need so much security?

    g.

    Thursday, May 9, 2013 9:42 PM