Encryption in JavaScript/Decryption in PHP

Friends,

I would like to encrypt (with a private key) a string on the client side using JavaScript and decrypt the same on the server side using PHP (the private key can be generated by the server). Can any one help me in doing this?

Thanks to u all in advance..



------------------
Anish Modi
Infotech World
India

I need to encrypt a variable in javascript then send the returned encrypted msg to the server then decrypt the sent enc_msg using PHP and should obtain the original variable.

I am thinking of creating a random key in PHP setting it to a hidden text field value. Then read that hidden text field value which contains the PHP's random key then have Javascript read that from the hidden field use that to encrypt the message then when it's submitted, PHP should decrypt the message using the same randomly gen. key sent to the client originally.

Any help is greatly appreciated,

I would not advise using hidden inputs for you key, as they can and will be easily viewed/manipulated.

RSA in Javascript
AES in Javascript
DES in Javascript

Holy resurrected posts, Batman!

@m7x3r>
If you want to encrypt in JS and decrypt in PHP, you'll have to start by finding a matching algorithm between the two. Take a look at PHP's mcrypt functions and find a compatible JS algorithm. I personally looked at using the AES script execute posted at one time; it uses the CTR (counter) method, and as luck would have it, PHP's mcrypt extension can utilize CTR and rijndael-N (AES) encryption. I never did complete the project though.

Of the three posted, DES might be the easiest to make work, although not the most secure. Security is relative when you're talking about anything on the web anyway.

Thanks to all your comments.... As far as avoiding the hidden textfield to pass a $var(in PHP) to a var(in JS).. I searched such topic and it seems to be 2 ways one is to pass the vars in the header upon submission meaning it will be in the url which could look like this http://myforume/mysite/mypage.php?var1=''&var2=''
something along those lines I am trying to avoid that and avoid using _GET[].... aside from this or writing and reading from a hidden html text field... I am unaware of any other way to pass php vars to js vars... if u know off any other... pls do... open to suggestions....

I yet to get my hands dirty with this ... but I have already encrypted using JS using RSA.. but I wanted to have another encrypter - wrapper so to speak to encrypt my original encrypted msg... this time Encrypt in JavaScript and Decrypt in PHP using the same key if not then pub. priv. keys.... I will take a look at mycrypt() php function thank you lnxgeek...

But you think it's safe to assume that if JS provides an implementation of some algorithm that PHP will follow the same login in implementing that encryption algorithm...aside from any native functions that may randomize a key or play with some vars here and there.....

Thanks again to all your support so far....this is the last mile for me...

Well as suggested by execute... thank you for providing the links

i found this
tero.co.uk/des to

be very helpful... all i really did is downloaded the javascript source to encrypt the encrypted msg on the client then passed the output of DES javascript to PHP in HEX ... this is important has to be in HEX on the client used JavaScript's stringToHex()... then PHP's DES implementation was close but I gave up on it so instead I opened php.ini and I uncommented "exension = mcrypt.....something .dll file" just take out the " ; " in the php.ini file enabling mcrypt.

then simply used mcrypt_decrypt() with the same key as JS used, and the converted msg from hex back to string this time based on des/PHP implementation [HexToString()] provided on the tero site... and i got back my RSA encrypted password to be stored in the dB.... however I got one last question if anyone can help me with :

mcrypt_decrypt() The IV parameter must be as long as the blocksize WARNING

not too sure on how to fix this bug or at least supress the warning... any suggestions are greatly valued...

thank you in advance...

Well, there're different modes in which an encryption/decryption with symmetric keys could be made, you have to see which mode the JS is using. ECB and CBC aren't commonly used, I would go with CFB.

More on the subject on Wikipedia and Google.

Firstly, many thanks to everyone that provided an insight or any useful tips that helped me accomplish this JavaScript DES Encrypt and PHP DES Encrypt... I have been able to find the solution to that IV Warning resulting from a PHP's Mcrypt library function, here is the code i used to decrypt using DES PHP's mcrypt library of the string value of a JavaScript encrypted msg in DES:

/* Open module, and create IV */
$key = '10';
$td = mcrypt_module_open('des', '', 'ecb','');
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
$iv_size = mcrypt_enc_get_iv_size($td);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

/* Initialize encryption handle */
if (mcrypt_generic_init($td, $key, $iv) != -1)
{
//Iniitialize buffers for decryption
mcrypt_generic_init($td, $key, $iv);

// $DES_HexToString is the encrypted msg in string format
//converted from the Hex value that's given by the JS DES func
$p_t = mdecrypt_generic($td, $DES_HexToString);

//Clean Up
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
}




echo "<br>";
echo "MCrypt Method to decrypt Hex :";
echo $p_t;

Amazing heh...