Simple string encryption in .NET and Javascript

Question

I\'m developing an ASP.NET MVC application in which I want to encrypt a short string on the server, using C#, and send it to the client-side.

Then on the client-side

Answer 1

The System.Security.Cryptography has a bunch of symetric (and asymetric) encrytion algorithms ready to use. (For something super secure use aes)

You should be able to find matching Javascript implementation for most (here are a few aes implementations in JS)

• http://www.movable-type.co.uk/scripts/aes.html
• http://www.hanewin.net/encrypt/aes/aes.htm

Note: If you are planning to use private key based encryption then keep in mind, your web page is going to have the key embedded in it and that means that it all becomes kind of pointless cause anyone with access to the page can do the decryption, at best you would be making the life of the screen scrapers a little bit harder. If making screen scrapers life harder is your goal you could just use an obsfucation algorithm. Any trivial implementation would make very impractical for screen scrapers that do not have a javascript engine:

Eg.

function samObsfucated()
{
    return("s" + "a" + "m" + "@" + "s" + "." + "com");
}

Then onload populate your email fields with the output of these functions.

Javascript encryption has a really good use case for software that stores passwords for users ala clipperz