How can I encrypt JavaScript code so that it's not decryptable?

Question

I have some JavaScript code I need to encrypt, but I want to be sure no one can decrypt it.

What tools can I use to do this?

-- Edit --

Answer 1

The Javascript code is executed in the browser, i.e. on the client side, which means it must be available not-encrypted on the client side.

The "best" you can do is probably to minify it, which will make it harder to understand it -- and a bit of obfuscation might do too -- even if someone really motivated will still be able to read it.

See for instance the YUI Compressor, which can both minify and obfuscate JS code.

Answer 2

use this tool: Javascript Obfuscator https://javascriptobfuscator.com/Javascript-Obfuscator.aspx

Answer 3

There is no way to do that. You can obscure it and have some domain checking code in it. Or you could have it served with a server-side script that checks the referring domain.

Answer 4

I don't think you want encryption, unless you're going to write a browser extension that can decrypt the javascript.

I thing GWT, or even jsmin can sufficiently compress / obfuscate your javascript for normal use.

If you want to tie some client side code to your site, you may want to consider some sort of a random handshake that depends on a server-side method to 'validate' the javascript. I don't even know if that's feasible though.

Answer 5

If you truly want to encrypt it so that no one else can decrypt it, you could use one of any number of encryptions. For instance, to do it manually, you could use TrueCrypt; or to do it programatically, use the encryption libraries available in most languages.

If what you are really asking, though, is how to obfuscate the code so that no one can reverse-engineer it, the answer is: you can't, not in Javascript or any other language. The best you can do is make it more difficult on the reverse-engineers by making it hard to read; for that, there are any number of tools:

• javascriptobfuscator.com
• javascript obfuscator
• ObfuscateJS

Answer 6

There is no way to do so because at the end of the day, the code still has to run, unencrypted, on the client machine, which means the routine to decrypt the code has to be sent alongside the encrypted code. You're handing them both the lock and the key, all they have to do is turn.

Your best best is to run it through an obfuscator, but even then, its not like somebody won't be able to just rewrite it themselves without the need to attempt to read your code anyway.