Encrypt HTML form data without using SSL

In certain cases, it might be hard to install SSL certificates or SSL is not supported by some webhosts. In those cases, there is a need to encrypt the data (POST/GET) that is sent when you submit a form because if you don’t, your data will be sent in plain text. So I ran into jCryption, a javascript based HTML form encryption plugin. The encryption is performed using public key algorithm of RSA and supports form data encryption upto 2048 bit.

• jCryption encrypts on the client with Javascript and decrypts on the server with PHP.
• A keypair is automatically generated on every request to send data by the user. This adds an extra layer of security.
• jCryption was build on top of the Multiple-Precision library and uses Barrett Modular Reduction library as well.
• It is completely free and has been dual licensed under the MIT and GPL licenses.
• Has been tested and works with all modern browsers such as Firefox 3, Chrome, Opera 9+ and legacy browsers such as IE6.

Caution when considering jCryption

• jCryption must not be used as a replacement for SSL as it currently does not provide authentication and no protection against MITM (Man-in-the-middle) attacks.
• Because the encryption is performed on the client side, if the client has disabled javascript and that maybe the case in some corporate environments, the form data will be sent unencrypted.
• File uploads are also not encrypted because of performance reasons as there is no fast way of accessing and applying encryption to data inside a file.

jCryption is hosted on Google Code and is available for download.

Still not convinced? Check out the jCryption demo.

Similar Posts:

• Cloud Security Guidance
• Google Chrome Security Settings and Configuration Guide for Enterprise
• Does Using Google Libraries API CDN give you Performance Benefits?
• How to hide your email address from spammers, a thorough guide
• Operating Systems Security: Year 2007 Vulnerability Report