Encrypt HTML form data without using SSL

In certain cases, it might be hard to install SSL certificates or SSL is not supported by some webhosts. In those cases, there is a need to encrypt the data (POST/GET)┬áthat is sent when you submit a form because if you don’t, your data will be sent in plain text. So I ran into jCryption, a javascript based HTML form encryption plugin. The encryption is performed using public key algorithm of RSA and supports form data encryption upto 2048 bit.

  • jCryption encrypts on the client with Javascript and decrypts on the server with PHP.
  • A keypair is automatically generated on every request to send data by the user. This adds an extra layer of security.
  • jCryption was build on top of the Multiple-Precision library and uses Barrett Modular Reduction library as well.
  • It is completely free and has been dual licensed under the MIT and GPL licenses.
  • Has been tested and works with all modern browsers such as Firefox 3, Chrome, Opera 9+ and legacy browsers such as IE6.

Caution when considering jCryption

  • jCryption must not be used as a replacement for SSL as it currently does not provide authentication and no protection against MITM (Man-in-the-middle) attacks.
  • Because the encryption is performed on the client side, if the client has disabled javascript and that maybe the case in some corporate environments, the form data will be sent unencrypted.
  • File uploads are also not encrypted because of performance reasons as there is no fast way of accessing and applying encryption to data inside a file.

jCryption is hosted on Google Code and is available for download.

Still not convinced? Check out the jCryption demo.

Similar Posts:

  1. Why don’t you give a README.txt file to explain precisely how to install it? You developers and coders: you only write in one language and that is the language you speak with one another!! The average person wanting to learn is clueless with your terms. e.g., what the heck does “add this to your HTML form mean? and how do you do it?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.