How to decrypt the encrypted value in code behind using cryptoJs in MVC

Question

I am working on mvc application, there i am trying to encrypt my password. I have encrypted the password onclick and its working fine. How to decrypt the same value in mvc controller using CryptoJs.

Here is my code:

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/tripledes.js"></script>
       var secretString = document.getElementById("txtPassword").value;
        var password = "$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/";
        debugger;
        //document.getElementById("secretstring").innerHTML = secretString;
       // var pass = document.getElementById("txtPassword").value;

        var encrypted = CryptoJS.TripleDES.encrypt(secretString, password);


        // document.getElementById("encryptedstring").innerHTML = encrypted.toString();

        //var decrypted = CryptoJS.TripleDES.decrypt(encrypted.toString(), password);
        //var finaltext = decrypted.toString(CryptoJS.enc.Utf8);
        //document.getElementById("txtPassword").value = encrypted;

I have to pass the encrypted value to C# code and decrypt there itself using cruptoJs.TripleDES.decrypt.

Anybody help me please? Thanks in advance.

Answer 1

There is a 3DES provider in the .NET Library and here is a good example of how to use it: How to implement Triple DES in C# (complete example)

In principle, if you use 3DES on the client you just use another 3DES implementation on the server, you don't need to use the same implementation -- and since cryptoJS is JavaScript, it is mostly restricted to client-side use anyway.

That being said, your string is not sent securely over the network, because your source code clearly identifies the method + password used to encrypt. So anyone who can sniff the data going to your server can decrypt.

To really encrypt the traffic securely, you'd need to use SSL (= HTTPS).