encrypting a password value in gsp

Question

In my HTML form I have a password field which I want to encyrpt before I send it in the URL form post.

so I call a js function on submit click like validateAndEncrypt() which basically I want to use to encrypt the password.

How can I encrypt this password value?

1) I have a inbuilt codec class (DESCodec) with methods encrypt and decrypt, can I use this codec in gsp directly? - if yes how do I feed the password value to DESCodec from javascript. 2) Is there a method using plain javascript to encrypt the password value?

Which method is should I go for?

Thanks Priyank

Answer 1

Short answer: use SSL.

Long answer: private key encryption algorithms like DES are not practical to use on the web because the browser needs to share a private key with the server. In order to transmit it securely, you need to use some form of public key exchange. After you've implemented that, you've basically reinvented SSL, but probably buggy and insecurely.

Answer 2

1. Use SSL (https)
2. It is unnecessary to use client side encryption with Javascript. Keeping the client side encryption and the server side decryption in sync is probably more work than it is worth.
3. Seriously: Trust SSL

can I use this codec in gsp directly?

No, you can't use server side code on the client. You would need a client side library to encode form elements before submitting them if you choose to double encrypt your forms.

You do have javascript encryption options if this is really what your application really requires .

• http://crypto.stanford.edu/sjcl/
• http://www.tero.co.uk/des/
• http://www.jcryption.org/

Answer 3

只需使用ssl加密（https）

Answer 4

Using SSL may be a simpler and more effective solution - and it will encrypt any other data you might send that is sensitive. The solution you are trying to create is exactly what SSL is designed for.