Sending/Receiving encrypted data

Results 1 to 2 of 2

Thread: Sending/Receiving encrypted data

  1. #1
    Join Date
    Dec 1969

    Default Sending/Receiving encrypted data

    Is there a way, without using https: to encrypt information i.e. a social security number being sent from a browser, use it within my ASP pages, and return encrypted information (that would then be displayed properly). ASPcrypt as far as I can tell only allows one way encryption!

  2. #2
    Join Date
    Dec 1969

    Default I don't know ASPcrypt myself...

    ...but there are algorithms that you can find on the web (might not be in VBScript or JavaScript, but you should be able to translate them as required) which will allow you to encrypt something on the client, post that to the server and then decrypt it there.<BR><BR>You would have to use a public/private key algorithm, because if you used a symmetrical key any hacker could easily decode the data in transit before it reaches your sever, simply by looking at the client-side code.<BR><BR>Also, if a visitor to your site has scripting disabled (or their browser doesn&#039;t have scripting, such as text based browsers), then your encryption will never happen and the data would be transmitted "plain text". This would be a huge security hole.<BR><BR>Therefore the option of using client-side scripting would really only work if you have control over what browser visitors to your site use and whether or not they have scripting enabled.<BR><BR>That&#039;s why HTTPS is there - to allow a secure connection, so I suggest you use that instead of trying to program a solution yourself.<BR><BR>You could also write an ActiveX control that provides encrypted form fields and deal with everything (encryption, displaying the form fields, transmitting the data, etc.) yourself, but that is likely to be even more work.<BR><BR>Oliver.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts