How to send encrypted data

Even with SSL or https available, there sometimes is a need to encrypt or encode the data that is sent over the line.

And there always will be the ultimate paranoid who doesn't trust anything.

Out of curiousity how it's done I searched the web for the answer :

Google ➠ encrypt+form+data+before+submit

The emphasis is on form input, such as logins.

Three solutions from simple, complex and more complex are shown. Each with a sample page and demo set you can download.

What goes over the line

WireShark http plain text
WireShark http plain text form input
WireShark http encoded text
WireShark http encoded text form input
WireShark http encrypted
WireShark https encrypted

Data captured with ➠ Wireshark

XOR bits and Base64

Each character is ➠ 'xor'ed and then encoded to Base64 in JavaScript.
At the server the reverse is done in PHP.
The decoded text is then used to find the username and password in a database and displayed in a webpage.

See it here

Encryption with CryptJS AES and PHP

The input fields are encrypted with a random string to a JSON formatted string.
At the server the reverse is done in PHP.
The decoded text is then used to find the username and password in a database and the result displayed in a webpage.
The result can also be encrypted into a JSON string and sent back to the browser where it is decrypted in readable text.
This sample page doesn't use that feature, but the original code has a demo page.

See it here

Encryption with AES/RSA and PHP

The form input fields are POST'ed and captured by the JavaScript. The POST data is added to an array variable and then encrypted.
At the server the array is decrypted to a $_POST array where PHP can process it.
The username and password are looked up in the database.
Unlike the previous example, the lookup data is added to an array variable with a $key->$value pair, encrypted and sent to the browser.
The JavaScript decrypts the array and uses the $key->$value pair to put the data into input fields of a form.
This requires that a form is used in the webpage, for example where the data can be edited by the user.
In other cases the lookup data can simply be sent back as in the previous examples.

See it here

Why?

Even though https connections are used today, there will always be a situation where this is not the case. You know best.

And when you're obsessed with security, then here's the answer.

And why not do it for fun?

Obfuscate JavaScript code

JavaScript Obfuscator

Deobfuscate JavaScript code

JavaScript Deobfuscator and Unpacker

The data

Original Family Guy data

Feb 17 2021 05:38:30