How can I encrypt a string in JavaScript and decrypt that string in C#

Question

I\'ve seen this question asked before, though in these cases the poster wanted to encrypt something (usually a url) on a public facing website, and the responses were mostly \"d

Answer 1

Symmetrical

The simplest way is to use a library as the Stanford Javascript Crypto Library that implement a standard (AES in this case) and to use the same cipher in C# (via AesManaged or AesCryptoServiceProvider).

You'll get a symmetrical cipher but there nearly no more than one parameter (the key) to set for both libs to work.

Asymmetrical

You could also use an asymmetrical (Public-Key) cipher instead. An attacker getting it's hand on the javascript code would be able to send crafted requests to your server but won't be able to intercept other requests.

There is an implementation of RSA in javascript and the RSACryptoServiceProvider class provide the support in .Net

A full example is available in Code project including a path to the RSA in javascript lib to support padding (mandatory when using the .Net implementation)

Note

Both of theses solutions by themselves are vulnerable to replay (an attacker intercepting a string and sending it back later -- potentially multiple times -- to the server)