0

I want to use some API data to build a front app in angularjs 1. For that I have to decrypt the data first using AES128 and use it then send encrypt data to API. I can use crypto.js for that task but then the key will be visible to anyone.

Is their any secure way of doing this?

Thanks

Abhishek Mitra
  • 17
  • 2
  • 7
  • See [How secure is a client-side javascript encrypter?](http://crypto.stackexchange.com/questions/33830/how-secure-is-a-client-side-javascript-encrypter). – georgeawg Dec 26 '16 at 09:21

2 Answers2

0

For that you need to use angular-crypto.js for more information please refer this github repository...encryption and decryption

Jitendra gupta
  • 98
  • 8
0

Here what we can us

  • You have to modify API so that it will generate pair of keya: public key and private key. This public key will be given to angular code where it will be able to encrypt using this public key. Encrypted data will be send to API where it will use private key to decrypt it. This is the most secure way to do it where it encrypted data will not be able to be decrypted without secret private key.
    There're some more ways to enhance security such as using hash functions and digital signatures
udarabibile
  • 503
  • 1
  • 6
  • 16
  • well can you post some examples of this? – Abhishek Mitra Dec 26 '16 at 09:56
  • Here you can find an example where private and public keys are generated for encrypting and de-crypting purposes. http://stackoverflow.com/questions/8520973/how-to-create-a-pair-private-public-keys-using-node-js-crypto – udarabibile Dec 26 '16 at 11:33
  • In any language create private & public key pair using encrypting library in the server. Then share this public key with angular code for encrypting – udarabibile Dec 26 '16 at 11:34
  • but when public key is visible then it will be easy to decrypt the value – Abhishek Mitra Dec 27 '16 at 06:08
  • However you'll need private key to decrypt messages. It's kept as a secret in the server. So there wouldn't be any use with public key and encrypted message – udarabibile Dec 27 '16 at 06:26
  • then how will i decrypt values comes from the server? – Abhishek Mitra Dec 27 '16 at 06:28
  • Securing data from API can be challenging. A suggestion is that in API you could encrypt using user's password as key. So user have to decrypt using password at front end which is secure – udarabibile Dec 27 '16 at 06:40
  • storing password on frontend is not a good idea and user also can use site as guest, login is must on payment process – Abhishek Mitra Dec 27 '16 at 07:15
  • You don't have to store password. Ask for password when you go to payment page. Decrypt messages using password. And remove password after decrypt function – udarabibile Dec 27 '16 at 07:46