javajavascriptcryptographyencryption-asymmetricjavascript-security

is it possible to encrypt at server side and decrypt it on the client side (using javascript)?


i have a scenario where i have to encrypt on the server side(using java) and decrypt the same data on the client side (using any JavaScript library) using asymmetric key cryptography because we want to send some sensitive information from the server side.so my question here is -

  1. is it really possible? if yes how?
  2. if no ? why?

if it is really possible then please provide any link or any example to start off and please provide alternatives only if it is not possible(i know we have SSL for that but please keep this aside ).

any help is greatly appreciated.


Solution

  • I'm going to go ahead and leave an answer:

    It is impossible to protect from a Man-In-The-Middle attack without SSL. If someone were to launch such an attack, they could simply modify the JavaScript to remove any encryption you are using - or simply use the data after it's been decrypted.

    In short: Yes, it's possible to encrypt and decrypt data in JavaScript, however, it is not truly protected.

    See this answer for additional information: https://stackoverflow.com/a/6121236/2155492