0

I have one login page. when user give user name and password, i want to encrypt the password and send it to the server. I am using angular js application so i want to write that code also in angular. Please

Improve this question
7
  • 2
    Are you looking for https ? Commented Aug 24, 2016 at 12:22
  • @KISHAN PATI I would like to suggest you dont use angular to encrypt your password Use your backend technology java or what ever you are using Commented Aug 24, 2016 at 12:22
  • Don't encrypt it, send it over HTTPS and let backend do its job. Commented Aug 24, 2016 at 12:23
  • 1
    You can use angularjs-crypto to encrypt and decrypt Commented Aug 24, 2016 at 13:25
  • 1
    What would you achieve by encrypting the password before sending it to the server? What scenario are you trying to mitigate or are you doing this simply because it sounds cool? Commented Aug 24, 2016 at 15:01

3 Answers 3

Reset to default
5

Use HTTPS to send it to the server, then encrypt/decrypt it server-side. For security reason, you don't want the frontend to do any encryption, that could led to serious security flaws.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Its better to use https for sending secured data and encrypting on server. If you still want to encrypt in client code, then you can use SHA256 or SHA1 or MD5. Many are available. Angular-crypto provide many JS. Include reference to JS in html page and below line in controller.

 CryptoJS.SHA1($scope.newCustomer.password)

For good security, on server side, SALT your hashed passwords.

Improve this answer

1 Comment

None of "SHA256 or SHA1 or MD5" are encryption, they are one-way cryptographic hash functions. Also: Just adding a salt to a hash function does little to improve the security. Instead iIterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.
-2

Using following ngEncryption factory you can encrypt your data in Controller.js file and pass it to apicontroller. I am using Public-Private key to encrypt data for encryption/decryption.These key can be generated in Session_Start() event in Global.asax.cs file.

app.factory
('ngEncryption', function () {
    return {
        encrypt: function (dataForEncrypt) {
            jsRequest = {};

            var str = dataForEncrypt;
            var xmlParams = $.cookie('ClientPublicKey');
            // Create a new instance of RSACryptoServiceProvider.
            var rsa = new System.Security.Cryptography.RSACryptoServiceProvider();
            var reqArray = [];
            var reqArraySize = 200;
            if (str.length < reqArraySize) {
                var data = System.Text.Encoding.UTF8.GetBytes(str);
                // Import parameters from xml.
                rsa.FromXmlString(xmlParams);
                // Encrypt data (use OAEP padding).          

                var encryptedBytes = rsa.Encrypt(data, true);
                // Convert encrypted data to Base64.
                var encryptedString = System.Convert.ToBase64String(encryptedBytes)
                // Replace plain password with encrypted data.
                reqArray.push(encryptedString);
                //break;
            }
            else {
                var MaxCounterHeader = parseInt(Math.ceil(parseFloat(str.length / 200)));

                for (i = 0; i < MaxCounterHeader; i++) {
                    var newstring = str.substr(0, str.length > 200 ? 200 : str.length);
                    var data = System.Text.Encoding.UTF8.GetBytes(newstring);
                    rsa.FromXmlString(xmlParams);
                    var encryptedBytes = rsa.Encrypt(data, true);
                    // Convert encrypted data to Base64.
                    var encryptedString = System.Convert.ToBase64String(encryptedBytes)
                    reqArray.push(encryptedString);
                    str = str.replace(newstring, '');
                }
            }
            return JSON.stringify(reqArray);
        }
    };
});
Improve this answer

2 Comments

I get "ReferenceError: System is not defined", on line new System.Security.Cryptography.RSACryptoServiceProvider();
You need to add reference of system.dll C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.dll

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.