admin管理员组

文章数量:1315807

I am developing a project using APIs. Now I am trying to encrypt the data so no one can edit it. I thought of using a public key to encrypt data and a private key to encrypt both public key and the (encrypted Data). But I couldn't send this encrypted data using the API uri since it contains '/' character.
What is the best way to to encrypt my JSON data so no one can edit it?
Here is an example of the Json:

{
        "Name": "HP Laptop",
        "Category": "Laptop",
        "Price": 300,
        "Currency": "OMR",
        "details": "core i 5 ",
        "productID": 1,
        "Quantity": 10
    }

I am developing a project using APIs. Now I am trying to encrypt the data so no one can edit it. I thought of using a public key to encrypt data and a private key to encrypt both public key and the (encrypted Data). But I couldn't send this encrypted data using the API uri since it contains '/' character.
What is the best way to to encrypt my JSON data so no one can edit it?
Here is an example of the Json:

{
        "Name": "HP Laptop",
        "Category": "Laptop",
        "Price": 300,
        "Currency": "OMR",
        "details": "core i 5 ",
        "productID": 1,
        "Quantity": 10
    }
  • javascript
  • json
  • api
  • encryption
Share Improve this question edited Jul 31, 2017 at 9:42 Naeem Ul Wahhab 2,4934 gold badges35 silver badges61 bronze badges asked Jul 31, 2017 at 9:22 Mohammed AlAamriMohammed AlAamri 712 gold badges2 silver badges8 bronze badges 12
  • 1 Is it a get method? – Power Star Commented Jul 31, 2017 at 9:24
  • 1 a post method @PowerStar – Mohammed AlAamri Commented Jul 31, 2017 at 9:26
  • 1 Can you please show us post method? If you add your encrypted string request body then, there will not be any url issue.. Okay please show us your method. – Power Star Commented Jul 31, 2017 at 9:28
  • If the issue is just a / in the data then did you encode it using System.Uri.EscapeDataString() ? – jason.kaisersmith Commented Jul 31, 2017 at 9:28
  • 2 @jcubic — That isn't encryption! It's there to transfer binary data over ASCII protocols. It provides zero security. – Quentin Commented Jul 31, 2017 at 9:48
 |  Show 7 more ments

1 Answer 1

Reset to default 6

For any security protocol it's always best to stick to standards. Never try to invent your own protocol.. You may end up doing more harm than good. If this data is over HTTP, then feel free to use SSL (HTTPS) to guard against MiTM attacks, e.g. eavesdropping and tampering. However, I think you are looking for something different.

While SSL should ensure that the data is not tampered with on travel, you may be performing this operation yourself, e.g., someone hands you some data and you are unsure that it has not been tampered with. To do this operation free to leverage a digital signature of that data, where the private key of the digital signature is held by you.

Something like this:

  1. Generate key pair (private, public).
  2. Sign the json with the private key Sign(json, private) -> signedDocument.
  3. Now, later when you want to verify that no one has tampered with it: Verify(public, signedDocument, json) = True if the document has not been tampered with (with extremely high probability) and False if the document has been tampered with (again with probability being extremely high).

Here is great first read on digital signatures for the reasonably technically inclined: https://en.wikipedia/wiki/Digital_signature

I believe this might be a good place to get started for JS: http://www-cs-students.stanford.edu/~tjw/jsbn/ (I expect Stanford to do a decent job at implementing RSA, but feel free to look around for something more standard.. if this was Java, then it might be easier... Maybe write a CryptoWebServer to support this operation?)

For further reference, I believe this library is now maintained here: https://github./kjur/jsrsasign/wiki/Tutorial-for-Signature-class

I've taken an example of signing+verifying directly from the Library's tutorial. Please note this only solves the problem of signing and verifying, you still need to generate public/private key pairs.

Signing message 'aaa' (you would use a .json payload here):

// initialize
var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA"});
// initialize for signature generation
sig.init(rsaPrivateKey);   // rsaPrivateKey of RSAKey object
// update data
sig.updateString('aaa')
// calculate signature
var sigValueHex = sig.sign()

Here is a example for signature validation:

// initialize
var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA"});
// initialize for signature validation
sig.init("-----BEGIN CERTIFICATE-----(snip)"); // signer's certificate
// update data
sig.updateString('aaa')
// verify signature
var isValid = sig.verify(sigValueHex)

本文标签: javascriptHow to encrypt data being sent using APIStack Overflow

版权声明:本文标题:javascript - How to encrypt data being sent using API - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741988828a2408845.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。