I need to find out what type of encryption is suitable for me. For my case i usually need to pass informa开发者_C百科tion from my mobile webapp to a .NET webservice via ajax.
To summarize:
(Encrypt using javascript)Mobile ---Encrypted Data--> WebService(decrypt in C#)
Just use SSL - than all your transmission will be secure and the changes in your code will be minimal (just putting https
in front of your urls should be enough).
Using https is not that enough because it uses mostly RSA encryption, which is crackable using prime number generator algorithm.
I suggest to use concatenated encryption process, use openssl RSA 4096 to encrypt aes key and use aes to encrypt your message. Beaware this is crackable also by eavedropping your communication and extracting your aes key.
I would suggest the following: encrypt your aes key with any private algorithm you can write .. then encrypt the output with RSA .. on the receive end, decrypt RSA to get the encrypted aes key, use your algorithm to decrypt it, then use aes key to decrypt the data.
i suggest to keep on changing the aes key based on a some random value ..
精彩评论