Secure Text Encryption and Decryption with Vanilla JavaScript
Dec 08, 2024 am 03:37 AM
In today’s digital age, securing sensitive information like API keys, passwords, and user data is more critical than ever. A robust encryption and decryption strategy can prevent unauthorized access and ensure data confidentiality. In this blog post, we’ll explore how to encrypt and decrypt text using vanilla JavaScript, leveraging the Web Crypto API for a modern, secure approach.
Why Use Encryption?
Encryption transforms readable data (plaintext) into a scrambled format (ciphertext) that can only be read if decrypted with the correct key. This ensures that even if someone intercepts the encrypted data, it remains meaningless without the key. A solid encryption mechanism protects:
- API keys stored in your frontend code.
- Sensitive user information.
- Any data transferred over insecure channels.
Let’s dive into how you can implement this securely in JavaScript.
Encryption and Decryption Using AES-GCM
We’ll use AES-GCM (Advanced Encryption Standard - Galois/Counter Mode), a modern standard that provides both encryption and integrity verification. The steps involve:
- Password Derivation: Use PBKDF2 (Password-Based Key Derivation Function 2) to derive a secure key from a password.
- Salt and IV: Generate a random salt (to make the password derivation unique) and iv (Initialization Vector) for each encryption.
- Encryption: Encrypt the plaintext using AES-GCM.
- Decryption: Decrypt the ciphertext using the same password and salt/iv.
Code Implementation
Here is the complete JavaScript implementation.
Utilities for Conversion
We’ll convert between ArrayBuffer and hexadecimal for easy data storage and retrieval:
function arrayBufferToHex(buffer) {
return [...new Uint8Array(buffer)]
.map(byte => byte.toString(16).padStart(2, '0'))
.join('');
}
function hexToArrayBuffer(hex) {
const bytes = new Uint8Array(hex.length / 2);
for (let i = 0; i < hex.length; i += 2) {
bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
}
return bytes.buffer;
}
Key Derivation from Password
Use PBKDF2 to derive a strong encryption key:
async function getCryptoKey(password) {
const encoder = new TextEncoder();
const keyMaterial = encoder.encode(password);
return crypto.subtle.importKey(
'raw',
keyMaterial,
{ name: 'PBKDF2' },
false,
['deriveKey']
);
}
async function deriveKey(password, salt) {
const keyMaterial = await getCryptoKey(password);
return crypto.subtle.deriveKey(
{
name: 'PBKDF2',
salt: salt,
iterations: 100000,
hash: 'SHA-256'
},
keyMaterial,
{ name: 'AES-GCM', length: 256 },
false,
['encrypt', 'decrypt']
);
}
Encryption Function
Encrypt text with a password:
async function encryptText(text, password) {
const encoder = new TextEncoder();
const salt = crypto.getRandomValues(new Uint8Array(16));
const iv = crypto.getRandomValues(new Uint8Array(12));
const key = await deriveKey(password, salt);
const encrypted = await crypto.subtle.encrypt(
{ name: 'AES-GCM', iv: iv },
key,
encoder.encode(text)
);
return {
cipherText: arrayBufferToHex(encrypted),
iv: arrayBufferToHex(iv),
salt: arrayBufferToHex(salt)
};
}
Decryption Function
Decrypt text with the same password:
async function decryptText(encryptedData, password) {
const { cipherText, iv, salt } = encryptedData;
const key = await deriveKey(password, hexToArrayBuffer(salt));
const decrypted = await crypto.subtle.decrypt(
{ name: 'AES-GCM', iv: hexToArrayBuffer(iv) },
key,
hexToArrayBuffer(cipherText)
);
const decoder = new TextDecoder();
return decoder.decode(decrypted);
}
Example Usage
Let’s see how to use these functions:
function arrayBufferToHex(buffer) {
return [...new Uint8Array(buffer)]
.map(byte => byte.toString(16).padStart(2, '0'))
.join('');
}
function hexToArrayBuffer(hex) {
const bytes = new Uint8Array(hex.length / 2);
for (let i = 0; i < hex.length; i += 2) {
bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
}
return bytes.buffer;
}
Security Best Practices
- Use a Strong Password: The encryption is only as secure as the password you use.
- Store Salt and IV Safely: Always save the salt and iv alongside your encrypted data.
- Avoid Hardcoding Secrets: Never hardcode sensitive data or passwords in your codebase.
- Use HTTPS: Ensure your application uses HTTPS to protect data in transit.
Encrypting sensitive information like API keys is a fundamental step in securing your applications. I use this for API keys mostly.
The above is the detailed content of Secure Text Encryption and Decryption with Vanilla JavaScript. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Java vs. JavaScript: Clearing Up the Confusion
Jun 20, 2025 am 12:27 AM
Java and JavaScript are different programming languages, each suitable for different application scenarios. Java is used for large enterprise and mobile application development, while JavaScript is mainly used for web page development.
Javascript Comments: short explanation
Jun 19, 2025 am 12:40 AM
JavaScriptcommentsareessentialformaintaining,reading,andguidingcodeexecution.1)Single-linecommentsareusedforquickexplanations.2)Multi-linecommentsexplaincomplexlogicorprovidedetaileddocumentation.3)Inlinecommentsclarifyspecificpartsofcode.Bestpractic
How to work with dates and times in js?
Jul 01, 2025 am 01:27 AM
The following points should be noted when processing dates and time in JavaScript: 1. There are many ways to create Date objects. It is recommended to use ISO format strings to ensure compatibility; 2. Get and set time information can be obtained and set methods, and note that the month starts from 0; 3. Manually formatting dates requires strings, and third-party libraries can also be used; 4. It is recommended to use libraries that support time zones, such as Luxon. Mastering these key points can effectively avoid common mistakes.
JavaScript vs. Java: A Comprehensive Comparison for Developers
Jun 20, 2025 am 12:21 AM
JavaScriptispreferredforwebdevelopment,whileJavaisbetterforlarge-scalebackendsystemsandAndroidapps.1)JavaScriptexcelsincreatinginteractivewebexperienceswithitsdynamicnatureandDOMmanipulation.2)Javaoffersstrongtypingandobject-orientedfeatures,idealfor
Why should you place tags at the bottom of the ?
Jul 02, 2025 am 01:22 AM
PlacingtagsatthebottomofablogpostorwebpageservespracticalpurposesforSEO,userexperience,anddesign.1.IthelpswithSEObyallowingsearchenginestoaccesskeyword-relevanttagswithoutclutteringthemaincontent.2.Itimprovesuserexperiencebykeepingthefocusonthearticl
JavaScript: Exploring Data Types for Efficient Coding
Jun 20, 2025 am 12:46 AM
JavaScripthassevenfundamentaldatatypes:number,string,boolean,undefined,null,object,andsymbol.1)Numbersuseadouble-precisionformat,usefulforwidevaluerangesbutbecautiouswithfloating-pointarithmetic.2)Stringsareimmutable,useefficientconcatenationmethodsf
What is event bubbling and capturing in the DOM?
Jul 02, 2025 am 01:19 AM
Event capture and bubble are two stages of event propagation in DOM. Capture is from the top layer to the target element, and bubble is from the target element to the top layer. 1. Event capture is implemented by setting the useCapture parameter of addEventListener to true; 2. Event bubble is the default behavior, useCapture is set to false or omitted; 3. Event propagation can be used to prevent event propagation; 4. Event bubbling supports event delegation to improve dynamic content processing efficiency; 5. Capture can be used to intercept events in advance, such as logging or error processing. Understanding these two phases helps to accurately control the timing and how JavaScript responds to user operations.
What's the Difference Between Java and JavaScript?
Jun 17, 2025 am 09:17 AM
Java and JavaScript are different programming languages. 1.Java is a statically typed and compiled language, suitable for enterprise applications and large systems. 2. JavaScript is a dynamic type and interpreted language, mainly used for web interaction and front-end development.
