Generate encoded docket number from two integers and decode it

Question

I am trying to generate encoded docket number from storeId and transactionId. Encoded docket number has to be unique, length should be <=9 and easy to read/copy for users as well.

The maximum length of storeId is 3 and maximum length of transactionId is 5.

How can I improve my code so that my docket number will be unbreakable?

Here is my code:

let myTransKey = 19651;
let myStoreKey = 186;

function generateShortCode(storeId, transactionId) {
  //reverse the ids and then add the respective key
  var SID = storeId.toString().split("").reverse().join("");
  SID = parseInt(SID) + myStoreKey;
  var TID = transactionId.toString().split("").reverse().join("");
  TID = parseInt(TID) + myTransKey;
  var docketNum = `${SID}-${TID}`;
  return docketNum;
}


function decodeShortCode(shortCode) {
  shortCode = shortCode.split("-");
  var storeID = shortCode[0];
  var transactionID = shortCode[1];

  //subtract the same key and then reverse the ids again
  storeID = parseInt(storeID.toString()) - myStoreKey;
  storeID = storeID.toString().split("").reverse().join("");

  transactionID = parseInt(transactionID.toString()) - myTransKey;
  transactionID = transactionID.toString().split("").reverse().join("");

  return {
    storeId: parseInt(storeID), // store id goes here,
    shopDate: new Date(), // the date the customer shopped,
    transactionId: parseInt(transactionID) // transaction id goes here
  };
}

Is there any better way to do this? I need to encode docket number in a way which will be really hard to decode by any third person.

Answer 1

Every encrypted message can be broken if an attacker tries every possible decryption key (this is called a brute-force attack). With modern computers, this is really easy to do. The way that you are encoding data is very easy to break (within seconds). However, there are encryption methods that take very long to break (like millions of years long).

One of the more popular encryption algorithms is AES. Because it is so popular, there are also many easy-to-use libraries for JavaScript. Here's an example with CryptoJS:

const KEY = "a super secret password";

let myTransKey = 19651;
let myStoreKey = 186;

function generateShortCode(storeId, transactionId) {
  const docketNum = `${storeId}-${transactionId}`;
  return CryptoJS.AES.encrypt(docketNum, KEY).toString().replace("=", "");
}


function decodeShortCode(shortCode) {
  const docketNum = CryptoJS.AES.decrypt(shortCode, KEY).toString(CryptoJS.enc.Utf8);
  const parts = docketNum.split("-");
  return {
    storeId: parseInt(parts[0]), // store id goes here,
    shopDate: new Date(), // the date the customer shopped,
    transactionId: parseInt(parts[1]) // transaction id goes here
  };
}

const s1 = generateShortCode(myStoreKey, myTransKey);
console.log("Short Code: " + s1);
console.log("Decrypted Short Code:", decodeShortCode(s1));

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js" integrity="sha256-/H4YS+7aYb9kJ5OKhFYPUjSJdrtV6AeyJOtTkw6X72o=" crossorigin="anonymous"></script>

This shortcode is longer than 9 characters, but it very secure and nearly unbreakable. This is really just the tradeoff. If you reduce the length of the shortcode, then you won't be able to have a secure shortcode. Users can still easily copy and paste the code though. If you absolutely need a shorter cipher, then try looking at Skip32.

Be sure to change KEY to a secret key that isn't shared with anyone. Also, be sure not to run this code client-side. If the encryption key is sent to the client, then they could look at the JavaScript code and then be able to decrypt any message.

Answer 2

well this work for me with visual compser in Wordpress /[[^[]vc[^]]]/ig