-1

I have a below scenario where I have to encrypt a JSON either as a whole or at least the values in the object before sending it as a response from the API and then I'll have to decrypt the same from the frontend.

Below is my response object

{
 abc_key: 'sdlnf-2343-325sdgdssg',
 cde_key: 'lkgh-3453-dtjdd-32423',
}

Came across a library called bcrypt.js but it seems to be suitable for hashing passwords.

Could anyone help me out with this?

I really appreciate any help you can provide.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
Amaarockz
  • 4,348
  • 2
  • 9
  • 27

1 Answers1

2

Use HTTPS.

Do not roll your own encryption.

Just use HTTPS.

It is the industry standard for encrypting data to secure messages between a client and server.

There are lots of ways to implement HTTPS when the backend server is written using Node.js. One popular and simple way is to implement a reverse proxy from a lightweight HTTP server such as Nginx or LigHTTPD and deal with the HTTPS certificate in the configuration of that proxy.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Iam already using https, but if I check in the network tab, I can still be able to see the preview of the response payload(containing the key-values) which I feel should be encrypted – Amaarockz Oct 30 '22 at 09:40
  • 2
    @Amaarockz — The data will be decrypted by the browser before it puts it in the Network tab. The only person who has access to that is the user of the browser. There is no way to provide data that your JavaScript (running in the user's browser) can access without the user of the browser being able to access it. – Quentin Oct 30 '22 at 09:41
  • Correct...lets say Iam owning the product and I don't want my customer (ie) the user to view these details – Amaarockz Oct 30 '22 at 09:42
  • 2
    Then you can't put the code responsible for processing those details on the client's computer. See my previous comment. – Quentin Oct 30 '22 at 10:00