如何在客户端解密来自API的数据 [英] How do I decrypt data from API in client side

问题描述

我有一个以加密方式返回数据的API。所以我使用ajax调用来使用.js文件中的API。那么如何解密API返回的数据。

例如：

{

SNo：＃cscs3838383 - 加密数据

}



如何在客户端解密SNo，即在js文件中



我尝试过：



尝试使用AES算法解密客户端

I have an API which will return data in encrypted manner. so I am using ajax call to consume API in .js file. so how do I decrypt the data returned by the API.
example:
{
"SNo":"#cscs3838383" -- encrypted data
}

How do I decrypt SNo in client side i.e in js file

What I have tried:

tried with AES Algorithm decrypt client side

推荐答案

为了解密某些东西，你必须知道它是如何加密的以及使用了哪个密钥。



加密原则：

一个组共享一个秘密（加密方法和密钥），他们使用它来安全地进行通信。根据设计，如果您不知道秘密，加密数据就无法解密。

另一方面，您必须猜测使用哪种加密方法猜测密钥，我是否必须说这是一项艰巨的任务。

In order to decrypt something, you must know how it was encrypted and which key was used.

Encryption principle:
A group share a secret (encryption method and a key), they use it to communicate safely. By design, encrypted data can't be decrypted if you don't know the secret.
The other way, you have to guess which encryption method is used guess the key too, do I have to say that it is a difficult task.

只是为了补充@ppolymorphe说的话：不管怎么说。

为什么不呢？因为这意味着客户端代码需要有一个发送给它的解密密钥的副本 - 以及PAI输出数据 - 这首先完全否定了加密的目的，因为整个页面被转移到客户端作为人类可读的源代码...



基本上，如果你必须使用加密，请将其保留在服务器内并使用 SHTML HTTPS 将未加密的数据传输到客户端。

Just to add to what @ppolymorphe said: don't do it anyway.
Why not? Because it means that the client side code needs to have a copy of the decryption key sent to it - along with the PAI output data - which completely negates the purpose of the encryption in the first place, given that the whole page is transferred to the client as human readable source code...

Basically, if you must use encryption keep it inside the server and use SHTML HTTPS to transfer the unencrypted data to the client.

这篇关于如何在客户端解密来自API的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！