Web Cipher is a client-side, cryptographically secure document encryption
technology. It allows even an inexperienced web author to establish virtually
uncrackable safety measures on confidential data. Web Cipher is also fast,
substantially overcoming the problem of speed in browser-based cryptology. It
averages almost 15K per second in real-world tests on an iMac 333 MHz computer,
much faster than similar utilities.
- Before you use
- Choosing a good key
- How it works
- Test page (the key is cipher123)
What the controls mean
- Script source
- The default value of the script source is 'cipher.js'. For a Web Cipher document
to work, you'll need the cipher.js file in the location
specified in this box. What this usually means is that you'll put it in the same
directory/folder as your Web Cipher protected document. Advanced users may wish
to change this, however. See Before you use.
- This control is at the heart of the encryption process. Your key functions as
a password to your data, blocking unauthorized access. Read Choosing a good key.
- Open in new window
- When you click View/Extract Document, the original source is shown in your
browser. This option is used to control whether it displays in the original
browser window or a popup.
What the buttons do
Each of the buttons performs a specific function. When the action is
complete the text in the Content box changes. Progress is shown in the status
- This performs the encryption process on your data. By using this function
alone you can use the security of Web Cipher for other purposes.
- This is the reverse of Encipher. Enter the key, then click Decipher to
decrypt an encrypted Web Cipher message.
- Protect Document
- Clicking this will encrypt your data and wrap it inside of a stand-alone
HTML document ready to be uploaded to the Web. Read the instructions for more information.
- Clicking this will remove the HTML wrapper from a Web Cipher document,
and attempt to decrypt it. If successful it will show the original source
in the Content box as well as in your browser window. It acts as a sort of
decoder and/or preview.
Before you use
You will need the script file cipher.js
in order to use Web Cipher. The generated HTML page will reference this file
according to the entry in the "Script source" box. If you are going to be
using Web Cipher on numerous documents, it would be smart to store the script
file in one place (e.g. /cipher.js), and change the "Script source" to reflect
- Avoid unnecessary encryption! Encryption is a drastic and
very unfriendly thing to do. Please think carefully before you use it.
- Test your pages. Some browsers don't support the scripts
necessary for Web Cipher. Others have *bugs* that interfere with the encryption
of certain characters. In order for Web Cipher to work, you must use a browser
that doesn't have this problem, or use entity references for those characters.
Choosing a good key
A key is the lock on your data. The security of the lock is based ultimately
on your choice of key. Using a repetitive key (like '----') or an easily
guessed one (like your mother's maiden name) can defeat even the best encryption
- The longer the better. (At least if you remember it!)
- Be unusual. Don't use common words or typical things
(like your pet's name) for the key.
- Arbitrary is good. The best keys are based on essentially
random data. If possible, use a something totally irrelevant for the key, or
better yet, think of about 10-15 random letters/numbers/symbols for each key.
- Don't use the same key all the time! If you do, it'll take
just one break to break everything. Change keys as often as possible.
How it works
The document is broken into 64-byte segments. Each segment is enciphered
using a 1-byte random salt combined with your key. Additionally, each byte is
converted to base-16 to ensure the returning of transfer-safe values. An eight-bit
checksum of the password is stored to reduce the hassle of entering the wrong key.
o = output string
c = input string
k = key string
l = length of string
n = character number
r = salt
o[0..l-1] = c[0..l-1] ^ r ^ k[n % l]
Web Cipher is offered as is, without warranty. Use at your own risk.