Sometimes HTTPS is not enough. Specially when we are talking about protecting user data from trojans with access at winsock32 level where they can sniff https in plain text or BHOs objects that already have access to the decrypted posted data in the browser memory.
In this scenario, I have developed a JavaScript -> classic asp client server routine, in which the JavaScript encrypts and send the data received and decrypted by ASP. It works very fine.
This solution was built with xICE encryption which offers a good compatibility between JavaScript and PHP or ASP. But now I’m migrating to ASP.NET or to Java and there’s no port for these environments in XICE.
Any suggestion?
Depending on the JavaScript library, it may be easy enough to port to C#, though you will probably want to run through and refactor it a bit. One of the best ways to learn a language is porting a library to it. Otherwise, there are plenty of implementations in JS for AES, and others. Many of these are optimized for ActionScript and JavaScript (some minor differences from EcmaScript proper).