AES Encryption

I am developing a mobile application and have a requirement to encrypt the input parameters of server action at client side and need to decrypt it in server action server side. This server action resides in a service module.

I used CryptoAPI initially to implement this. But it uses server actions to encrypt to which we need to pass the text that needs encryption. An attacker can intercept the communication using tools like BurpSuite and manipulate that text. 

Is there any way I can encrypt the text at client side itself and then pass it to the server action and decrypt it inside server action in service module?

Hi. Subtle Crypto Lib - Overview | OutSystems  is an implementation of the browsers Crypto API. I dont know if it working properly in mobile applications.

Iam really interested to know why there is a need to encrypt data on client side before sending it to the server ? I mean, you already get the transport level security via https ? Besides that in a client / server situation in my opinion an asymmetric approach would be more suitable. Especially when you have to rotate keys over time.

Best

Stefan

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.