all my searches keep matching free Javascript tutorial sites. but what i am looking for is sites offering free Javascript code. anyone know how to get search engines show the free code sites?

i am looking for Javascript code that can take text entered on a form and encrypt it with a given key or passphrase before sending it to the server. also code to decrypt what comes from the server before it gets displayed or saved.

or maybe i do need to learn Javascript (i hope it can invoke SSL).

You shouldn't be searching for "code sites" that provide untested buggy snippets, instead search for tested and standardized libraries for the relevant piece of functionality.

As for that example, you don't need any JavaScript - the functionality is already included in every browser/client and every server - all you need to do is add a single letter 's' in the URLs, after the word http and before the colon, and your requests and responses are automatically encrypted and decrypted at the appropriate points.

2 members found this post helpful.

You don’t do that in JavaScript. You use HTTPS and you SSL-encrypt the entire connection.

that's good advice i should be attentive to.

what i am trying to achieve is end-to-end security with encryption the server cannot decrypt. the server is just like a file server with some added automation to queue and find messages as well as store them and fetch them. so HTTPS cannot do this since it decrypts at the server. however, all this would be done in the secure transport HTTPS provides. the idea is that i can store a message and another person with the right key can fetch it, decrypt it, and read it.

see post #4.

I’d do that by saving the message at a location requiring login to access…encryption of the content is not necessary if only “person with the right key can fetch it”. Use the web server auth functionality.

I just want to be clear on what you’re actually trying to solve. Are we talking about a site that users log into? Does it currently have user accounts, any kind of authentication, and/or a registration system?

The reason I’m asking is because I think the answer is no, and you’re trying to add a layer of security without having to change it to yes. Your incredibly strange problem statement makes a lot more sense that way.

I’ll make a leap here. I know the answer is no, and you just want to have freeform “key” fields in the forms to submit and retrieve messages. In that case, I’d just implement a Caesar cipher. You can do that without looking at an example, can’t you?

And no, you can’t use SSL for that. If only because you’re talking about a symmetric encryption scheme and SSL is an asymmetric encryption scheme.

Then HTTP / HTTPS is the wrong approach. You'll need a stand-alone client of some kind regardless of protocol.

What we now have here is a classic "XY Problem." What you are really asking for is not what you initially asked for.

And, happily for you, what you are asking for is a problem that has already been thoroughly and completely solved – several times, in fact.

Now, as to your original question: two essential sites are GitHub and SourceForge. Both of these are "code repository sites" which use the git version-control system but which also allow files and entire projects to be downloaded directly. You need to keep both of these sites in your online Rolodex, because they can save you a lot of time.

Basically – today, no matter what it is that you are setting out to do, you should assume that "somebody else has already done it, much better than I could, and then shared it with the world." You stand on the shoulders of incredibly-generous giants.

(Although, as a Linux user, I guess you knew that already?)

For example, I recently had a client who planned to build a "ticket system" in PHP. They expected to take about a year to do it ... until I was able to point out that such a system already existed, which had taken the contributor(!) longer than this to develop. Therefore, it took just a month or so of "kit-bashing" to get them extremely close to their business goal. This sort of thing happens all the time now. One can only speculate how much salary-expense this company had spent on initially doing this ... yet they gave it away.

1 members found this post helpful.

He asked for free code sites; you gave him free code sites. Sounds like you gave him what he asked for.

i want to create a server where it can be shown (by looking at the client side code) that even the server (operators, admins) cannot access the message at any time. unless it is encrypted, anyone with physical (including court ordered) access to the server can read any message. anyone can promise not to read any message, but failure to comply with a court order can result in a raid by a law enforcement agency. so a promise is not good enough.

i would also require login access (in HTTPS) to the server to store or fetch or even produce a list. even logged in users would not be able to discover names of other users.

LOL. Someone here wants to be the next Julian Assange. And he starts by asking for "free code sites".

Anyway, there's a prefab solution for this. You just replace the "messages" with GnuPG-encrypted email.

1 members found this post helpful.

either symmetric or asymmetric would work. users could substitute any encryption they want to use. asymmetric would have some potential benefits for the users.

HTTPS would be used to protect the login and completion of the session.

login would be used to control service access so that this resource can be limited and users can limit who gets to know of or confirm their activity.

client encryption would ensure the server and its operator(s) cannot read any clear message. savvy users could add another layer of encryption.

issues i still need to work out include the server logging relationship between IP addresses of user pairs that store and fetch a message (8.8.8.8 stores a message that 1.1.1.1 fetches both the day before a big event).

Julian Assange never made it so he could not know about the content he handled.

if GnuPG were in JavaScript, lots of useful code could be found there. i don't want this design to require users to copy and paste content between applications.

if i do this as a distinct client in python maybe i can find what i need. python seems to be fairly portable and there is a lot of free code including strong encryption.

indeed.

but this thread has been seasoned with spicy topics.