With our simple drop-in API you can easily read and write cookies that are secured with 256-bit AES encryption. Encryption happens client-side using a client secret such as a password, supplemental passphrase, or application generated value. This gives the user truly private data in any application you build.
To begin reading and writing encrypted cookies, you need to
sign-up for a developer account and receive your
sub-token. This provides your applications with a
seed key which is used to derive a
strong key from a weak secret.
encrypt.js in your page. This gives you access
to the cookie encryption and decryption functions.
Obtain the seed key via cross-domain REST call
to the API. Simply paste the following code into your HTML, providing your
sub-token in the call to
3. Now, you're ready to read and write encrypted cookies. To save encrypted cookies make the following function call.
setSecureCookie(secret, cookieName, cookieVal);
secret in the above call is any client-side secret. It
may be the user's password, an additional passphrase (preferred), or
an application generated value.
Note Using a client-known passphrase ensures that only your user has access to the data stored in the cookie. This can provide an additional layer of privacy for users of your application by storing certain data only client-side.
To decrypt and read the cookie with
cookieName, make the
secret is the same client-known value that
was used in the call to
var cookieVal = getSecureCookie(secret, cookieName);
The above call sets
cookieVal to the clear, i.e.
decrypted, value of the cookie.
Data is encrypted with 256-bit AES encryption using CBC mode. This means that even if your cookie data is redundant or guessable, it can't be guessed from the encrypted output. AES stands for the Advanced Encryption Standard and is adopted by the U.S. Government as a secure encryption technology.
Keys are derived from a strong, random 256-bit salt value (the 'seed key') and combined with a weaker, easier to remember user secret. The result is hashed 1,000 times resulting in a computationally difficult key that encrypts the user data.
Cookies are stored on user machines in a strong encrypted format. Since the data is encrypted with a user secret and stored locally, this data is truly user-private. It can be used to strengthen security against MITM attacks, or even as a way to provide another layer of privacy for users of your applications.