KryptoPlus™ is raising the bar for white box cryptography. It uses innovative encoding and blinding techniques to secure the sensitive keys and state information during cryptographic operations. Rolling-Blinds™ (patent pending) is a process of splitting information throughout the code execution path in such a way that upon completion of the path output data is completed and delivered in normal encoding format.

KryptoPlus white box crypto is not relying on obfuscation. We are making it avilable for environments that never existed before. In this demo, AES encryption algorithm is implemented in JavaScript and runs in your browser while its decryption routine is provided in Python and runs on the server.

In this demonstration we are using DemoKey_encrypt for both encryption of the commands as well as decryption of the responses while DemoKey_decrypt in the server side is used for both decryption of commands and encryption of the responses. Whith this sort of designs, we are using symmetric keys in asymmetric fashion.

You are invited to have a look at the code and evaluate it for yourself. Can you break it?.

For more info contact:

Browser Server
Encrypt command using DemoKey_encrypt.js
1. The message you enter here will be encrypted in the browser using KryptoPlus White box JavaScript library DemoKey_encrypt.js. The encypted message will appear in the "Encrypted Command" field in hex.
2. Click the "Submit" button to send the "Encrypted Command" to the server, where it will be decrypted using the KryptoPlus White box Python library
Decrypt command using
response = UpperCase( input )
Encrypt response using
Decrypt response using DemoKey_encrypt.js
Client command is decrypted using and then processed. Generated response (upper-case) will be encrypted using and then sent to the browser, where it is decrypted using DemoKey_encrypt.js and displayed as hex and text.
  • Your secret key is not exposed here.
  • Secure messaging without exposing the key.
  • Can validate server authenticity.
  • Safeguard against insider threats.
  • Only server can decrypt commands.
  • Only server can generate encrypted responses.