Getting started

Getting started with NoSSL

You can download NoSSL here.

For private use, you can use NoSSL under the GPL V3.0. For commercial use, please inquire!

This is how it works: Put the nossl folder into your repository. Start “example.php” to see some functionalities.

If you want to change the server key, just go to “/nossl/generate-new-keypair.php” and run it (Usually, you do not need to do that, it will change automatically every 24 hours).

If you want to change settings, you can do so in the config.php (under /nossl_config). Usually, there is no need for changes.

To implement NoSSL in your website, it is really easy:

Standard setup (automatic encryption of forms and AJAX)

The standard setup for NoSSL should be used, if you do not want to care about which of the forms have to be encrypted. In the standard setup, a) all the forms will be encrypted automatically before sending to the server and b) all AJAX-communication from client to server will be encrypted.

You can exclude some of the forms of encryption (and also AJAX-calls), which will be explained below.

To implement NoSSL into your website, please follow these simple steps:

1. Download NoSSL. Copy the nossl directory into your public HTML folder (document root).
2. Include the PHP library of NoSSL by including nossl_start.php into your PHP script. Including (or better: “require_once”) has to be the first command in your PHP scripts!

3. Include the NoSSL JavaScript library by first loading jquery.js (MINIMUM VERSION 1.8!), then nossl_start.min.js in your HTML code. Also, include the important CSS of NoSSL as it hides submit-buttons as long as JavaScript is not executed to prevent users from sending unencrypted data.


Now, all your forms and all AJAX-data should be encrypted. However, due to limitations of HTML, NoSSL cannot encrypt file-uploads!

a) If you want to exclude forms from being automatically encrypted, add the CSS class “nossl_disable_protection” like this:

b) If you want to prevent your AJAX-data from being encrypted, just add an empty “beforeSend” to your AJAX-call:

c) (PLEASE NOTE: server to client encryption is not implemented in Release 1.1)!! If you want to use PHP to echo an encrypted string, just use

Advanced setup (manual encryption)

The advanced setup is used to control the encryption of data from browser to server yourself. It is pretty simple.

Do the same as above. Edit the “config.php” and set “auto_encryption” to 0 (the number zero) instead of 1.

JavaScript API:

PHP API (not supported in Release 1.1):

That’s it.