The Crypto class provides methods for synchronous encryption-- a single key is used to both encrypt and decrypt the secret data. You may either provide your own IV or use a managed IV, which prefixes the encrypted data with the IV. Once encrypted, you can store the data in a field designed for this purpose. It will only be decrypted through the use of Apex Code, such as a Visualforce page's controller or a class.
There are no public keys in AES encryption. You can store the key inside your code or within a custom setting, but you should make sure this key is not generally available to be viewed. In a managed package, your code will be obscured, and the key will be hidden, but if you want to increase security, make it a custom setting and have the key automatically generated upon installation. The custom setting should be set to "protected" so the key will not be exposed to the installed organization.
For additional information, consider reading the article Secure Coding Storing Secrets, available on the DeveloperForce Network. As stated in the comments, you may also choose to use Encrypted Text Fields, which automatically apply a mask of a chosen type and are automatically encrypted and decrypted by the system. Apex Code will always see the decrypted version, so one should take care not to expose the stored secret. Users with the View Encrypted Data permission will be able to see the decrypted values in reports and elsewhere, so Encrypted Text Fields must be properly secured through profile permissions.
All encryption and decryption are handled by the server, so browser support is irrelevant. There are no certificates to deal with, since it is simply a private key. By default, all connections to salesforce.com are TLS secured, preventing casual viewing during transit, and is theoretically safe from "man in the middle" attacks, thanks to the security measures of TLS. No public keys are used while encrypting, storing, or decrypting the data.
In general, the following steps will occur:
A key is generated for the organization, stored in a secure location (protected Custom Settings, or inside a class).
Encryption will occur when a specified event occurs, which is left to the developer. It may be from a Visualforce page or Apex Code trigger, or other sources (such as scheduled classes, etc).
Decryption will occur when a specified event occurs, which is left to the developer. It may be from a Visualforce page or Apex Code trigger, or other sources (such as scheduled classes, etc).
Honestly, encryption within the platform is dead simple, but the trick is to make sure the keys are protected.
The below wiki gives good set of examples for crypto classes
http://wiki.developerforce.com/page/Apex_Crypto_Class
A sample scenario from above article
// Generate an AES key for the purpose of this sample.
// Normally this key should be stored in a protected custom setting
// or an encrypted field on a custom object
Blob cryptoKey = Crypto.generateAesKey(256);
// Generate the data to be encrypted.
Blob data = Blob.valueOf('Test data to encrypted');
// Encrypt the data and have Salesforce.com generate the initialization vector
Blob encryptedData = Crypto.encryptWithManagedIV('AES256', cryptoKey, data);
// Decrypt the data - the first 16 bytes contain the initialization vector
Blob decryptedData = Crypto.decryptWithManagedIV('AES256', cryptoKey, encryptedData);
// Decode the decrypted data for subsequent use
String decryptedDataString = decryptedData.toString();
Here is below blog that points a use case of how to store once we encrypt data in sfdc
http://cloudyworlds.blogspot.in/2014/01/encrypting-xml-response-from-external.html
Basically there are two versions
WithManagedIv()
Here SFDC itself handles vector generation
Encrypt()
Here one needs to include vector also as parameter for encryption.
Best Answer
Use the file 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js' instead of only aes.js file. May be aes.js internally dowloads all dependencies when you are using inside VF Page and that's how it is working inside VF Page.