Unfortunately these are the only encryption functions available out of the box. The statement about the ability to use it with en-/decryption outside of Marketing Cloud is to some extent also true. This is due to these functions being implemented slightly different to most programming languages and libraries.
However, there is one option that is known to work with certain other programming languages' en-/decryption methods. This is if you use "DES-ECB". Unfortunately the block cipher mode "ECB" can be considered less safe if you have have a lot of sample data or a lot of similar data. This is due to the fact, that there is no diffusion and the same plaintext blocks always result in the same encrypted blocks.
So to summarize, you can use marketing cloud encryption with other systems, but the block cipher mode is less safe than for the others. If you nonetheless decide to use this, the algorithm and mode you need to supply to the EncryptSymmetric and DecryptSymmetric function is "des;mode=ecb;padding=zeros"
.
Example encryption in PHP:
$encrypted_string = openssl_encrypt($string, "DES-ECB", $key, 0);
Example decryption in AMPscript:
SET @result = DecryptSymmetric(@encryptedString, "des;mode=ecb;padding=zeros", @null, @key, @null, @null, @null, @null)
This solution should also be compatible with Commerce Cloud according to the documentation you provided:
This class allows access to encryption services offered through the Java Cryptography Architecture (JCA). At this time the implementation of the encryption/decryption methods is based on the default JCE provider of the JDK. See the Java documentation for a reference guide to the underlying security provider and information about the Secure Sockets Extension.
(Source: Salesforce B2C Commerce - Class Cipher)
I also checked the Oracle documentation, which says that DES is available (Oracle JCE Provider).
Best Answer
I think what you are missing here is that Salesforce Marketing Cloud Server Side JavaScript is not the same as JavaScript that runs on the browser. Adding runat="server" to the script block causes your code to be executed by the SFMC server as Server Side JavaScript, meaning if it includes any of the standard browser JavaScript functions like DOM manipulation, it will not work. In fact, it will not even load on the page and will possibly throw a server error due to the limitations of what SFMC will allow you to run server side.
The Variable.GetValue function is specific to Server Side JavaScript and will not work to pass the value of the variable to browser JavaScript. To do so, the best way I have found is to create a hidden form field or div with the value of the variable like this:
Or this:
You can then retrieve that value in you JavaScript like this: