欢迎来到爱学习爱分享,在这里,你会找到许多有趣的技术 : )

JS与PHP使用RSA算法进行加密通讯[转]

PHP编程 lbbniu 2126℃

我们平时做用户登录表单提交,用户名密码都是明文直接POST到后端,这样很容易被别人从监听到。 注:包括使用MD5等哈希函数处理后的数据,这里也算做明文(现在MD5爆破网站已经很多了~)。 对安全性要求较高的网站,比如银行和大型企业等都会使用HTTPS对其进行加密通讯。 但是由于效率原因,使用HTTPS的代价是及其昂贵的,对于访问量稍大的网站就会造成严重的性能瓶颈。解决方法一般只能采用专门的SSL硬件加速设备如F5的BIGIP等。 所以很多网站选择了模拟SSL的做法,使用RSA来对密码等安全信息进行公钥加密,服务端用私钥解密。 通常是对密码进行加密,本文也拿密码加密为例。 第一步:生成RSA公匙密匙 本文使用的1024位密钥。

[root@localhost /]# ls
bin boot dev etc home lib lost+found media mnt opt proc root sbin selinux srv sys tmp usr var
[root@localhost /]# openssl genrsa -des3 -out prikey.pem 1024 #生成rsa密钥
Generating RSA private key, 1024 bit long modulus
..........++++++
.........................++++++
e is 65537 (0x10001)
Enter pass phrase for prikey.pem:
Verifying - Enter pass phrase for prikey.pem:
[root@localhost /]# openssl rsa -in prikey.pem -out prikey.pem #去除掉密钥文件保护密码
Enter pass phrase for prikey.pem:
writing RSA key
[root@localhost /]# ls
bin boot dev etc home lib lost+found media mnt opt prikey.pem proc root sbin selinux srv sys tmp usr var
[root@localhost /]# openssl rsa -in prikey.pem -pubout -out pubkey.pem #分离出公钥
writing RSA key
[root@localhost /]# ls
bin boot dev etc home lib lost+found media mnt opt prikey.pem proc pubkey.pem root sbin selinux srv sys tmp usr var
[root@localhost /]# openssl asn1parse -out temp.ans -i -inform PEM < prikey.pem #提取十六进制密钥
 0:d=0 hl=4 l= 607 cons: SEQUENCE
 4:d=1 hl=2 l= 1 prim: INTEGER :00
 7:d=1 hl=3 l= 129 prim: INTEGER : D42E861C04CFB9EBB1368A682EC22BDCA364A35E1C5DF1D43FC4F24197D4B798BCB7FD0192774749C4DED8B659002B4ABEA2F11F7896BCEE5CD615D31EF8936823ED6760CA01D91F677F1459019383679D78BE72FE67E7C1C3FDA1A514B5FE35879A9A9DC90EAE059948CD222F4C69F37F23F0864112CD4A8AE2B4FD9EC36297 #公匙
 139:d=1 hl=2 l= 3 prim: INTEGER :010001 #十六进制e值
 144:d=1 hl=3 l= 129 prim: INTEGER : 85035557233D059457579594921B6F5BB5A255379E18D68CF41D06B14FF92DCF361F3120572D27277B9F27C3C82F6EF44065ED3A896215B667C45D92280C347B235AB10164B15A3799D5CFFE7B4FDA5A823116F4DA48A08E6CFED11F274BEE1CE74AD161045992EEDE859A8B048CA9FECE7DFD5E1DA25E71FD2624380FBB8DA1 #密匙
 276:d=1 hl=2 l= 65 prim: INTEGER :FB8B45FBD58D9FAFD41EDAD77BF57D4E413AD4513BC9EF384DA8E6049D945668967E40400FBE536CDD4B363E990EE273B6D7BDBAC620FA27BB8ACC2B46F70393
 343:d=1 hl=2 l= 65 prim: INTEGER : D7F0BF176770516845C0858C849B12858DEB41F430BFD9BC72BBEEA8F646FBD0E565E04FC7C1046E012D9CC46FD567532A18BAE83976FF003DFB8E350B61CF6D
 410:d=1 hl=2 l= 65 prim: INTEGER :EEE1BEDE8059F4D2A8217D36B2B3DA021D145F599DEC11D0688003A1527CF2EA7431059750DC30A1EC2E671F5F7FB132AEEB8774FE7F86D180DB3935C839011D
 477:d=1 hl=2 l= 65 prim: INTEGER :A4886421A207FB8F36AE855356EA8D4743A6405F9E116006ED68F264BD19C2DF1D1AEDB9FC1ABE944EC381524F5FCBD59B1AB2B724A9DD8C42ADFC61C0656B55
 544:d=1 hl=2 l= 65 prim: INTEGER :CA796B199B066C2B3513D20E4207F5D85AB6347C4A3FBCE152DBD0A535060D413BAEB88D603A4673C946C4B9501DD98B772557B7119F841CAD86DE2D013C997C
[root@localhost /]#

第二步:JS加密传输实现 使用RSA加密通讯方式,需要先加载三个RSA的js库文件,可以到这里下载: http://www.ohdave.com/rsa/ HTML部分:

 JS->PHP RSA加解密实现

用户名:
密码:

JS调用RSA加密部分: 第三步:PHP解密JS传输的数据

class Rsa
{
private static $PRIVATE_KEY = '-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDULoYcBM+567E2imguwivco2SjXhxd8dQ/xPJBl9S3mLy3/QGS
d0dJxN7YtlkAK0q+ovEfeJa87lzWFdMe+JNoI+1nYMoB2R9nfxRZAZODZ514vnL+
Z+fBw/2hpRS1/jWHmpqdyQ6uBZlIzSIvTGnzfyPwhkESzUqK4rT9nsNilwIDAQAB
AoGBAIUDVVcjPQWUV1eVlJIbb1u1olU3nhjWjPQdBrFP+S3PNh8xIFctJyd7nyfD
yC9u9EBl7TqJYhW2Z8RdkigMNHsjWrEBZLFaN5nVz/57T9pagjEW9NpIoI5s/tEf
J0vuHOdK0WEEWZLu3oWaiwSMqf7Off1eHaJecf0mJDgPu42hAkEA+4tF+9WNn6/U
HtrXe/V9TkE61FE7ye84TajmBJ2UVmiWfkBAD75TbN1LNj6ZDuJztte9usYg+ie7
iswrRvcDkwJBANfwvxdncFFoRcCFjISbEoWN60H0ML/ZvHK77qj2RvvQ5WXgT8fB
BG4BLZzEb9VnUyoYuug5dv8APfuONQthz20CQQDu4b7egFn00qghfTays9oCHRRf
WZ3sEdBogAOhUnzy6nQxBZdQ3DCh7C5nH19/sTKu64d0/n+G0YDbOTXIOQEdAkEA
pIhkIaIH+482roVTVuqNR0OmQF+eEWAG7WjyZL0Zwt8dGu25/Bq+lE7DgVJPX8vV
mxqytySp3YxCrfxhwGVrVQJBAMp5axmbBmwrNRPSDkIH9dhatjR8Sj+84VLb0KU1
Bg1BO664jWA6RnPJRsS5UB3Zi3clV7cRn4QcrYbeLQE8mXw=
-----END RSA PRIVATE KEY-----';
private static $PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDULoYcBM+567E2imguwivco2Sj
Xhxd8dQ/xPJBl9S3mLy3/QGSd0dJxN7YtlkAK0q+ovEfeJa87lzWFdMe+JNoI+1n
YMoB2R9nfxRZAZODZ514vnL+Z+fBw/2hpRS1/jWHmpqdyQ6uBZlIzSIvTGnzfyPw
hkESzUqK4rT9nsNilwIDAQAB
-----END PUBLIC KEY-----';
/**
 * 16进制
 * 公匙: D42E861C04CFB9EBB1368A682EC22BDCA364A35E1C5DF1D43FC4F24197D4B798BCB7FD0192774749C4DED8B659002B4ABEA2F11F7896BCEE5CD615D31EF8936823ED6760CA01D91F677F1459019383679D78BE72FE67E7C1C3FDA1A514B5FE35879A9A9DC90EAE059948CD222F4C69F37F23F0864112CD4A8AE2B4FD9EC36297
 * 密匙: 85035557233D059457579594921B6F5BB5A255379E18D68CF41D06B14FF92DCF361F3120572D27277B9F27C3C82F6EF44065ED3A896215B667C45D92280C347B235AB10164B15A3799D5CFFE7B4FDA5A823116F4DA48A08E6CFED11F274BEE1CE74AD161045992EEDE859A8B048CA9FECE7DFD5E1DA25E71FD2624380FBB8DA1
 */
 /**
 *返回对应的私钥
 */
 private static function getPrivateKey(){

 $privKey = self::$PRIVATE_KEY;

 return openssl_pkey_get_private($privKey);
 }
 /**
 *返回对应的公钥
 */
 private static function getPublicKey(){

 $pubkey = self::$PUBLIC_KEY;

 return openssl_pkey_get_public($pubkey);
 }
 /**
 * 私钥加密
 * @param [type] $data [description]
 * @return [type] [description]
 */
 public static function privEncrypt($data)
 {
 if(!is_string($data)){
 return null;
 }
 return openssl_private_encrypt($data,$encrypted,self::getPrivateKey())? base64_encode($encrypted) : null;
 }

 /**
 * 私钥解密
 * @param [type] $encrypted 密文(二进制格式且base64编码)
 * @param boolean $fromjs 密文是否来源于JS的RSA加密
 * @return [type] [description]
 */
 public static function privDecrypt($encrypted, $fromjs = FALSE)
 {
 if(!is_string($encrypted)){
 return null;
 }
 $padding = $fromjs ? OPENSSL_NO_PADDING : OPENSSL_PKCS1_PADDING;
 if (openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey(), $padding))
 {
 return $fromjs ? trim(strrev($decrypted)) :$decrypted;
 }
 return null;
 }
 /**
 * 私匙加密
 * @param [type] $data [description]
 * @return [type] [description]
 */
 public static function encrypt($data) {
 if (openssl_public_encrypt($data, $encrypted, self::getPublicKey()))
 $data = base64_encode($encrypted);
 else
 throw new Exception('Unable to encrypt data. Perhaps it is bigger than the key size?'); 

 return $data;
 }
}

//JS->PHP传输RSA加密解密测试
$password = $_POST['password'];
$key = base64_encode(pack("H*", $password));
echo Rsa::privDecrypt($key,true);

echo '';
//PHP->PHP RSA加密解密测试
$key = Rsa::encrypt('测试中文rsa加密');

echo Rsa::privDecrypt($key);

转载请注明:爱学习爱分享 » JS与PHP使用RSA算法进行加密通讯[转]

喜欢 (0)or分享 (0)