如何使用公钥/私钥加密 php 中的数据? [英] How to encrypt data in php using Public/Private keys?

问题描述

我有一小段数据(小于 1kb)，我想让用户代理在从我的站点发送这些数据时将它们传递给其他站点.为了让其他网站验证我是创建字符串的人，我想到了两个选项.

I have a small string of some data (less than 1kb) that I would like to have user agents pass to other sites when they are sent from my site. In order for the other sites to verify that I was the one that created the string I though of two options.

1. 服务器回复我确认(如 paypal、openid 等)
2. 我使用公钥/私钥来证明我发送了消息(如 PGP、DKIM 等)

我不想设置 HMAC，因为这意味着我必须为每个站点使用自定义密钥，这会很痛苦.

I don't want to setup HMAC because that would mean I have to use custom keys for each site which would be a pain.

在这两个选择中，#2 似乎可以节省带宽，这使它看起来是一个更好的选择.

Out of those two choices it seems that #2 would save on bandwidth which makes it seem like a better choice.

那么如何使用 PHP 设置公钥/私钥加密，有什么缺点吗?

推荐答案

我会使用 OpenSSL 创建 S/MIME 公钥/私钥对，然后使用 OpenSSL 命令进行加密 &解密.我相信这比使用 PGP 更好，因为大多数 linux 操作系统都包含 openssl 而 PGP 没有.OpenSSL 也是基于标准的，并且通常更易于使用，一旦您完成了命令.

I would create S/MIME public/private keypairs using OpenSSL and then use the OpenSSL command to do the encryption & decryption. I believe that this is superior to using PGP because openssl is included with most linux operating systems and PGP isn't. OpenSSL is also standards-based and generally easier to work with, once you have the commands down.

我建议不要使用纯 PHP"解决方案(纯 PHP 是指在 PHP 中进行加密，而不是使用 PHP 调用现有库或单独的可执行文件).您不想在 PHP 中进行批量加密.太慢了.并且您想使用 OpenSSL，因为它的高性能和安全性很好理解.

I recommended against a "pure-PHP" solution (by pure-PHP I mean doing the crypto in PHP, rather than using PHP to call an existing library or a separate executable). You don't want to do bulk crypto in PHP. Too slow. And you want to use OpenSSL, because it's high performance and the security is well understood.

这就是魔法.

制作 X.509 密钥:

To make an X.509 key:

$subj="/C=US/ST=California/L=Remote/O=Country Govt./OU=My Dept/CN=Mr. Agent/emailAddress=agent@investiations.com"
openssl req -x509 -newkey rsa:1024 -keyout mycert.key -out mycert.pem -nodes -subj $subj

这会将私钥放在 mycert.key 中，将公钥放在 mycert.pem 中.私钥不受密码保护.

That puts the private key in mycert.key and the public key in mycert.pem. The private key is not password protected.

现在，使用 S/MIME 签署消息:

Now, to sign a message with S/MIME:

openssl smime -sign -signer mycert.pem -inkey mycert.key <input >output

使用 S/MIME 加密邮件:

To encrypt a message with S/MIME:

openssl smime -encrypt -recip yourcert.pem <input >output

使用 S/MIME 解密消息:

To decrypt a message with S/MIME:

openssl smime -decrypt -inkey mycert.key -certfile mycert.pem <input >output

我还有一些关于从 C 语言绑定中使用 OpenSSL 的演示，但不是从 PHP 中使用.

I also have some demos on using OpenSSL from the C language bindings, but not from PHP.

这篇关于如何使用公钥/私钥加密 php 中的数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！