如何使用公钥/私钥加密php中的数据? [英] How to encrypt data in php using Public/Private keys?
问题描述
我有一个小字符串的一些数据(小于1kb),我想让用户代理传递到其他网站,当他们从我的网站发送。为了让其他网站验证我是创建字符串我尽管有两个选项。
- 服务器ping我
- 我使用公钥/私钥证明我发送了邮件(例如PGP,DKIM等)
我不想设置HMAC,因为这意味着我必须为每个站点使用自定义键,这将是一个痛苦。
在这两个选项中,似乎#2会节省带宽,这似乎是一个更好的选择。
那么如何使用PHP设置公钥/私钥加密,并且有什么缺点?
我将使用OpenSSL创建S / MIME公共/私有密钥对,然后使用OpenSSL命令进行加密和解密。解密。我相信这是优于使用PGP,因为openssl包括在大多数linux操作系统和PGP不是。
我建议反对一个纯PHP解决方案(纯PHP的解决方案)我的意思是在PHP中做加密,而不是使用PHP调用现有的库或单独的可执行文件)。你不想在PHP中做批量加密。太慢了。你想使用OpenSSL,因为它的高性能和安全性是很好理解。
这是神奇的。
制作X.509键:
$ subj =/ C = US / ST = California / L = / O = Country Govt./OU=My Dept / CN = Mr. Agent/emailAddress=agent@investiations.com
openssl req -x509 -newkey rsa:1024 -keyout mycert.key -out mycert.pem - 节点-subj $ subj
将私钥放在mycert.key中,公钥放在mycert中。 pem。私钥不受密码保护。
现在,使用S / MIME签名邮件:
openssl smime -sign -signer mycert.pem -inkey mycert.key< input> output
使用S / MIME加密邮件:
openssl smime -encrypt -recip yourcert.pem ; input> output
使用S / MIME解密邮件:
openssl smime -decrypt -inkey mycert.key -certfile mycert.pem< input> outputpre>
我也有一些演示从使用OpenSSL从C语言绑定,但不是从PHP。
I have a small string of some data (less than 1kb) that I would like to have user agents pass to other sites when they are sent from my site. In order for the other sites to verify that I was the one that created the string I though of two options.
- The server pings me back to confirm (like paypal, openid, etc..)
- I use public/private keys to prove I sent the message (like PGP, DKIM, etc..)
I don't want to setup HMAC because that would mean I have to use custom keys for each site which would be a pain.
Out of those two choices it seems that #2 would save on bandwidth which makes it seem like a better choice.
So how can you setup public/private key cryptography using PHP and are there any downsides?
解决方案I would create S/MIME public/private keypairs using OpenSSL and then use the OpenSSL command to do the encryption & decryption. I believe that this is superior to using PGP because openssl is included with most linux operating systems and PGP isn't. OpenSSL is also standards-based and generally easier to work with, once you have the commands down.
I recommended against a "pure-PHP" solution (by pure-PHP I mean doing the crypto in PHP, rather than using PHP to call an existing library or a separate executable). You don't want to do bulk crypto in PHP. Too slow. And you want to use OpenSSL, because it's high performance and the security is well understood.
Here's the magic.
To make an X.509 key:
$subj="/C=US/ST=California/L=Remote/O=Country Govt./OU=My Dept/CN=Mr. Agent/emailAddress=agent@investiations.com" openssl req -x509 -newkey rsa:1024 -keyout mycert.key -out mycert.pem -nodes -subj $subjThat puts the private key in mycert.key and the public key in mycert.pem. The private key is not password protected.
Now, to sign a message with S/MIME:
openssl smime -sign -signer mycert.pem -inkey mycert.key <input >outputTo encrypt a message with S/MIME:
openssl smime -encrypt -recip yourcert.pem <input >outputTo decrypt a message with S/MIME:
openssl smime -decrypt -inkey mycert.key -certfile mycert.pem <input >outputI also have some demos on using OpenSSL from the C language bindings, but not from PHP.
这篇关于如何使用公钥/私钥加密php中的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
