在Delphi& PHP? [英] Secure keypair encryption solution in Delphi & PHP?
问题描述
我的应用程序通过互联网发送加密文件,我需要能够执行以下操作:
My application sends encrypted files over the internet, I need to be able to do the following:
- (客户端Delphi 2010):使用我的应用程序附带的公钥加密文件将其上传到服务器
- (服务器端PHP):使用存储在服务器上的私钥解密上传的文件
- (在上传的文件上工作...)
- (Client side Delphi 2010): Encrypt files using public key shipped with my application & upload it to server
- (Server side PHP): Decrypt the uploaded file using my private key stored on server
- (Work on the uploaded file...)
听起来很简单,但我找不到任何可靠的代码/组件,我发现这些组件:
Sounds simple but I can't find any reliable code/component, I found these components:
-
DCPcrypt 。这是我现在正在开发中使用的,但似乎不支持基于密钥对的加密(RSA?)
DCPcrypt. This is what I'm using right now in development but doesn't seem to support keypair-based encryption (RSA?)
GnuPgp (GPL),所以我不能在我的商业应用程序上使用它。
GnuPgp (GPL) so I can't use it on my commercial app.
TurboPower LockBox 3 :确实支持密钥对加密,但非常隐秘(无文档AFAIK)和似乎不支持文件加密。
TurboPower LockBox 3: does support keypair encryption but very cryptic (no documentation AFAIK) and doesn't seem to support file encryption.
我的问题是:是否有可靠的加密组件:
- 实现上述内容(即密钥对加密)
- 可以使用PHP解密
- 适用于大文件/流
- (<强>在这里做梦!)有一个简单的delphi / php演示,显示如何做到这一点? :)
- 只有FOSS解决方案,请稍候,我已经超过预算:)
- Achieve what I described above (ie. keypair encryption)
- Can be decrypted using PHP
- Works on large files/streams
- (Dreaming here!) Has a simple delphi/php demo that shows how to do this? :)
- FOSS solutions only please, I'm already wayyy over budget :)
推荐答案
我将与OpenSSL一起使用。
PHP似乎有很多的支持,虽然我没有实际尝试过:
例如< a href =http://php.net/manual/en/book.openssl.php =nofollow>手册和这里的例子。
I would go with OpenSSL.
PHP seems to have plenty of support for it, though I haven't actually tried it:
For example the manual and an example here.
可以制作Delphi使用OpenSSL与一些小小的工作,使用我在这里提到的东西多次: http://www.disi.unige.it/person/FerranteM/delphiopenssl/ 。该页面上的一些很好的例子。看看Indy OpenSSL进口。
Delphi can be made to work well with OpenSSL with a little work, using stuff I've mentioned on here numerous times: http://www.disi.unige.it/person/FerranteM/delphiopenssl/. Some good examples on that page too. And take a look at the Indy OpenSSL imports.
不是特定的组件,但绝对是免费的,灵活的,并且具有完全的可能性,以安全的方式拍摄自己, )
Not specific components but definitely free, flexible and with full possibilities for shooting yourself, security-wise, in the foot :-)
编辑:
对于Delphi,我会考虑使用EVP_Seal *函数,你可以找到我的在此SO答案中剪下libeay32.pas文件。你这样做是因为Indy不表现或实现很多/任何实际的EVP_函数,所以你需要导入函数声明和一些其他例程。
For Delphi I would consider using the EVP_Seal* functions and you can find my version of a cut down libeay32.pas file in this SO answer. You ned this as Indy doesn't surface or implement much/any of the actual EVP_ functions so you need to import the function declarations and a few other routines.
对于PHP 此链接似乎是对的。
For PHP this link seems the right counterpart.
作为一个奖励,这应该让您了解如何使用EVP_Seal *的东西(未测试):
As a bonus, this should give you an idea of how to use the EVP_Seal* stuff (non-tested):
function EVPSeal(ASource: TBytes; const APublicKey: PEVP_PKEY; out Key: TBytes; out IV: TBytes): TBytes;
var
cipher: PEVP_CIPHER;
ctx: EVP_CIPHER_CTX;
buf: TBytes;
block_size, buf_start, out_len, keysize: integer;
ek: array[0..0] of PByte;
ekl: array[0..0] of integer;
pubk: array[0..0] of PEVP_PKEY;
begin
keysize := EVP_PKEY_size(APublicKey);
cipher := EVP_aes_256_cbc;
SetLength(IV, EVP_MAX_IV_LENGTH);
SetLength(Key, keysize);
ek[0] := @Key[0];
pubk[0] := APublicKey;
buf_start := 0;
EVP_CIPHER_CTX_init(@ctx);
try
EVP_SealInit(@ctx, cipher, @ek[0], @ekl, @IV[0], @pubk[0], 1);
block_size := EVP_CIPHER_CTX_block_size(@ctx);
SetLength(buf, Length(ASource) + block_size);
SetLength(Key, ekl[0]);
EVP_SealUpdate(@ctx, @buf[buf_start], out_len, @ASource[0], Length(ASource));
Inc(buf_start, out_len);
EVP_SealFinal(@ctx, @buf[buf_start], out_len);
Inc(buf_start, out_len);
SetLength(buf, buf_start);
result := buf;
finally
EVP_CIPHER_CTX_cleanup(@ctx);
end;
end;
这篇关于在Delphi& PHP?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
