Android和PHP服务器:加密和解密数据 [英] Android and PHP server: encrypt and decrypt data
问题描述
我想使用AES,但我的主要问题是与本地应用程序共享服务器密钥,因为它可能被拦截,然后任何人可以解密我的消息。
我应该使用RSA吗?或者有一种安全的方式共享密钥?
谢谢!
您应该使用RSA和AES加密协议。
- RSA加密/解密短字符串(对CPU很重) li>
- AES加密/解密大字符串(比RSA快)
所以:客户端为每个请求创建一个随机AES密钥(24个字节是正确的);
查看GitHub中的以下开源项目:github.com/rcbarioni/followzup
服务器是用PHP实现的,还有PHP和Java的API。客户端和服务器之间的通信使用AES和RSA。
PHP和Java加密库是完全兼容的。
适用于Android的Java兼容。
I have an Android application that communicates with my own server. Since we don't have https, I want to implement my own data encryption. The server is implemented in PHP.
I wanted to use AES, but my main problem is sharing the server key with the local application, since it could be intercepted and then anyone could decrypt my messages.
Should I use RSA instead? or there is a secure way of sharing the key?
Thanks!
You should use RSA and AES encrypting protocols.
- RSA encrypts/decrypts short strings (it is heavy for CPU).
- AES encrypts/decrypts large strings (it is faster than RSA).
So:
- the client creates a random AES key for each request (24 bytes is fine);
- the client encrypts the string request (any length) with the AES key;
- the client encrypts the AES key using RSA PUBLIC key;
- the client sends both encrypted (AES and string) to the server (POST is nice);
- the server decrypts the AES key with RSA PRIVATE key;
- the server decrypts the string with the AES key;
- the server processes the string request;
- the server encrypts the response string with the same AES key;
- the server response returns to the client;
- the client decrypts the response with the AES key.
Have a look at the following Open Source project at GitHub: github.com/rcbarioni/followzup
The server is implemented with PHP and there are APIs for PHP and Java. The communication between client and server uses AES and RSA.
PHP and Java encryption libraries are full compatible. Java for Android is compatible too.
这篇关于Android和PHP服务器:加密和解密数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!