使用RFC 1847加密和签名的MIME消息 [英] Encrypted and signed MIME messages using RFC 1847

问题描述

我需要用于网络传输的客户端-服务器加密解决方案(即，经过签名和加密的客户端，以及经过验证和解密的服务器端).

I need a client-server encryption solution for web transfer, (i.e. signed and encrypted client-side, and verified and decrypted server-side).

我正在使用HTTP，但是由于共享主机限制(我的服务器是共享主机环境)，所以SSL不可用. 在寻找替代解决方案时，我已经决定使用 GnuPG 来选择OpenPGP.原因之一是PHP通过各种PEAR和PECL模块支持它(PHP是我打算用于我的客户端脚本和服务器脚本的语言，尽管Perl也可以作为不得已).

I am using HTTP, but SSL is not available due to shared hosting restrictions (my server is a shared host environment). Looking into alternative solutions, I have decided on OpenPGP using GnuPG. One of the reasons is that it is supported in PHP through various PEAR and PECL modules (PHP is the language I intend to use for both my client script and my server script, though Perl is also available as a last resort).

我现在正在尝试确定传输数据的最佳方法.我遇到过 RFC 1847 ，它定义了加密和签名的多部分MIME消息. RFC 3156 中专门为PGP扩展了此协议. (我认为这些协议与S/MIME加密电子邮件协议有关.)

I am now trying to decide on the best way to transmit the data. I have come across RFC 1847, which defines encrypted and signed multipart MIME messages. This protocol is extended specifically for PGP in RFC 3156. (I think these protocols are related to the S/MIME encrypted email protocol).

我的问题是:是否有任何理由遵循这些标准?就协议而言，它们看起来是明智的解决方案，但是实际上有任何客户端在使用此协议吗?例如，如果我向Apache Web服务器发出了多部分/加密请求，是否有任何简单的方法来检索数据?我使用PHP脚本进行的测试使我认为PHP试图破译这样的请求是没有用的($ _POST数据似乎来自"multipart/form-data" MIME类型数据).

My question is: is there any reason to follow these standards? As far as protocols go, they look like sensible solutions, but are there any clients that actually use this protocol? For example, if I made a multipart/encrypted request to an Apache web server, will there be any easy way to retrieve the data? My tests using a PHP script made me think that PHP would be no use trying to decipher requests like these ($_POST data seems to come from 'multipart/form-data' MIME-type data).

由于我的主机将让我打开套接字，因此我将能够使用PHP的套接字编程API编写一个PHP脚本来充当服务器，接受"multipart/encrypted"和"multipart/signed" HTTP请求，但这似乎有些过分.

As my host will let me open sockets, it would be possible for me to use PHP's socket programming API to write a PHP script to act as a server that will accept 'multipart/encrypted' and 'multipart/signed' HTTP requests, but this seems like overkill.

有什么建议吗?

有关我的问题的更多信息，请参见这个问题.

For more information on my problem, please see this question.

推荐答案

您是对的-这些协议与加密邮件协议有关，在您的情况下使用该协议会有些过头，您必须使用OpenSSL php扩大.使用OpenPGP.

You're right - these protocols are related to enrypted mail protocol, using that in your case is a little bit of overkill and you wolud have to use OpenSSL php extension. Go with OpenPGP.

由于您的客户端将使用PHP编写-请考虑以下情形:

Since your client will be written in PHP - consider following scenarios:

服务器和客户端方法相同:

Server and Client methods would be the same:

• getPublicKey()-返回公钥
• sendMessage(msg)-返回答案

• 客户端-> HTTP GET(向我发送您的 公钥)->服务器
• 客户< ;-(我的 公钥是xxxx)<-服务器
• 客户 用服务器的公共加密消息 密钥客户端将自己的公钥添加到 消息
• 客户端-> HTTP POST(发送 加密的邮件)->服务器
• 服务器 解码消息，并进行编码 回答客户的公钥
• 客户 < ;-(对客户的编码答案)<- 服务器

• Client -> HTTP GET (send me your public key) -> Server
• Client <- (my public key is xxxx) <- Server
• Client encrypts message with server's public key Client adds own public key to the message
• Client -> HTTP POST (sends encrypted message) -> Server
• Server decodes the message, and encodes answer with Clients public key
• Client <- (encoded answer to client) <- Server

这篇关于使用RFC 1847加密和签名的MIME消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！