与后端服务器安全通信 [英] Communicate with backend server securely

问题描述

我的应用程序中有Facebook和Google登录名，我使用后端服务器存储有关用户的数据，例如姓名和状态.

I have Facebook and Google login in my application, I use my backend server to store data about the user, such as name and status.

我正在将令牌与一些信息(例如用户点)一起发送，服务器使用令牌来识别用户并正常工作.

I am sending the token along side with some info like user points, the server uses the token identifies the user and does his work just fine.

在发布该应用之前，我想对所有内容进行加密，我知道我可以使用SSL，但是我的提供商向SSL支持收取了很多钱.

Before publishing the app i want to encrypt everything, I know I can use SSL however my provider charges A LOT of money for SSL support.

我的想法是对RSA密钥对进行加密，将私有文件保存在安全的地方，并在apk中公开文件.

My idea was to genarate a RSA Keypair, save the private on a safe place, and have the public in the apk.

我可以很容易地在应用程序中使用rsa生成加密和解密，但是我不是php方面的专家，我尝试了很多事情来在服务器端解密内容，但是我不知道该怎么做

I can generate encrypt and decrypt using rsa within my app very easily, but I'm not an expert in php i tried a lot of things to decrypt stuff in server side but i can't figure it out how to do it.

我曾经用过一个由Android生成的密钥对，

I have one Keypair generated by android, i used,

getPublic().getEncoded()
getPrivate().getEncoded()

如何使用php中的私钥解密和加密数据?

How can if use the private key in php to decrypt and encrypt data?

我知道这可能不是最好的处理方法，但我认为我不会有问题，目标受众确实与黑客相距遥远.

I know that this may not be the best way to do things but i think i won't have a problem, the target audience is really far from hackers.

推荐答案

因为您添加了标签PHP，所以我假设您正在运行某种类型的rest api，这些api是从android应用程序调用的.现在，您无需使用PHP进行加密和解密.这些由您的Web服务器处理.就ssl而言，请看一下开源的让我们加密.在Web服务器上单独执行ssl是相当不错的安全措施.

Because you added the tag PHP, i am assuming that you have some kind of rest api running that you are calling from your android app. Now you don't need encrypt and decrypt in PHP. Those are handled by your web servers. As far as ssl goes have a look at let's encrypt which is opensource. Enforcing ssl alone on web server is pretty good security measure.

这篇关于与后端服务器安全通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！