在JavaScript中加密字符串并使用RSA技术在PHP中解密 [英] Encrypt string in JavaScript and decrypt in PHP with RSA technique

问题描述

我试图在JavaScript中加密一些文本，然后将其发送到PHP（等：使用Ajax）来解密它并保存它（etc：在MySQL中）。

以下是我的代码：

在JavaScript中：我使用这个库进行加密：
http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/

  function ConvertToURL（data）{
 //将数据转换为URL友好形式
 // etc：替换'+' '，'='with'plus'，'slash'，'equal'
}; 
 function AjaxOrder（data）{
 //使用Ajax发送PHP中的数据
} 
 
 var publicKey ='----- BEGIN PUBLIC KEY --- -  
 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN 
 FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr / L5i2osbl8C9 + WJTeucF + S76 
 xFxdU6jE0NQ + Z + zEdhUTooNRaY5nZiu5PgDB0ED / ZKBUSLKL7eibMxZtMlUDHjm4 
 gwQco1KRMDSmXSMkDwIDAQAB 
 ----- END PUBLIC KEY ---- - '; 
 
 var encrypt = new JSEncrypt（）; 
 encrypt.setPublicKey（publicKey）; 
 var encrypted = encrypt.encrypt（'Text to send。'）; 
 
 * //现在我使用一些Ajax函数发送加密文本* 
 
 AjaxOrder（ConvertToURL（encrypted））; 
  

在PHP中：

  $ dataPost = $ _POST（'dt'）; 
 
函数ConvertFromURL（$ data）{
 //将$ data转换为原始格式
 // etc：将'plus'，'slash'，'equal'替换为' '，'/'，'='
} 
函数ReturnData（$ data）{
 //在JavaScript中返回$ data作为Ajax的回答
} 
 
 $ privateKey ='----- BEGIN RSA私钥----- 
 MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ 
 WMNW649887VGJiGr / L5i2osbl8C9 + WJTeucF + S76xFxdU6jE0NQ + Z + zEdhUTooNR 
 aY5nZiu5PgDB0ED / ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB 
 AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc / Z2hfenfYEzu + 57fI4fv 
 XTQ // 5DbzRR / XKb8ulNv6 + CHyPF31xk7YOBfkGI8qjLoq06V + FyBfDSwL8KbLyeH 
 m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN + N9dECQQD0ONYRNZeuM8zd 
 8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu + cdrQeaqEixrCejXdAF 
Z / 7 + BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0 / mPwmP5 
 rN7QwjrMY + 0 + AbXcm8mRQyQ1 + IGEembsdwJBAN6az8Rv7QnD / YBvi52POIlRSSIM 
 V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe 
 aTgjFnqE / lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil 
 psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU / YgDnSpJVm1nASoRUnU8Jfm3Oz 
 uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876 
 ----- END RSA私钥--- - '; 
 
 openssl_private_decrypt（ConvertFromURL（$ dataPost），$ decryptptedWord，$ privateKey）; 
 
 ReturnData（base64_encode（$ decryptptedWord））; 
  

现在，PHP的答案每次都是空的。

解决方案

<

使用HTTPS。

由于您没有任何信任锚，您正在做什么将无法保护您免受主动攻击（MitM）

无论如何，你不能加密超过几百个字节直接与RSA。因此，您必须安全地 生成随机对称密钥（在JavaScript中正确执行此操作并不容易），使用安全对称密码（例如AES）以安全块加密模式，然后用RSA加密对称密钥。学习如何正确会比真正更多地更多的时间来执行它，也就是配置SSL。

I am trying to encrypt some text in JavaScript and then send it to PHP (etc: with Ajax) to decrypt it there and save it (etc: In MySQL).

Here is my code so far:

In JavaScript:

I am using this library for the encryption: http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/

function ConvertToURL(data) {
    // Converts data to URL friendly form
    // etc: Replaces '+', '/', '=' with 'plus', 'slash', 'equal'
};
function AjaxOrder(data) {
    // Sends data in PHP with Ajax
}

var publicKey = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN
FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76
xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4
gwQco1KRMDSmXSMkDwIDAQAB
-----END PUBLIC KEY-----';

var encrypt = new JSEncrypt();
encrypt.setPublicKey(publicKey);
var encrypted = encrypt.encrypt('Text to send.');

*// And now I am sending the encrypted text with some Ajax function*

AjaxOrder(ConvertToURL(encrypted));

In PHP:

$dataPost = $_POST('dt');

function ConvertFromURL($data) {
    // Converts $data to original form
    // etc: Replaces 'plus', 'slash', 'equal' with '+', '/', '='
}
function ReturnData($data) {
    // Sends $data back in JavaScript as an answer to Ajax
}

$privateKey = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
-----END RSA PRIVATE KEY-----';

openssl_private_decrypt(ConvertFromURL($dataPost), $decryptedWord, $privateKey);

ReturnData(base64_encode($decryptedWord));

Now the answer from PHP is empty every time. Any ideas to make this work?

Thank you for your time!

解决方案

Use HTTPS.

What you are doing will never be able to protect you against active attacks (MitM) since you don't have any trust anchors, and it is very likely that you will make some stupid mistake that will make it insecure.

Either way, you cannot encrypt more than a few hundred bytes directly with RSA. Thus, you will have to securely generate a random symmetric key (doing that properly in JavaScript is not easy), encrypt the data with it using a secure symmetric cipher (e.g. AES) in a secure block cipher mode, then encrypt the symmetric key with RSA. Learning how to do it "properly" will take you much more time than really doing it properly, and that is, configuring SSL.

这篇关于在JavaScript中加密字符串并使用RSA技术在PHP中解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！