加密的更安全的方式 [英] The safer way to encrypt

问题描述

相关我最后一个问题我有一个新的。

通过https发送加密数据的更安全的方式是什么。

What is a safer way to send encrypted data via https.

1. 使用 signAndEncrypt 函数与openssl_pkcs7_encrypt并通过表单元素发送返回数组...
   

1. using signAndEncrypt function with openssl_pkcs7_encrypt and send return array via form element...
   

$encryptedData = "-----BEGIN PKCS7-----" . str_replace("\n", "", <br/>   $encryptedDataReturn['encrypted_data']) ."-----END PKCS7-----";

    $encryptedRequest=<<<PPHTML
  <html>
    <header>
    </header>

    <body onload="document.getElementById('paypal_form').submit();">
      <br/><br/><br/><br/>
      <center>
        <h2>Please wait, your order is being processed and you
            will be redirected to the paypal website.
        </h2>
      </center>
      <form id="paypal_form" method="POST" action="{$this->gatewayUrl}">
        <input type="hidden" name="cmd" value="_s-xclick">
        <input type="hidden" name="encrypted" value="$encryptedData">
      </form>
    </body>
  </html>

PPHTML;

或使用curl这样

2。

$curlOptions = array (
            CURLOPT_URL => Config::MERCHANT_SANDBOX_SIGNATURE_ENDPOINT,
            CURLOPT_VERBOSE => 1,
            CURLOPT_SSL_VERIFYPEER => true,
            CURLOPT_SSL_VERIFYHOST => 2,
            CURLOPT_CAINFO => $this->publicCertificate,
            CURLOPT_RETURNTRANSFER => 1,
            CURLOPT_POST => 1,
            CURLOPT_HEADER => true,
            CURLOPT_POSTFIELDS => http_build_query($data)
    );


    $ch = curl_init();
    curl_setopt_array($ch,$curlOptions);

    //Sending our request - $response will hold the API response
    $response = curl_exec($ch);

我试图找到最安全的方式发送数据到paypal api。
首先我混合了这两个函数，并将加密的nvp添加到 CURLOPT_POSTFIELDS 。但是，这给了我一堆错误从paypal。所以我做了双重加密。当我离开邮政地址未加密时，paypal api给我成功。

我的问题：
1。是否足够安全，用公共证书使用 curl ？
2。是否可以使用 pkcs7 加密（或类似加密）与 curl ？

3 3。我是正确的假设它是不可能加密的postfields，之前通过curl / https发送数据到paypal，因为当我这样做，paypal给我失败的答复？

请帮助。
祝贺ninchen

I'am trying to find the safest way to send data to the paypal api. First i mixed both of the functions, and added the encrypted nvp to the CURLOPT_POSTFIELDS. But that gave me a bunch of errors from paypal. So i have done a double encryption. When i leave the postfields unencrypted, the paypal api gives me success.

My Questions:
1. Is it secure enough, to use curl with public certificate ?
2. Is it possible to use the pkcs7 encryption (or similar encryption) with curl?
3. Am I right in assuming that it isnt possible to encrypt the postfields, before send data via curl/https to paypal, because when i do that, paypal give me failure responses?

Please help.
Greetings ninchen

推荐答案

安全，你的第一个答案应该是做什么标准。这是标准的原因，并且可以预期是相当安全的。如果发现漏洞，您需要更新，但是其他人也会如此。尝试一个聪明的技巧是更安全通常意味着你最终得到的东西不那么。

When it comes to crypto & security, your first answer should be to do whatever is standard. It's standard for a reason, and can be expected to be reasonably secure. If vulnerabilities are discovered, you'll need to update, but then again so will everyone else. Trying a clever trick to be "more secure" usually means that you end up with something that is less so.

请参阅此答案进行扩展讨论。

这篇关于加密的更安全的方式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！