PHP和Java之间的加密和解密 [英] Encryption and decryption between PHP and Java
问题描述
我正在尝试制作一个PHP脚本来与Java应用程序进行交互。他们会分享一些信息,所以我想加密他们之间传递的数据,使其尽可能安全,除了拥有SSL证书之外。但是,由于我的网站仅在 JustHost 上的共享服务器上,据我所知,我无法使用'mcrypt'的PHP模块,所以我不知道该怎么做,以便我的Java应用程序和PHP脚本都可以加密正在发送的数据和解密收到的数据!
I am trying to make a PHP script to interact a with a Java application. They will share some information, so I would like to encrypt the data that is passed between them to make it as secure as possible, on top of having an SSL certificate. However, because my website is only on a shared server at JustHost, as far as I am aware I can not use the 'mcrypt' PHP module, so I'm not sure how to do it so that both my Java application and the PHP script can encrypt data being sent and decrypt data being received!
推荐答案
Java和PHP之间的SSL对话将在数据传输过程中保护您的数据。你应该用强大的密码(10个符号)保护私人密钥,并确保您的算法很强大,没有人能够通过窥探对话来破坏它。
Your SSL conversation between Java and PHP will protect it your data while it's in transit. Should you properly protect the private key with a strong password (10+ symbols) and make sure your algorithms strong no one will be able to break it by snooping on the conversation.
在通过SSL会话发送数据之前,您不会获得任何额外的保护。而且您实际上可能会削弱您的安全性,因为为了加密数据,如果您选择对称加密,则必须共享一些密钥。而且,通过交易秘密密钥,您将取消SSL给您的大部分保护,因为SSL的巨大优势是我们可以在不同意秘密密钥的情况下加密数据。如果我试图获得加密文本,我会攻击客户端,因为找到对称加密密钥比打破SSL更容易。而您可以使用非对称加密,您将基本上重新创建SSL。
You won't get any extra protection by encrypting the data before sending it over the SSL conversation. And you actually might be weakening your security because in order for you to encrypt data you'll have to share some key should you choose symmetric encryption. And, by trading secret keys you're undoing much of the protection SSL gives you because the huge benefit of SSL is the fact we can encrypt data without agreeing on a secret key. If I were trying to get at your encrypted text I'd attack your client because it's easier to find your symmetric encryption key than it is to break SSL. And while you could use asymmetric encryption you'll be basically re-inventing SSL.
我将专注于确保您的SSL对话功能强大。仅使用最强对称加密:如果您的服务器支持,则为TripleDES,IDEA,AES。取出较弱的算法,所以对话不能使用较弱的加密。生成1024多个公钥/私钥对。在您的共享服务器上可能并不容易,但您的Java应用程序只能选择使用TripleDES,IDEA和AES。
I would focus on making sure your SSL conversation is strong. Using only the strongest symmetric encryption: TripleDES, IDEA, AES if your server supports it. Take out the weaker algorithms so conversations can't use the weaker encryption. Generate 1024+ public/private key pairs. That might not always be easy on your shared server, but your Java application could only choose to use TripleDES, IDEA, and AES.
确保您验证服务器的证书客户端,所以你确保你不是说虚假的服务。这基本上意味着服务器的证书并将其添加到客户端使用的密钥库。如果是Java,您可以使用keytool导入证书,并在您的SSL会话中使用该密钥库作为TrustManager / KeyManager。
Make sure you validate the server's certificate on the client side so you ensure you aren't talking to a false service. That basically means taking the server's certificate and adding it to the keystore used on the client. If that's Java you can use keytool to import a certificate and use that keystore as your TrustManager/KeyManager in your SSL conversation.
如果要在数据消失后加密数据通过SSL会话,您只能在服务器上进行加密/解密。但是,您仍然有一个关键的管理问题。如果您加密/解密如何计划在服务器上保护密钥?这总是丑陋的问题,没有一个简单的答案。
If you want to encrypt the data after it's gone over the SSL conversation then you can encrypt/decrypt on the server only. But, you still have a key management problem. If you encrypt/decrypt how do you plan on securing the secret key on the server? That's always the ugly problem that doesn't have a simple answer.
这篇关于PHP和Java之间的加密和解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
