安全地与后端服务器通信 [英] Comunicate with backend server securely
问题描述
我正在发送令牌旁边有一些信息像用户点,服务器使用令牌标识用户,他的工作很好。
在发布应用程序之前,我想加密一切,我知道我可以使用SSL,但是我的提供商收取了大量的SSL支持费用。
我的想法是将RSA密钥保护套,将私人保存在一个安全的地方,并在apk中公开。
我可以很容易地在我的应用程序中使用rsa生成加密和解密,但我不是php中的专家,我尝试了很多的东西来解密服务器端的东西,但我无法弄清楚如何做到这一点。
我有一个由android生成的键盘,我使用,
getPublic()。getEncoded()
getPrivate()。getEncoded()
如果使用privat,怎么办? e键入php解密和加密数据?
我知道这可能不是最好的办法,但我认为我不会有问题,目标受众真的远离黑客。
因为你添加了标签PHP,我假设你有某种休息api运行,你正在从你的Android应用程序调用。现在你不需要加密和解密PHP。这些由您的Web服务器处理。就ssl来看,让我们加密这是开源。在web服务器上单独执行ssl是非常好的安全措施。
I have Facebook and Google login in my application, I use my backend server to store data about the user, such as name and status.
I am sending the token along side with some info like user points, the server uses the token identifies the user and does his work just fine.
Before publishing the app i want to encrypt everything, I know I can use SSL however my provider charges A LOT of money for SSL support.
My idea was to genarate a RSA Keypair, save the private on a safe place, and have the public in the apk.
I can generate encrypt and decrypt using rsa within my app very easily, but I'm not an expert in php i tried a lot of things to decrypt stuff in server side but i can't figure it out how to do it.
I have one Keypair generated by android, i used,
getPublic().getEncoded()
getPrivate().getEncoded()
How can if use the private key in php to decrypt and encrypt data?
I know that this may not be the best way to do things but i think i won't have a problem, the target audience is really far from hackers.
Because you added the tag PHP, i am assuming that you have some kind of rest api running that you are calling from your android app. Now you don't need encrypt and decrypt in PHP. Those are handled by your web servers. As far as ssl goes have a look at let's encrypt which is opensource. Enforcing ssl alone on web server is pretty good security measure.
这篇关于安全地与后端服务器通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
