doushuangdui5419 2013-12-13 11:26
浏览 137
已采纳

在JavaScript中加密字符串并使用RSA技术在PHP中解密

I am trying to encrypt some text in JavaScript and then send it to PHP (etc: with Ajax) to decrypt it there and save it (etc: In MySQL).

Here is my code so far:

In JavaScript:

I am using this library for the encryption: http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/

function ConvertToURL(data) {
    // Converts data to URL friendly form
    // etc: Replaces '+', '/', '=' with 'plus', 'slash', 'equal'
};
function AjaxOrder(data) {
    // Sends data in PHP with Ajax
}

var publicKey = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN
FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76
xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4
gwQco1KRMDSmXSMkDwIDAQAB
-----END PUBLIC KEY-----';

var encrypt = new JSEncrypt();
encrypt.setPublicKey(publicKey);
var encrypted = encrypt.encrypt('Text to send.');

*// And now I am sending the encrypted text with some Ajax function*

AjaxOrder(ConvertToURL(encrypted));

In PHP:

$dataPost = $_POST('dt');

function ConvertFromURL($data) {
    // Converts $data to original form
    // etc: Replaces 'plus', 'slash', 'equal' with '+', '/', '='
}
function ReturnData($data) {
    // Sends $data back in JavaScript as an answer to Ajax
}

$privateKey = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
-----END RSA PRIVATE KEY-----';

openssl_private_decrypt(ConvertFromURL($dataPost), $decryptedWord, $privateKey);

ReturnData(base64_encode($decryptedWord));

Now the answer from PHP is empty every time. Any ideas to make this work?

Thank you for your time!

  • 写回答

1条回答 默认 最新

  • duanquezhan7268 2013-12-13 13:17
    关注

    Use HTTPS.

    What you are doing will never be able to protect you against active attacks (MitM) since you don't have any trust anchors, and it is very likely that you will make some stupid mistake that will make it insecure.

    Either way, you cannot encrypt more than a few hundred bytes directly with RSA. Thus, you will have to securely generate a random symmetric key (doing that properly in JavaScript is not easy), encrypt the data with it using a secure symmetric cipher (e.g. AES) in a secure block cipher mode, then encrypt the symmetric key with RSA. Learning how to do it "properly" will take you much more time than really doing it properly, and that is, configuring SSL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵