doushuangdui5419 2013-12-13 11:26
浏览 137
已采纳

在JavaScript中加密字符串并使用RSA技术在PHP中解密

I am trying to encrypt some text in JavaScript and then send it to PHP (etc: with Ajax) to decrypt it there and save it (etc: In MySQL).

Here is my code so far:

In JavaScript:

I am using this library for the encryption: http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/

function ConvertToURL(data) {
    // Converts data to URL friendly form
    // etc: Replaces '+', '/', '=' with 'plus', 'slash', 'equal'
};
function AjaxOrder(data) {
    // Sends data in PHP with Ajax
}

var publicKey = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN
FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76
xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4
gwQco1KRMDSmXSMkDwIDAQAB
-----END PUBLIC KEY-----';

var encrypt = new JSEncrypt();
encrypt.setPublicKey(publicKey);
var encrypted = encrypt.encrypt('Text to send.');

*// And now I am sending the encrypted text with some Ajax function*

AjaxOrder(ConvertToURL(encrypted));

In PHP:

$dataPost = $_POST('dt');

function ConvertFromURL($data) {
    // Converts $data to original form
    // etc: Replaces 'plus', 'slash', 'equal' with '+', '/', '='
}
function ReturnData($data) {
    // Sends $data back in JavaScript as an answer to Ajax
}

$privateKey = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
-----END RSA PRIVATE KEY-----';

openssl_private_decrypt(ConvertFromURL($dataPost), $decryptedWord, $privateKey);

ReturnData(base64_encode($decryptedWord));

Now the answer from PHP is empty every time. Any ideas to make this work?

Thank you for your time!

  • 写回答

1条回答 默认 最新

  • duanquezhan7268 2013-12-13 13:17
    关注

    Use HTTPS.

    What you are doing will never be able to protect you against active attacks (MitM) since you don't have any trust anchors, and it is very likely that you will make some stupid mistake that will make it insecure.

    Either way, you cannot encrypt more than a few hundred bytes directly with RSA. Thus, you will have to securely generate a random symmetric key (doing that properly in JavaScript is not easy), encrypt the data with it using a secure symmetric cipher (e.g. AES) in a secure block cipher mode, then encrypt the symmetric key with RSA. Learning how to do it "properly" will take you much more time than really doing it properly, and that is, configuring SSL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何用最短的时间大致看懂springboot+vue的项目
  • ¥15 (有偿)懂数值分析和含时变参数微分方程的来
  • ¥15 layui父页的数据表格如何用弹窗页提交后的查询数据来更新数据表格内容?
  • ¥15 abaqus随机生成二维颗粒
  • ¥15 安装ansys许可证管理器时出现了这个问题,如何解决?
  • ¥100 高价求算法,利用智能手机传感器计算车辆的三轴g值
  • ¥15 Blazor server 数据库操作异常,如何解决?(语言-c#)
  • ¥15 uni-app开发APP运行到浏览器访问接口跨域
  • ¥100 mfc消息自创建控件
  • ¥15 网页视频跳过后学习进度未增加