duanju8308 2015-08-02 11:54
浏览 74
已采纳

带有RSA的Android-PHP编码字符串传递给PHP

I know it could be easier with https connection, but for the university project there is no money for that. We have an Apache2 Webserver, but are not able to include a certificate due to permission restrictions. URL Connection with sending the data is correct so I did not include it to my question, so the problem is with formatting or de-/encryption.

So the base Idea is: Generate a own Certificate with openssl. Encrypt the Data on Android, send with UrlConnection to the server, there it has to be decrypted to perform more operations.

Android Encryption:

    AssetManager assetManager=activity.getAssets();
    InputStream in=assetManager.open("certificate.crt");
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(in);
    PublicKey publicServerKey = certificate.getPublicKey();
    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(Cipher.ENCRYPT_MODE,publicServerKey);
    byte[] parametersCipher = cipher.doFinal(parameters.getBytes());
    String encoded=new String(Base64.encode(parametersCipher, Base64.DEFAULT));
    String parametersencrypted="data="+URLEncoder.encode(encoded,"UTF-8");

The String parametersencrypted will be send with POST Data to the Server Now the Server Part: PHP Decryption:

$data=utf8_decode(urldecode($_POST['data']));    
$privateKey=openssl_pkey_get_private("file://certificate.key", "password");
$data = base64_decode($data);
openssl_private_decrypt($data, $decrypted,$privateKey);

The Server is getting the Base64 Encoded String, but the decryption String is empty. If I encrypt a String in php I am able to decrypt it, same on Android, I think the problem is with the formatting for HTTP Request with UTF-8 Urlencoding or so, but I am not getting a solution for it. Please help me to solve this specific problem.

UPDATE

Ok I did got it working with Java, but not on Android: Java Code:

Cipher cipher=Cipher.getInstance("RSA/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE,publicServerKey);
byte[] parametersCipher = cipher.doFinal(urlParameters.getBytes("UTF-8"));
String encoded=new String(encoder.encode(parametersCipher)); //encoder= base64 encoder 
encoded=encoded.replace("+", "-");
encoded=encoded.replace("/", "_");

Modified PHP:

$data = base64_decode(strtr($string, '-_', '+/')); 
openssl_private_decrypt($data, $decrypted, $this->privateKey,OPENSSL_NO_PADDING);

Android Code:

Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE,publicServerKey);
byte[] parametersCipher = cipher.doFinal(parameters.getBytes("UTF-8"));
String encoded=new String(Base64.encode(parametersCipher, Base64.URL_SAFE)); //URL_SAFE from Android Documentation + as - and / as _
String parametersencrypted="data="+encoded;

Any idea what I am doing wrong?

  • 写回答

1条回答 默认 最新

  • douchan0523 2015-08-03 05:35
    关注

    With updated code I put the wrong certificate to the app. Now it is working.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 TMC2209串口模式下读取不到寄存器的值串口助手蓝色字体是发过去的消息,绿色字体是收到的消息,第二行发送读取寄存器的指令但是没有读取到寄存器的值串口助手如下图:接线如下图,如何解决?
  • ¥30 itest不允许查看成绩怎么办
  • ¥15 高通安卓11提取完整线刷包软件,或者优博讯dt50顺丰刷机包
  • ¥20 C,有个译码器,换了信道就跑不出原来数据
  • ¥15 MIMIC数据库安装问题
  • ¥60 基于JTag协议开发Fpga下载器上位机,哪位大🐂有偿指导?
  • ¥20 全书网Java爬取数据
  • ¥15 怎么获取红包封面的原始链接,并且获取红包封面序列号
  • ¥100 微信小程序跑脚本授权的问题
  • ¥100 房产抖音小程序苹果搜不到安卓可以付费悬赏