我试图加密JavaScript中的一些文本,然后将其发送到PHP(等:使用Ajax)在那里解密并保存(等等:在MySQL中).
到目前为止,这是我的代码:
在JavaScript中:
我正在使用此库进行加密:http: //travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/
function ConvertToURL(data) { // Converts data to URL friendly form // etc: Replaces '+', '/', '=' with 'plus', 'slash', 'equal' }; function AjaxOrder(data) { // Sends data in PHP with Ajax } var publicKey = '-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76 xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4 gwQco1KRMDSmXSMkDwIDAQAB -----END PUBLIC KEY-----'; var encrypt = new JSEncrypt(); encrypt.setPublicKey(publicKey); var encrypted = encrypt.encrypt('Text to send.'); *// And now I am sending the encrypted text with some Ajax function* AjaxOrder(ConvertToURL(encrypted));
在PHP中:
$dataPost = $_POST('dt'); function ConvertFromURL($data) { // Converts $data to original form // etc: Replaces 'plus', 'slash', 'equal' with '+', '/', '=' } function ReturnData($data) { // Sends $data back in JavaScript as an answer to Ajax } $privateKey = '-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd 8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5 rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876 -----END RSA PRIVATE KEY-----'; openssl_private_decrypt(ConvertFromURL($dataPost), $decryptedWord, $privateKey); ReturnData(base64_encode($decryptedWord));
现在PHP的答案每次都是空的.任何使这项工作的想法?
感谢您的时间!
使用HTTPS.
你正在做的事情永远无法保护你免受主动攻击(MitM),因为你没有任何信任锚,很可能你会犯一些使其不安全的愚蠢错误.
无论哪种方式,您都无法使用RSA直接加密超过几百个字节.因此,您必须安全地生成随机对称密钥(在JavaScript中正确执行此操作并不容易),使用安全对称密码(例如AES)以安全分组密码模式对数据进行加密,然后使用对称密钥加密对称密钥. RSA.学习如何"正确"地完成它将比你真正做到这一点花费更多的时间,即配置SSL.