JS与PHP使用RSA算法进行加密通讯

我们平时做用户登录表单提交,用户名密码都是明文直接POST到后端,这样很容易被别人从监听到。 注:包括使用MD5等哈希函数处理后的数据,这里也算做明文(现在MD5爆破网站已经很多了~)。 对安全性要求较高的网站,比如银行和大型企业等都会使用HTTPS对其进行加密通讯。 但是由于效率原因,使用HTTPS的代价是及其昂贵的,对于访问量稍大的网站就会造成严重的性能瓶颈。解决方法一般只能采用专门的SSL硬件加速设备如F5的BIGIP等。 所以很多网站选择了模拟SSL的做法,使用RSA来对密码等安全信息进行公钥加密,服务端用私钥解密。 通常是对密码进行加密,本文也拿密码加密为例。 第一步:生成RSA公匙密匙 本文使用的1024位密钥。
[root@localhost /]# ls
bin  boot  dev  etc  home  lib  lost+found  media  mnt  opt  proc  root  sbin  selinux  srv  sys  tmp  usr  var
[root@localhost /]# openssl genrsa -des3 -out prikey.pem 1024  #生成rsa密钥
Generating RSA private key, 1024 bit long modulus
..........++++++
.........................++++++
e is 65537 (0x10001)
Enter pass phrase for prikey.pem:
Verifying - Enter pass phrase for prikey.pem:
[root@localhost /]# openssl rsa -in prikey.pem -out prikey.pem #去除掉密钥文件保护密码
Enter pass phrase for prikey.pem:
writing RSA key
[root@localhost /]# ls
bin  boot  dev  etc  home  lib  lost+found  media  mnt  opt  prikey.pem  proc  root  sbin  selinux  srv  sys  tmp  usr  var
[root@localhost /]# openssl rsa -in prikey.pem -pubout -out pubkey.pem #分离出公钥
writing RSA key
[root@localhost /]# ls
bin  boot  dev  etc  home  lib  lost+found  media  mnt  opt  prikey.pem  proc  pubkey.pem  root  sbin  selinux  srv  sys  tmp  usr  var
[root@localhost /]# openssl asn1parse -out temp.ans -i -inform PEM < prikey.pem #提取十六进制密钥
    0:d=0  hl=4 l= 607 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim:  INTEGER           :00
    7:d=1  hl=3 l= 129 prim:  INTEGER           : D42E861C04CFB9EBB1368A682EC22BDCA364A35E1C5DF1D43FC4F24197D4B798BCB7FD0192774749C4DED8B659002B4ABEA2F11F7896BCEE5CD615D31EF8936823ED6760CA01D91F677F1459019383679D78BE72FE67E7C1C3FDA1A514B5FE35879A9A9DC90EAE059948CD222F4C69F37F23F0864112CD4A8AE2B4FD9EC36297 #公匙
  139:d=1  hl=2 l=   3 prim:  INTEGER           :010001 #十六进制e值
  144:d=1  hl=3 l= 129 prim:  INTEGER           : 85035557233D059457579594921B6F5BB5A255379E18D68CF41D06B14FF92DCF361F3120572D27277B9F27C3C82F6EF44065ED3A896215B667C45D92280C347B235AB10164B15A3799D5CFFE7B4FDA5A823116F4DA48A08E6CFED11F274BEE1CE74AD161045992EEDE859A8B048CA9FECE7DFD5E1DA25E71FD2624380FBB8DA1 #密匙
  276:d=1  hl=2 l=  65 prim:  INTEGER           :FB8B45FBD58D9FAFD41EDAD77BF57D4E413AD4513BC9EF384DA8E6049D945668967E40400FBE536CDD4B363E990EE273B6D7BDBAC620FA27BB8ACC2B46F70393
  343:d=1  hl=2 l=  65 prim:  INTEGER           : D7F0BF176770516845C0858C849B12858DEB41F430BFD9BC72BBEEA8F646FBD0E565E04FC7C1046E012D9CC46FD567532A18BAE83976FF003DFB8E350B61CF6D
  410:d=1  hl=2 l=  65 prim:  INTEGER           :EEE1BEDE8059F4D2A8217D36B2B3DA021D145F599DEC11D0688003A1527CF2EA7431059750DC30A1EC2E671F5F7FB132AEEB8774FE7F86D180DB3935C839011D
  477:d=1  hl=2 l=  65 prim:  INTEGER           :A4886421A207FB8F36AE855356EA8D4743A6405F9E116006ED68F264BD19C2DF1D1AEDB9FC1ABE944EC381524F5FCBD59B1AB2B724A9DD8C42ADFC61C0656B55
  544:d=1  hl=2 l=  65 prim:  INTEGER           :CA796B199B066C2B3513D20E4207F5D85AB6347C4A3FBCE152DBD0A535060D413BAEB88D603A4673C946C4B9501DD98B772557B7119F841CAD86DE2D013C997C
[root@localhost /]#
第二步:JS加密传输实现 使用RSA加密通讯方式,需要先加载三个RSA的js库文件,可以到这里下载: http://www.ohdave.com/rsa/ HTML部分:
JS->PHP RSA加解密实现





用户名:
密码:
JS调用RSA加密部分:
 第三步:PHP解密JS传输的数据 
 
class Rsa
{
private static $PRIVATE_KEY = '-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDULoYcBM+567E2imguwivco2SjXhxd8dQ/xPJBl9S3mLy3/QGS
d0dJxN7YtlkAK0q+ovEfeJa87lzWFdMe+JNoI+1nYMoB2R9nfxRZAZODZ514vnL+
Z+fBw/2hpRS1/jWHmpqdyQ6uBZlIzSIvTGnzfyPwhkESzUqK4rT9nsNilwIDAQAB
AoGBAIUDVVcjPQWUV1eVlJIbb1u1olU3nhjWjPQdBrFP+S3PNh8xIFctJyd7nyfD
yC9u9EBl7TqJYhW2Z8RdkigMNHsjWrEBZLFaN5nVz/57T9pagjEW9NpIoI5s/tEf
J0vuHOdK0WEEWZLu3oWaiwSMqf7Off1eHaJecf0mJDgPu42hAkEA+4tF+9WNn6/U
HtrXe/V9TkE61FE7ye84TajmBJ2UVmiWfkBAD75TbN1LNj6ZDuJztte9usYg+ie7
iswrRvcDkwJBANfwvxdncFFoRcCFjISbEoWN60H0ML/ZvHK77qj2RvvQ5WXgT8fB
BG4BLZzEb9VnUyoYuug5dv8APfuONQthz20CQQDu4b7egFn00qghfTays9oCHRRf
WZ3sEdBogAOhUnzy6nQxBZdQ3DCh7C5nH19/sTKu64d0/n+G0YDbOTXIOQEdAkEA
pIhkIaIH+482roVTVuqNR0OmQF+eEWAG7WjyZL0Zwt8dGu25/Bq+lE7DgVJPX8vV
mxqytySp3YxCrfxhwGVrVQJBAMp5axmbBmwrNRPSDkIH9dhatjR8Sj+84VLb0KU1
Bg1BO664jWA6RnPJRsS5UB3Zi3clV7cRn4QcrYbeLQE8mXw=
-----END RSA PRIVATE KEY-----';
private static $PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDULoYcBM+567E2imguwivco2Sj
Xhxd8dQ/xPJBl9S3mLy3/QGSd0dJxN7YtlkAK0q+ovEfeJa87lzWFdMe+JNoI+1n
YMoB2R9nfxRZAZODZ514vnL+Z+fBw/2hpRS1/jWHmpqdyQ6uBZlIzSIvTGnzfyPw
hkESzUqK4rT9nsNilwIDAQAB
-----END PUBLIC KEY-----';
/**
 * 16进制
 * 公匙: D42E861C04CFB9EBB1368A682EC22BDCA364A35E1C5DF1D43FC4F24197D4B798BCB7FD0192774749C4DED8B659002B4ABEA2F11F7896BCEE5CD615D31EF8936823ED6760CA01D91F677F1459019383679D78BE72FE67E7C1C3FDA1A514B5FE35879A9A9DC90EAE059948CD222F4C69F37F23F0864112CD4A8AE2B4FD9EC36297
 * 密匙: 85035557233D059457579594921B6F5BB5A255379E18D68CF41D06B14FF92DCF361F3120572D27277B9F27C3C82F6EF44065ED3A896215B667C45D92280C347B235AB10164B15A3799D5CFFE7B4FDA5A823116F4DA48A08E6CFED11F274BEE1CE74AD161045992EEDE859A8B048CA9FECE7DFD5E1DA25E71FD2624380FBB8DA1
 */
    /**
    *返回对应的私钥
    */
    private static function getPrivateKey(){
    
        $privKey = self::$PRIVATE_KEY;
         
        return openssl_pkey_get_private($privKey);      
    }
    /**
    *返回对应的公钥
    */
    private static function getPublicKey(){
    
        $pubkey = self::$PUBLIC_KEY;
         
        return openssl_pkey_get_public($pubkey);      
    }
    /**
     * 私钥加密
     * @param  [type] $data [description]
     * @return [type]       [description]
     */
    public static function privEncrypt($data)
    {
        if(!is_string($data)){
                return null;
        }           
        return openssl_private_encrypt($data,$encrypted,self::getPrivateKey())? base64_encode($encrypted) : null;
    }
    
    
    /**
     * 私钥解密
     * @param  [type]  $encrypted 密文(二进制格式且base64编码)
     * @param  boolean $fromjs    密文是否来源于JS的RSA加密
     * @return [type]             [description]
     */
    public static function privDecrypt($encrypted, $fromjs = FALSE)
    {
        if(!is_string($encrypted)){
                return null;
        }
        $padding = $fromjs ? OPENSSL_NO_PADDING : OPENSSL_PKCS1_PADDING;  
        if (openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey(), $padding))  
        {  
            return $fromjs ? trim(strrev($decrypted)) :$decrypted;  
        }  
        return null; 
    }
    /**
     * 私匙加密
     * @param  [type] $data [description]
     * @return [type]       [description]
     */
    public static function encrypt($data) {
        if (openssl_public_encrypt($data, $encrypted, self::getPublicKey()))  
            $data = base64_encode($encrypted);  
        else  
            throw new Exception('Unable to encrypt data. Perhaps it is bigger than the key size?');  
  
        return $data;  
    }
}
 

//JS->PHP传输RSA加密解密测试
$password = $_POST['password'];
$key = base64_encode(pack("H*", $password));
echo Rsa::privDecrypt($key,true);

echo '
'; //PHP->PHP RSA加密解密测试 $key = Rsa::encrypt('测试中文rsa加密'); echo Rsa::privDecrypt($key);
注:PHP中openssl扩展公私钥加密函数只支持小数据,加密时117字节,解密时128字节。若不然得自己循环加密后合并。 本文代码已上传网盘: http://pan.baidu.com/s/1ntkIgSp

你可能感兴趣的:(PHP,rsa,rsa,OpenSSL)