HTTP uses RSA public key encryption algorithm to encrypt plaintext

The most reliable way for a Web site to encrypt data in case it is stolen is to encrypt it using a public key encryption algorithm, which is used throughout the transmission and can be implemented for HTTP sites that do not use HTTPS.

　　Function description

Because HTTP is the direct transmission of plaintext data, in the increasingly serious network security today, unencrypted HTTP way has become precarious, Google is directly indicated in the search results will give priority to the use of HTTPS encrypted site.

Although the overall trend is skewed to HTTPS, because many servers and CDN and other service providers are not fully compatible with HTTPS protocol, it is not feasible to realize the feasibility of switching the whole station to HTTPS protocol at present.

At the same time, security situation is urgent, for this, we can implement RSA encryption private information.

　　Algorithm description

Because more than dream math is not very good, the implementation of RSA public key encryption algorithm more than the dream said, the realization of the algorithm is interested in the child shoes can go to see Ruan a peak of "RSA algorithm principle", the following many dreams to say the effect of RSA algorithm.

RSA algorithm is a kind of asymmetric encryption algorithm, also known as public key encryption.

Unlike symmetric encryption algorithms, symmetric encryption algorithms use the same key for both encryption and decryption, i.e. if you know how to encrypt it, you know how to decrypt it. So the algorithm and key can not be leaked, otherwise the encryption is meaningless.

The public key encryption algorithm is the same time has two keys, one is called the public key, one is called the private key. These two keys are corresponding, the content that uses the public key encrypts only then can decrypt with the private key, the content which uses the private key encrypts, only uses the public key to decrypt. So the algorithm and the public key can be public, as long as the private key or private, is safe.

　　Realize the idea

Since we are encrypting HTTP to send the data, so the encryption process is to be done in the client browser, the algorithm and the key need to send the HTTP data before the browser, the use of symmetric encryption algorithm has no meaning, because others according to you this encryption can be directly decrypted.

So we need to choose asymmetric encryption, in the Web page to introduce algorithms and public key encryption, and then send HTTP data to the server, the server is decrypted according to the private key. Because the private key is private, the algorithm and public key public is also unable to decrypt, is also safe.

The encryption implementation of the HTTP request is to use JavaScript to encrypt the data before the Web page submits the form data, then the server accepts the encrypted data and decrypts the private key using PHP or other server language.

　　Extended Reading

Using JavaScript to implement OpenSSL RSA encryption and decryption: Https://github.com/travist/jsencrypt

Using PHP to implement OpenSSL RSA encryption and decryption: http://php.net/manual/zh/ref.openssl.php

Source: Submission, original link.