Simple implementation of JavaScript to PHP encrypted communication

In fact, the content is mainly from the previous blog, just re-organized the language, and made the original rational elaboration, more easily understand: P

-----------------------------------------Gorgeous split-line-----------------------------------------

Most Web sites on the Internet, the user's data are directly submitted to the back-end CGI in clear text , the server between the access is also mostly plaintext transmission, so that some people with ulterior motives through some means to monitor the hearing. Web sites with high security requirements, such as banks and large enterprises, will use HTTPS to encrypt the process of communication.

But the cost of using HTTPS is expensive. Not only the purchase of CA certificate, more important is the serious performance bottleneck, the solution currently only use specialized SSL hardware acceleration devices such as F5 BigIP and so on. As a result, some websites have opted for a simple analog SSL approach, using RSA and AES to encrypt the transmitted data. The principle is as follows:

This improves the security of data transmission to some extent. But for most Web sites, most of the data is often unnecessarily tight and selectively encrypted only for some important small data, such as passwords. For small Data encryption, it is not necessary to use the entire process, only RSA can be used, which greatly simplifies the process.

Why is small data volume? Because the asymmetric encryption algorithm increases with the amount of data, the encryption process becomes much slower than symmetric encryption. Therefore, the actual data encryption will generally choose the symmetric encryption algorithm. Therefore , the OpenSSL extended public key encryption function in PHP only supports small data ( 117 bytes in encryption, 128 bytes at decryption).

There are a number of AES,RSA, open-source JavaScript algorithm library, in PHP can be directly related to the implementation of the extension (AES algorithm can be implemented by MCrypt related functions,RSA can be OpenSSL's related functions), rather than using pure PHP code to implement the algorithm, as the web says . Due to space limitations, this article only introduces JavaScript and PHP RSA Encryption Communication Implementation, take password encryption as an example.

First on the code:

Front-end encryption

First load three RSA JS library file, can download http://www.ohdave.com/rsa/

$ (document). Ready (function () {    //16 binary public key    var rsa_n = " c34e069415ac02fc4ea5f45779b7568506713e9210789d527bb89ee462662a1d0e94285e1a764f111d553add7c65673161e69298a8be2212df8016787 E2f4859cd599516880d79ee5130fc5f8b7f69476938557cd3b8a79a612f1ddaccadaa5b6953ecc4716091e7c5e9f045b28004d33548ec89ed5c6b2c64 D6c3697c5b9dd3 ";         $ ("#submit"). Click (function () {        setmaxdigits (131);//131 = hexadecimal digits of n =/2+3        var key = new Rsakeypair ("10001", ' ', rsa_n); 10001        = = $ ("#password") for hex var password = $. val ();        Password = encryptedstring (key, password);//In the ointment, Kanji ~        $ ("#password") is not supported. val (password);        $ ("#login"). Submit ();    });       

　　

PHP Cryptographic Functions

/**   * Public Key Cryptography   *   * @param string plaintext   * @param string certificate file (. crt)   * @return String cipher (base64 encoded   )    */ function publickey_encodeing ($sourcestr, $fileName)    {        $key _content = file_get_contents ($fileName);        $pubkeyid    = Openssl_get_publickey ($key _content);        if (Openssl_public_encrypt ($sourcestr, $crypttext, $pubkeyid))        {            return Base64_encode ("". $crypttext);        }      return False;  }   

PHP decryption Function

View Plaincopy to clipboardprint?/**   * Private key decryption   *   * @param string cipher (base64 encoded)   * @param string key file (. Pem) 
   * @param whether string cipher is from JS RSA encryption   * @return string plaintext   *    /function privatekey_decodeing ($crypttext, $ FileName, $fromjs = FALSE)  {        $key _content = file_get_contents ($fileName);        $prikeyid    = Openssl_get_privatekey ($key _content);        $crypttext   = Base64_decode ($crypttext);        $padding = $fromjs? openssl_no_padding:openssl_pkcs1_padding;      if (Openssl_private_decrypt ($crypttext, $sourcestr, $prikeyid, $padding))        {            return $FROMJS? RTrim ($ strrev ($ SOURCESTR), "\"): "". $sourcestr;        }        return FALSE;    }     

　　

Test code

Define ("CRT", "SSL/SERVER.CRT"); Public key file  define ("PEM", "Ssl/server.pem");//private key file  //js->php Test   $data = $_post[' password '];    $txt _en = Base64_encode (Pack ("h*", $data)); Turn into base64 format   $txt _de = privatekey_decodeing ($txt _en, PEM, TRUE);    Var_dump ($txt _de);    php->php Test    $data = "testing test";//php supports kanji: D  $txt _en = publickey_encodeing ($data, CRT);    $txt _de = privatekey_decodeing ($txt _en, PEM);    Var_dump ($txt _de);  

　　

After the code has been pasted, there are several places to explain. Where the hexadecimal public key is obtained is key. Since the key is obtained from the certificate of the "certificates", the key and certificate file (the 1024-bit key used in this article) must be generated, and the method should be :P by Google. Here's how to get the hexadecimal key from here.

Read the hexadecimal key from the file, I tried a lot of ways before, online said the data is encoded with ASN.1 ... Embarrassed ~ Finally inadvertently notice that the Linux shell in the case of OpenSSL can be extracted from the private key file (key or PEM).

OpenSSL asn1parse-out temp.ans-i-inform PEM < SERVER.PEM

The results appear as follows:

Finally, you can see the hexadecimal public key key required in JavaScript :D

Simple implementation of JavaScript to PHP encrypted communication