rsa非对称加密(js+php)

非对称加密提交表单到PHP

首先用openssl工具生成一对RSA非对称密钥

RSA密钥生成命令

1、生成RSA私钥

  openssl>openssl genrsa -out rsa_private_key.pem 1024

  得到exponent: 10001

2、生成modulus:

openssl>openssl rsa -in rsa_private_key.pem -noout -modulus 

3、生成RSA公钥

openssl>openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

以上步骤没成功 那就试试这个

在线生成

4、将RSA私钥转换成PKCS8格式(==========java使用===========)

openssl>openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt

注意:“>”符号后面的才是需要输入的命令。

若命令不起作用请先执行下面命令:

openssl genrsa -out rsa_1024_priv.pem 1024
openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem

然后在前端引入jsencrypt库,用于非对称加密,再绑定submit的onclick事件,对表单需加密数据进行加密处理 jsencrypt.min.js下载地址 -https://share.weiyun.com/521DAFJ

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<form action="/controller.php" id="form" method="post">
    username:
    <input type="text" name="username">
    password:
    <input type="password" name="password">
    <input type="submit">
</form>
</body>
<script src="http://cdn.bootcss.com/jsencrypt/2.3.0/jsencrypt.min.js"></script>
<script>
    var form_ele = document.getElementById('form');
    var password_ele = form_ele.querySelector('[name=password]');
    var submit_ele = form_ele.querySelector('[type=submit]');
 
    submit_ele.onclick = function (e) {
 
        var password = password_ele.value;
 
        var encrypt = new JSEncrypt();
        var publickey = '-----BEGIN PUBLIC KEY-----\
        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7xzfMsVgFc/q1wUQ7vAUU7CD8\
        W5eq0PnJb0Hv7Py1GQ+qYaqiasOqOr6T2FizbzSbXd+ZirEiZVdtFX9nKK4OlVHR\
        zDSGulioUESLUuNQau0BeWFsEwxCMIMkAMM1fI5zDMp1PvxULdC5hFTLDXNCf5DY\
        Yl4Xkc1LNsa4XYQV1QIDAQAB\
        -----END PUBLIC KEY-----';
        encrypt.setPublicKey(publickey);
 
        password = encrypt.encrypt(password);
 
        password_ele.value = password;
 
        form_ele.submit();
        return false;
    }
</script>
</html>

然后就可以在后端PHP中通过openssl_private_decrypt方法解析传输过来的加密数据了

//下面是错误示范  不要为了整齐把私钥格式搞错
/*
$privatekey = '-----BEGIN RSA PRIVATE KEY-----
               MIICXAIBAAKBgQC7xzfMsVgFc/q1wUQ7vAUU7CD8W5eq0PnJb0Hv7Py1GQ+qYaqi
               asOqOr6T2FizbzSbXd+ZirEiZVdtFX9nKK4OlVHRzDSGulioUESLUuNQau0BeWFs
               EwxCMIMkAMM1fI5zDMp1PvxULdC5hFTLDXNCf5DYYl4Xkc1LNsa4XYQV1QIDAQAB
               AoGARRGwGqCYydixPS2LlZVBIUMBlxFxpikb19YOoNvA0DQZqQgnpXoz4medNfB8
               H/Qlm4hZ+LYlFYvFLqCbriwuaRl3utzULP6XxVjI8NlLbbg+sXquDAJVtiIFVpBs
               VNbvBFFMG9kwM0UnfRTcLDVu5kPH8PSpkuEF6BKRS2oyXcECQQDgteyUuDvMejIR
               sYHf+GDOhtY6Ncy25cEgk07xSNz84uRhMBe2lVI9rTEmE2lSVSBBfsdKwums2VOK
               bj8uJQYJAkEA1ezLEKCdOWN8VZLe8jQIGoPX7kYqIo1BiaUa+8eER/tMZlCsXDPQ
               wRBfRBiiDGO9KAWR8i0vRMGTYAnol31kbQJAN1DxdUbJCbQHAU4GH6FgC1csA1Zd
               F6UFXsSEiWcbZ3FfMQGKxNqLTT2GPM5IfgkQkK7p1mCW74LsSsaK7QwWKQJAHJ+n
               eB0VjHU8ULLrM9s0bl/Px6kJwD/IUiOOXbwPfhYo3dPTjC6+suZ+6LynCiNaTv2X
               zqCvH3MLRiFtRr/XbQJBANDOugkjgfTQKt2yHWEPMp+pNeRyPIycuHQq+ejoTp+G
               y0SXaEGYTNdLpZ4D1mCVea/4qnhlnW8ir7KEC6ecI0I=
               -----END RSA PRIVATE KEY-----';
*/
//下面是正确示范
$privatekey = '-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC7xzfMsVgFc/q1wUQ7vAUU7CD8W5eq0PnJb0Hv7Py1GQ+qYaqi
asOqOr6T2FizbzSbXd+ZirEiZVdtFX9nKK4OlVHRzDSGulioUESLUuNQau0BeWFs
EwxCMIMkAMM1fI5zDMp1PvxULdC5hFTLDXNCf5DYYl4Xkc1LNsa4XYQV1QIDAQAB
AoGARRGwGqCYydixPS2LlZVBIUMBlxFxpikb19YOoNvA0DQZqQgnpXoz4medNfB8
H/Qlm4hZ+LYlFYvFLqCbriwuaRl3utzULP6XxVjI8NlLbbg+sXquDAJVtiIFVpBs
VNbvBFFMG9kwM0UnfRTcLDVu5kPH8PSpkuEF6BKRS2oyXcECQQDgteyUuDvMejIR
sYHf+GDOhtY6Ncy25cEgk07xSNz84uRhMBe2lVI9rTEmE2lSVSBBfsdKwums2VOK
bj8uJQYJAkEA1ezLEKCdOWN8VZLe8jQIGoPX7kYqIo1BiaUa+8eER/tMZlCsXDPQ
wRBfRBiiDGO9KAWR8i0vRMGTYAnol31kbQJAN1DxdUbJCbQHAU4GH6FgC1csA1Zd
F6UFXsSEiWcbZ3FfMQGKxNqLTT2GPM5IfgkQkK7p1mCW74LsSsaK7QwWKQJAHJ+n
eB0VjHU8ULLrM9s0bl/Px6kJwD/IUiOOXbwPfhYo3dPTjC6+suZ+6LynCiNaTv2X
zqCvH3MLRiFtRr/XbQJBANDOugkjgfTQKt2yHWEPMp+pNeRyPIycuHQq+ejoTp+G
y0SXaEGYTNdLpZ4D1mCVea/4qnhlnW8ir7KEC6ecI0I=
-----END RSA PRIVATE KEY-----';
 
if (openssl_private_decrypt(base64_decode($_POST['password']), $decrypted, $privatekey)) {
    echo $decrypted . "\n";
} else {
    echo 'error';
}

后话:

如果报 message too long for rsa; 说明你加密的字符串过长。 两种解决方案:

1,将数据(一般是json串)用对称加密成短的字符串。然后再用rsa加密;

2,将数据(json串)以100字符分割开来,分别将分割的字符串加密。后台解密组合数据。

方法2不适合长字符串,各自取所需的吧。

原文: -https://blog.csdn.net/a369405354/article/details/83536304




导航