加密查询字符串文本
我有一个连接字符串,我想将其作为查询字符串传递。为了安全起见,我想使用 gpg 私钥对连接的字符串进行加密,该私钥位于远程服务器上该 .php 文件所在的同一文件夹中。
我想知道将公钥和私钥保存在远程服务器上并用于加密和解密是否安全。
I have a concatenated string and I want to pass it as query string. For security, I want to encrypt the concatenated string using gpg private key that resides in the same folder where this .php file resides on the remote server.
I want to know whether it is safe to keep the public and private keys on the remote server and use it for encryption and decryption.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
第一个问题:为什么? - 如果您在同一服务器上传输数据,请使用 PHP 会话或将其存储在数据库中。如果您想将数据从一台服务器传输到另一台服务器,也可以在这些服务器之间使用另一个通信通道,例如 HTTP 请求 POST 数据。
如果您仍然想这样做:我不会为此使用 GPG,因为这会产生相当多的 CPU 负载并显着增加消息的大小,假设您的数据相对较短。最好使用blowfisch或类似的算法,例如参见PHP的crypt函数。
关于安全性:它或多或少与整个服务器一样安全,但您应该确保您的私钥隐藏在 Web 服务器的文档根目录之外。并且读取权限应仅限于网络服务器用户......
First question: Why? - If you're transferring data on the same server use PHP sessions or store it in a database. IF you want to transport data from one server to another server use another communication channel between these too, like a HTTP request POSTing the data.
IF you still want to do it: I won't use GPG for this as this produces quite some CPU load and increases the size of the message dramatically, assuminf your data is relatively short. It's better to use blowfisch or similar algorithms, see PHP's crypt function for instance.
About the security: It is more or less as secure as the whole server is but you should make sure your private key is hidden outside the document root of the web server. And read rights should be limited to the web server user ...
尝试这些 PHP 函数 convert_uuencode 和 convert_uudecode
Try these PHP functions convert_uuencode and convert_uudecode