使用 openssl_seal 和 openssl_seal 进行公私钥加密的 Android 对应部分是什么? openssl_open(都是 PHP)?
我刚刚开始开发一个需要与服务器/数据库通信的android应用程序。在服务器端,我使用 PHP 来收集数据或执行查询。我读了很多有关安全性的内容(XSS、SQL 注入等)。因为我还想加密客户端和客户端之间发送的数据。服务器我开始处理 PHP 中的 openssl-functions。
openssl_seal- 和 openssl_open-函数似乎适合此目的。 我编写了这两个函数:
function encryptRnd($data) {
$pubKey = file_get_contents("public.key");
$publicKeys = array(openssl_pkey_get_public($pubKey));
$res = openssl_seal($data, $encryptedData, $encryptedKeys, $publicKeys);
return array("data" => base64_encode($encryptedData), "rndKey" => base64_encode($encryptedKeys[0]));}
function decryptRnd($credentials) {
$privateKey = openssl_get_privatekey(file_get_contents("private.key"));
$result = openssl_open(base64_decode($credentials["data"]), $decryptedData, base64_decode($credentials["rndKey"]), $privateKey);
if (!$result) echo "ERROR during decryption.\n";
return $decryptedData;}
“a”是数据(要加密/加密),而“b”是由 openssl_seal 生成并用于解密的随机密钥。
这两个密钥文件是在 Windows 上通过使用
- “openssl.exe genrsa -out private.key 1024”作为私钥文件
- “openssl.exe rsa -in private.key -out public.pem -outform PEM -pubout”作为公钥 生成的file
在 PHP 中,这一切都按预期工作。
但是如何在 Android 中实现相同的技术(我是初学者!)?
我在网上搜索了与 PHP 端的 openssl_seal 结合使用的示例,但没有找到任何有效的方法。
- 我希望能够在 Android 端加密数据并解密 它在 PHP 上。
- 当服务器发送加密数据时,应在 Android 端解密(我假设使用第二个公钥/私钥对)
我还实现了提到的示例 here 但这不起作用(openssl_private_decrypt 在 PHP 端始终为 FALSE)。所以这对我没有帮助,而它只是 Android => PHP 加密,没有相反的方法。
总之:我正在寻找一种方法来加密和解密 Android 和 PHP 之间发送的数据,并且只有接收方才能解密数据。有人可以给我一个例子甚至线索吗?
I just began to develop a android-app which needs to communicate with a server/database. On server side I use PHP to collect data or execute queries. I read a lot about security (XSS, SQL injection, etc.). Because I also would like to encrypt data sent between client & server I began to deal with openssl-functions in PHP.
The openssl_seal- and openssl_open-functions seem to be good for this purpose.
I wrote these two functions:
function encryptRnd($data) {
$pubKey = file_get_contents("public.key");
$publicKeys = array(openssl_pkey_get_public($pubKey));
$res = openssl_seal($data, $encryptedData, $encryptedKeys, $publicKeys);
return array("data" => base64_encode($encryptedData), "rndKey" => base64_encode($encryptedKeys[0]));}
function decryptRnd($credentials) {
$privateKey = openssl_get_privatekey(file_get_contents("private.key"));
$result = openssl_open(base64_decode($credentials["data"]), $decryptedData, base64_decode($credentials["rndKey"]), $privateKey);
if (!$result) echo "ERROR during decryption.\n";
return $decryptedData;}
"a" is the data (to encrypt/encrypted) while "b" is the random-key produced by openssl_seal and used for the decryption.
The two keyfiles habe been produced on Windows by using
- "openssl.exe genrsa -out private.key 1024" for the privateKey file
- "openssl.exe rsa -in private.key -out public.pem -outform PEM -pubout" for the publicKey file
Within PHP this all works as expected.
But how to implement the same technique in Android (and I'm a beginner!)?
I searched the web for examples to use in conjunction with openssl_seal on PHP side but didn't find anything working.
- I would like to be able to encrypt data on Android side and decrypt
it on PHP. - And when the server is sending encrypted data, this shall be decrypted on Android side (with a second public/privateKey pair I assume)
I also implemented the example mentioned here but that didn't work (openssl_private_decrypt was always FALSE on PHP side). So that didn't help me whereas it would be only Android=>PHP encryption without the other way round.
In sum: I'm looking for a way to encrypt and decrypt data sended between Android and PHP on each side where only the receiver can decrypt the data. Can somebody give me an example or even a clue?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
通常的方法不是(直接)非对称加密,而是使用加密(且经过身份验证)的通道来发送数据,例如使用 SSL/TLS。
在服务器端,您只需配置 Web 服务器即可提供 HTTPS 访问。
在客户端,我认为最简单的方法是使用 HTTPS URL 发送数据:
不过,我不确定如何配置 Android 接受的服务器证书。
这将(在后台)使用服务器的 RSA 密钥(在其证书中)来验证连接并协商对称加密的会话密钥。
The usual way to do this would not be (direct) asymmetric encryption, but using an encrypted (and authenticated) channel to send the data, for example using SSL/TLS.
On the server side, you simply have to configure your web server to also offer HTTPS access.
On the client side, I suppose the easiest would be to use an HTTPS URL to send the data:
I'm not sure on how to configure the accepted server certificates for Android, though.
This will (under the hoods) use the server's RSA key (in its certificate) to authenticate the connection and negotiate a session key for symmetric encryption.
如果您确实想手动进行加密,这也是可能的。
javax.crypto 包包含此处所需的必要类(一起一些来自 java.security 和子包),主要是
Cipher类。这个名为 Java 中的 RSA 加密 的页面显示了执行此操作的示例。
您可以使用 Java 的 KeyStore 机制(并将密钥库包含在您的 jar 中或 Android 上使用的任何格式),而不是从序列化格式的文件中加载公钥。
If you really want to do the encryption manually, this is possible, too.
The javax.crypto package contains the necessary classes needed here (together with some from java.security and subpackages), primarily the
Cipherclass.This page named RSA encryption in Java shows an example of doing this.
Instead of loading the public key from a file in serialized format, you could use Java's KeyStore mechanism (and include the keystore in your jar or whatever format is used on Android).