如何将数据从一个网站安全发送到另一个网站
我拥有2个网站,example.com和domain.com。我想将数据从example.com将数据安全地传输到domain.com。我正在看这个问题试图回答我的问题如何将数据从一个网站牢固发送到另一个网站的主要问题。但是,答案很旧。
我想知道如何发送此操作。我有以下代码,基本上具有基于此的网站和加密/解密数据的本地保存的加密密钥。但是,如果有人设法猜测钥匙,他们可以解密所有消息。我在传输数据的安全方法下面说明的方式是吗?还是有更好的方法?
function encrypt($key, $data) {
$encryption_key = base64_decode( $key );
if ($encryption_key === FALSE) {
return FALSE;
}
$iv = openssl_cipher_iv_length('aes-256-cbc');
if ($iv === FALSE) {
return FALSE;
}
$iv = openssl_random_pseudo_bytes($iv);
if ($iv === FALSE) {
return FALSE;
}
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
if ($encrypted === FALSE) {
return FALSE;
}
return base64_encode($encrypted . '::' . $iv);
}
function decrypt($key, $data) {
$encryption_key = base64_decode( $key );
if ($encryption_key === FALSE) {
return FALSE;
}
$decoded_data = base64_decode($data);
if ($decoded_data === FALSE) {
return FALSE;
}
list($encrypted_data, $iv) = array_pad(explode('::', $decoded_data, 2),2,null);
$decryption = openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
if ($decryption === FALSE) {
return FALSE;
}
return $decryption;
}
因此,这就是将要使用的,我将使用curl通过curl将加密数据发送到domain.com
// On example.com (aka sending data)
$example_key = 'key_is_123';
$data = "My secret is that I like apples";
$encrypted_msg = encrypt($example_key, $data);
echo("Sending encrypted message:\n$encrypted_msg\n\n");
// Send $encrypted_msg message via a POST request using cURL to domain.com
// On domain.com (aka receiving data)
$domain_key = $example_key;
$decrypted_msg = decrypt($domain_key, $encrypted_msg);
echo("Recieved messaged and decrypted message:\n$decrypted_msg");
I own 2 websites, example.com and domain.com. I want to securely transfer data from example.com to domain.com. I was looking at this question which is trying to answer my main question of how to send data securely from one website to another. However, the answer's are very old.
I am wondering how I can send do this. I have the below code which basically has the encryption keys saved locally on both websites and encrypts/decrypts data based on that. However, if someone managed to guess the key, they can decrypt all the messages. Is the way I have stated below a secure method to transfer data? Or is there a better way?
function encrypt($key, $data) {
$encryption_key = base64_decode( $key );
if ($encryption_key === FALSE) {
return FALSE;
}
$iv = openssl_cipher_iv_length('aes-256-cbc');
if ($iv === FALSE) {
return FALSE;
}
$iv = openssl_random_pseudo_bytes($iv);
if ($iv === FALSE) {
return FALSE;
}
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
if ($encrypted === FALSE) {
return FALSE;
}
return base64_encode($encrypted . '::' . $iv);
}
function decrypt($key, $data) {
$encryption_key = base64_decode( $key );
if ($encryption_key === FALSE) {
return FALSE;
}
$decoded_data = base64_decode($data);
if ($decoded_data === FALSE) {
return FALSE;
}
list($encrypted_data, $iv) = array_pad(explode('::', $decoded_data, 2),2,null);
$decryption = openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
if ($decryption === FALSE) {
return FALSE;
}
return $decryption;
}
So this is what would be used, and I would send the encrypted data via POST request using cURL to domain.com
// On example.com (aka sending data)
$example_key = 'key_is_123';
$data = "My secret is that I like apples";
$encrypted_msg = encrypt($example_key, $data);
echo("Sending encrypted message:\n$encrypted_msg\n\n");
// Send $encrypted_msg message via a POST request using cURL to domain.com
// On domain.com (aka receiving data)
$domain_key = $example_key;
$decrypted_msg = decrypt($domain_key, $encrypted_msg);
echo("Recieved messaged and decrypted message:\n$decrypted_msg");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论