前端RSA加密数据

淮城一只猫 · · 390次浏览 ·

前言

由于业务需求,做好系统安全性,所以在登录密码数据费了心。
我使用的RSA非对称加密,意思前端使用公钥来加密数据,然后把数据发送到服务器,服务器获取到的数据再使用私钥来解密这个数据。

前端

前端需要jsencrypt库,下载引入即可。

该库的http://travistidwell.com/jsencrypt/demo/index.html

如果不会获取公钥私钥可以在demo复制粘贴即可。

当然你可以手动生成(需要安装openssl支持):

openssl genrsa -out rsa_1024_priv.pem 1024 // 生成1024位私钥
openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem // 生成对应公钥

实例如下:

<!doctype html>
<html>
<head>
    <title>JavaScript RSA Encryption</title>
</head>
<body>
<label for="privkey">私钥</label><br/>
<textarea id="privkey" rows="15" cols="65">-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
-----END RSA PRIVATE KEY-----</textarea><br/>
<label for="pubkey">公钥</label><br/>
<textarea id="pubkey" rows="15" cols="65">-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN
FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76
xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4
gwQco1KRMDSmXSMkDwIDAQAB
-----END PUBLIC KEY-----</textarea><br/>
<label for="input">文本:</label><br/>
<textarea id="input" name="input" type="text" rows=4 cols=70>This is a test!</textarea><br/>
<input id="testme" type="button" value="运行"/><br/>
<script type="text/javascript" src="assets/vendors/jquery/dist/jquery.min.js"></script>
<script type="text/javascript" src="assets/jsencrypt/jsencrypt.min.js"></script>
<script type="text/javascript">
    $(function () {
        $('#testme').click(function () {
            //使用公钥加密
            var encrypt = new JSEncrypt(),
                input = $('#input');
            encrypt.setPublicKey($('#pubkey').val());
            var encrypted = encrypt.encrypt(input.val());
            console.log( "加密的数据:" + encrypted );
            //使用私钥解密
            var decrypt = new JSEncrypt();
            decrypt.setPrivateKey($('#privkey').val());
            var uncrypted = decrypt.decrypt(encrypted);
            console.log( "解密的数据:" + uncrypted );
            //检验
            if (uncrypted === input.val()) {
                alert('成功');
            }
            else {
                alert('失败');
            }
        });
    });
</script>
</body>
</html>

PHP实例

<?php
function uncrypted( $data ) {
    //定义私钥
    $private_key = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
-----END RSA PRIVATE KEY-----';

    if ( ! $privateKey = openssl_pkey_get_private( $private_key ) ) {
        return false;
    }

    // decrypt
    $decrypted = '';
    if ( ! openssl_private_decrypt( base64_decode( $data ), $decrypted, $privateKey ) ) {
        return false;
    }


    // free the private key
    openssl_free_key( $privateKey );

    return $decrypted;
}

echo uncrypted('Q0mgwQyuoJh3aczzQ3bVe3fDDpzLE522cXLHlI7FGCcC3Z86Zhl63IbaFe+R5pCykpsm5hmiek+k/6WGh0JhbHWNiCLDYn67uFObbpct+3rVrsVykPuEWu4aeXE2NPb+qW/1cL7KM8j9oLvbQXsf5vhh18eUH6ygIcWBAqhLIy8=');

总结

大体步骤就是这样的,对于私钥和公钥,特别是私钥要存储好,别让人获取到。


淮城一只猫

永远年轻,永远热泪盈眶

发表评论

电子邮件地址不会被公开。 必填项已用*标注

我不是机器人*