有没有办法以字符串格式生成两个相互依赖的键?
【问题讨论】:
public key [...] can only encrypt and not decrypt 并不完全正确:两个密钥都可以加密和解密,但一个密钥只能解密用 other 密钥加密的内容。
没有什么比代码故事更能解释这个概念了;p
这是一个示例,其中 alice 仅使用 bobs 公钥向 bob 发送加密消息,然后 bob 使用仅使用 alices 公钥的加密消息进行响应。
在这两种情况下,他们自己的私钥都用于解密消息。
<?php
// define an example, our people, messages and their keys
$people = [
'alice' => [
'keys' => gen_keys(),
'msg' => 'Hi Bob, I\'m sending you a private message'
],
'bob' => [
'keys' => gen_keys(),
'msg' => 'Thanks Alice, message received'
]
];
//
$encrypted = $decrypted = [
'alice' => '',
'bob' => ''
];
// public keys get exchanged, not private
// alice encrypts her message to bob
$encrypted['bob'] = encrypt(
$people['alice']['msg'], // message to encrypt
$people['bob']['keys']['public'] // bobs public key, which he sent to alice
);
// message sent to bob
// bob decrypts his message
$decrypted['bob'] = decrypt(
$encrypted['bob'], // message to decrypt
$people['bob']['keys']['private'] // bob's private key, which he uses to decrypt the message
);
// bob now responds
// bob encrypts his message to alice
$encrypted['alice'] = encrypt(
$people['bob']['msg'], // message to encrypt
$people['alice']['keys']['public'] // alice public key, which she sent to bob
);
// alice decrypts her message
$decrypted['alice'] = decrypt(
$encrypted['alice'], // message to decrypt
$people['alice']['keys']['private'] // alice's private key, which she uses to decrypt the message
);
//
print_r($decrypted);
/*
Array
(
[alice] => Thanks Alice, message received
[bob] => Hi Bob, I'm sending you a private message
)
*/
/**
* Functions - wraps for openssl operations
*/
// generate public and private key pair
function gen_keys() {
$res = openssl_pkey_new(array('private_key_bits' => 2048));
/* Extract the private key */
openssl_pkey_export($res, $privateKey);
/* Extract the public key */
$publicKey = openssl_pkey_get_details($res);
return ['public' => $publicKey["key"], 'private' => $privateKey];
}
// encrypt using public key
function encrypt($msg, $key) {
$ret = '';
openssl_public_encrypt(
$msg, // message to encrypt
$ret, // &encrypted message
$key // public key
);
return $ret;
}
// decrypts using private key
function decrypt($msg, $key) {
$ret = '';
openssl_private_decrypt(
$msg, // message to decrypt
$ret, // &decrypted message
$key // private key
);
return $ret;
}
【讨论】:
是的,它被称为非对称加密。使用公钥对数据进行加密,然后使用私钥对数据进行解密。这用于许多地方,例如在区块链、支付门户等领域。
你可以在这里找到一些有用的算法和理论来帮助理解:https://www.tutorialspoint.com/cryptography/public_key_encryption.htm
在 PHP 中,您可以使用 - openssl_encrypt() 和 openssl_decrypt() - 来获得类似的结果,或者 - base64_encode() 和 base64_decode() 或者您可以将两者混合使用以获得更安全的解决方案。
一个简单的例子可以是:
function my_simple_crypt( $string, $action = 'e' ) {
// you may change these values to your own
$secret_key = 'my_simple_secret_key';
$secret_iv = 'my_simple_secret_iv';
$output = false;
$encrypt_method = "AES-256-CBC";
$key = hash( 'sha256', $secret_key );
$iv = substr( hash( 'sha256', $secret_iv ), 0, 16 );
if( $action == 'e' ) {
$output = base64_encode( openssl_encrypt( $string, $encrypt_method, $key, 0, $iv ) );
}
else if( $action == 'd' ){
$output = openssl_decrypt( base64_decode( $string ), $encrypt_method, $key, 0, $iv );
}
return $output;
}
加密:
$encrypted = my_simple_crypt( 'Hello World!', 'e' );
解密:
$decrypted = my_simple_crypt( 'Hello World!', 'd' );
来源:https://nazmulahsan.me/simple-two-way-function-encrypt-decrypt-string/
【讨论】: