app接口传输加密，AES+签名，php实现

2018年01月23日 15:07:24

阅读数：607

一、说明

数据在传输层加密，app端：生成签名，并且对数据对接加密，服务端：解密数据，校验签名

通过抓包获取的效果

http://127.0.0.1/test_server.php?sign_c=55d714ddd874ee29462f00e6c3173450&send_u_e=RKt80FF4BvBwOUk7HRxWvUlpuUNtg30HGIX3AFfNOqKTv3lacOUcImXPXvUSaToTs8ju1sw/WtGUxw5vWUrGUZcBkB5q9mkwuo/MuDuRQivclvsX5NBMXNUP3rcEjj3Z3kvAq/ivCBWQH0MPZKXj2GGWZnuqia4fL00azVlJrMgB+bcbziaNKvZjpQebQZd3

这样安全性会很高，前提是app端反编译后得不到秘钥以及其算法

服务端解密：

app接口传输加密，AES+签名，php实现

二、代码如下：

<?php
//模拟app端
header("Content-type:text/html;charset=utf-8");
require 'encryption.class.php';
require 'sign.class.php';
//---------------very important------------
$signkey = 'asdfghjkl123trher65465er4m'; //签名秘钥
$contentkey = 'qwertyuiop123hewfti6545edrg'; //内容秘钥
//---------------------------------------
//修改资料
$send_data['uname'] = 'zhangsan';
$send_data['password'] = '1234567890';
$send_data['sex'] = '1';
$send_data['qianming'] = '这是我的blog：http://blog.csdn.net/qq43599939';
$send_data['deviceid'] = '821565464562154';
$send_data['time'] = time();
//第一步生成签名
$sign_c = SignatureClass::getSignature($send_data, $signkey);
//对内容进行加密 AES后base64
$send_u = SignatureClass::getStr($send_data);
$send_u_e = (EncryClass::encrypt($send_u,$contentkey));
//$send_u_e = trim(str_replace('+','%2B', (EncryClass::encrypt($send_u,$contentkey))));
//走get
//$url = 'http://127.0.0.1/test_server.php?sign_c='.$sign_c.'&send_u_e='.$send_u_e;
//走post
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://127.0.0.1/test_server.php');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
$post_data = array(
"sign_c" => $sign_c,
"send_u_e" => $send_u_e
);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
$data = curl_exec($curl);
curl_close($curl);
print_r($data);

<?php
//服务端，接受数据处理
header("Content-type:text/html;charset=utf-8");
require 'encryption.class.php';
require 'sign.class.php';
//---------------very important------------
$signkey = 'asdfghjkl123trher65465er4m'; //签名秘钥
$contentkey = 'qwertyuiop123hewfti6545edrg'; //内容秘钥
//---------------------------------------
$send_u_e = $_POST['send_u_e'];
$sign_c = $_POST['sign_c'];
$send_u = EncryClass::decrypt($send_u_e,$contentkey);
$send_data_t = explode('&',$send_u);
$send_data = array();
foreach($send_data_t as $k=>$v)
{
$v_t = explode('=', $v);
$send_data[$v_t[0]] = trim($v_t[1]);
}
$sign_c_s = SignatureClass::getSignature($send_data, $signkey);
echo $sign_c_s;
echo '----';
echo $sign_c;
echo '<br>';
var_dump($send_data);

<?php
//加密算法，可替换
class EncryClass
{
private static $iv = "0126779521026546";//**偏移量IV，可自定义
//加密
public static function encrypt($encryptStr,$encryptKey) {
$localIV = self::$iv;
//Open module
$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, $localIV);
//print "module = $module <br/>" ;
mcrypt_generic_init($module, $encryptKey, $localIV);
//Padding
$block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$pad = $block - (strlen($encryptStr) % $block); //Compute how many characters need to pad
$encryptStr .= str_repeat(chr($pad), $pad); // After pad, the str length must be equal to block or its integer multiples
//encrypt
$encrypted = mcrypt_generic($module, $encryptStr);
//Close
mcrypt_generic_deinit($module);
mcrypt_module_close($module);
return base64_encode($encrypted);
}
//解密
public static function decrypt($encryptStr,$encryptKey) {
$localIV = self::$iv;
//Open module
$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, $localIV);
//print "module = $module <br/>" ;
mcrypt_generic_init($module, $encryptKey, $localIV);
$encryptedData = base64_decode($encryptStr);
$encryptedData = mdecrypt_generic($module, $encryptedData);
return $encryptedData;
}
}

<?php
class SignatureClass
{
public static function getSignature($params, $secret)
{
$str = '';
ksort($params);
foreach ($params as $k => $v) {
$str .= "$k=$v&";
}
$str .= $secret;
return md5($str);
}
public static function getStr($params)
{
$str = '';
ksort($params);
foreach ($params as $k => $v) {
$str .= "$k=$v&";
}
$str = rtrim($str,'&');
return $str;
}
}