技术控

    今日:123| 主题:49331
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] Encrypt form data without SSL in PHP - PHP Classes

[复制链接]
情绪迷乱 发表于 2016-10-5 20:08:58
70 4

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
Contents

  Introduction

  How does it work?

  PHP Implementation

  Conclusion

  Introduction

The   PHP Form Encryption  offers an application level encryption solution implemented in PHP and JavaScript applications for encrypting form data.
  SSL/TLS encryption provides a secure mechanism to protect information transmitted over public networks, but it is not always available.
  A small business private network with Wi-Fi can expose sensitive information, for example. There are many situations where the technical infrastructure or economic resources do not allow the installation of secure communication protocols.
  Some times the application level encryption may be sufficient, or can even complement the session and/or transport level security.
  

Encrypt form data without SSL in PHP - PHP Classes-1 (sufficient,technical,available,resources,transport)

     How does it work?

   1. Server receives a client request of a Web page that contains a form.
   2. Server generates a session RSA key pair, and send the public key included in the HTML response.
   3. The browser  fills out the form and generates a AES-256 key that is returned to server encrypted with the received public key and the AES encrypted form data. The browser saves this AES key using browser local storage.
   4. Server receives the RSA-encrypted AES key and decrypt it using the RSA private key. Then this AES key will be used to decrypt the received form data and to encrypt/decrypt future forms until it's changed or session expires.
   PHP Implementation

   A session must be started before using the Cryptopost class. Then, let's intercept an encrypted form:
   [code]session_start(); require_once './Cryptopost.class.php';
$crypto = new Cryptopost(1024, './openssl.cnf');
if (isset($_POST['cryptoPost'])) {
    $formId = $crypto->decodeForm();
}[/code]       So, now we know the id of the submited form and the $_POST superglobal contains the decrypted data. Before that $_POST will only contain something like:
       [code]var_dump($_POST) result:[/code]    [code]array(2) {
  ["cryptoPost_key"]=>
  string(256) "5df90b95ec4fab45d50d34c917c6578f939ccbfadf9486f133850d47a3d6b2c82a277a3468ca11fc7b9163c385eacc2a3a4d091cf8797e55d681b0279058a9f3e334092fb03791931d22ca3847f4f9d4dec0d0a47936f012b6be9723981088d0b049cff46a8e81ec93e2b4f7c3a387d36e2033754d1420a8dc800a4eec6cd0e9"
  ["cryptoPost"]=>
  string(242) "U2FsdGVkX1/53Ut6KFi36Ou/e3lIJz/5pf8FuPb1Yh//WdefKb0iyCke2/g0QPD5
BeknGV4L8dveRDbQ4kXm5YNi3nyG+/F8JWKDipA9ygHPf5KdFr6pYcfzNQjwwfd8
rIC19cl9IOJcs171tm0OBVknaloQWDwpLM/KjISdwwPiRGCtcBhkYrcdsgv6JcwD
aVuU4VunXdWJji9WAKD+1bJrThq2VLjEHhELl26y4vI="
}[/code]    Note that "crytoPost_key" entry will be received only once at first time that server receives a coded form. The following post requests will include only the "cryptoPost" entry unless the encryption keys are reset.
    To send the form encrypted to the server, simply include a call to the JavaScript cryptoPost object like this:
       [code]
[/code]  The browser may need an encrypted record to edit. The server can send it in this way:
  [code]$record = array(
    "name" => $name,[/code]  "address" => $address, "zipCode" => $zip
  );
   $encrypted =  $crypto -> encodeData ($record,  $formId);
  ... and then, at the bottom of the HTML code:
  [code][/code]  Conclusion

  This package provides a simple and easy way to protect your data with cryptography even without SSL/TLS.
   ThePHP Form Encryption requires the OpenSSL extension and PHP 5.4+ .
  It was made possible thanks to the work of Tom Wu, author of jsbn/RSA JavaScript library, and Mark Percival, author of Gibberish-AES JavaScript library.
  If you liked this article, use the share buttons above to let other developers know about it. Post your comments here if you have questions about this solution to encrypt form data without requiring SSL/TLS.
友荐云推荐




上一篇:Unity 8 Desktop Session Arrives in Ubuntu 16.10
下一篇:Building RESTful APIs With Flask: The DIY Approach
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

迎梦 发表于 2016-10-19 07:07:00
这么好的帖子,应该加精华!
回复 支持 反对

使用道具 举报

qixinyue 发表于 2016-10-22 19:33:56
帮你顶,人还是厚道点好
回复 支持 反对

使用道具 举报

晔伽从 发表于 2016-11-7 14:00:24
人生最痛苦的事就是方便面涨价了。
回复 支持 反对

使用道具 举报

ioiox 发表于 2016-11-7 19:14:01
酱油党莅临的地方,不仅仅是挽尊,不仅仅是消灭零回复,酱油所过暖意无边
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表