RSA 加解密的例子,JS加密--php解密
2015-06-18 09:34
666 查看
在网上找到一个很好的RSA 加解密的例子:其中JS用的库在 https://github.com/ziyan/javascript-rsa 上能找到(要用到的加解密库文件有jsbn.js jsbn2.js sha1.js rsa.js 记得加上jsbn2.js不然会出错的)完整的例子上面也有,可以下载。下面粘贴一下例子:
login.html
login.php
另外2个可以参考的例子的链接,都很值得一看:
http://blog.csdn.net/linvo/article/details/5666975
http://stackoverflow.com/questions/610048/rsa-encryption-decryption-compatible-with-javascript-and-php
login.html
<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <title>Javascript RSA - Login Test</title> <script type="text/javascript" src="jsbn.js"></script> <script type="text/javascript" src="rsa.js"></script> <script type="text/javascript" src="sha1.js"></script> <script type="text/javascript" src="jsbn2.js"></script> <script type="text/javascript"> var $pem = "-----BEGIN PUBLIC KEY-----MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMYQWDqtLgDKlQvWzacGeBMQpbicd/uoXAvgLNpFZLM7zuYFDhrYncRsl8LIHK0K3f7e1aFmUVgM4LrKU2WFIw0CAwEAAQ==-----END PUBLIC KEY-----"; var $key = RSA.getPublicKey($pem); function assemble() { var password_field = document.getElementById("password"); var data_field = document.getElementById("data"); data_field.value=sha1(password_field.value) + (new Date().getTime()); } function encrypt() { var login_field = document.getElementById("login"); var data_field = document.getElementById("data"); login_field.value=RSA.encrypt(data_field.value, $key); } </script> </head> <body> <h1>Javascript RSA - Login Test</h1> This test is an example to perform user login using javascript RSA. <br/> <ol> <li>The user type in E-mail as username and a password.</li> <li>The client-side javascript hashes the password using SHA-1.</li> <li>The client-side javascript attach a timestamp to the end of the hash.</li> <li>The client-side javascript encrypt the whole thing with the RSA public key.</li> <li>The browser submits the encrypted data.</li> </ol> <strong>For testing purpose, the credential to login is any E-mail with the password "test".</strong><br/><br/> <form action="login.php" method="post"> Email:<br/> <input name="email" type="text" size="40"/><br/> Password:<br/> <input id="password" type="password" size="40"/><br/> <input type="button" onclick="assemble()" value="1. Assemble"/><br/> <textarea id="data" cols="50" rows="2"></textarea><br/> <input type="button" onclick="encrypt()" value="2. Encrypt"/><br/> <textarea id="login" name="login" cols="50" rows="10"></textarea><br/> <input name="submit" type="submit" value="3. Login" size="10"/> </form> </body> </html>
login.php
login.php <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <title>Javascript RSA - Login Test</title> </head> <body> <?php define("KEY_PUBLIC", "-----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMYQWDqtLgDKlQvWzacGeBMQpbicd/uo XAvgLNpFZLM7zuYFDhrYncRsl8LIHK0K3f7e1aFmUVgM4LrKU2WFIw0CAwEAAQ== -----END PUBLIC KEY----- "); define("KEY_PRIVATE", "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,2BE9EB9BD7712C2B FQ9nRtev8hFY+FXkbnH2qBdg7+cD4x759C5c+5PhwWAVccOA4nvtBnE4AUT1bC+H r/viTPzL5M0vFbAfpOPeUVfuCYXmAxFwcW+pn++UtlNezMtWqZdGPSPc86OqtChE PjZ5rNBhjTAY7xXX2n+jbZSq8M2LSWyM4gy3Oj8QMnKwdGNWeM/E/4uYyMr5V3Eb 7KveReWJnZ3r3mF7uWJYCjABRzVF8k5sn86FpRn6pLWRHigkpiyNGF7acJMRqaSY RUIrVf5xclLloUoSuEAe8HSdTH7oxl3vqf8byedqzuWyAxCFWRNr2e+TJ79f1XPJ m9vLhWhm1BWM3OiB8iw2MkaTx/RCEf31O3cgNG3bcW/uIZrvdV0xRhHsjk0HNFNI QOEcS73avo2o4ncPJpxLGqg+a0ERtRhFRp0JdgwCxl8= -----END RSA PRIVATE KEY----- "); define("KEY_PASSPHRASE", "testkey"); define("TEST_PASSWORD", "test"); function login($email, $login) { // decrypt argument if(!openssl_private_decrypt($login, $login, openssl_pkey_get_private(KEY_PRIVATE,KEY_PASSPHRASE))) { echo "Failed to decrypt message.\n"; return false; } // expecting sha1password+timestamp if(strlen($login)<44) return false; // extract password $password = substr($login,0,40); // extract stamp, stamp has milliseconds and is bigger than int $stamp = substr($login,40); // extract timestamp, timestamp is in seconds, and is an int $timestamp = substr($stamp,0,strlen($stamp)-3); if(!is_numeric($timestamp)) return false; // check timestamp if(abs(time() - (int)$timestamp) > 300) { echo "Timestamp expired. Client and server times may be out of sync.\n"; return false; } // construct stamp //$stamp = "user.login.".sha1($email).".".$stamp; // take a note of the stamp, each unique stamp can only be used once //if($memcache->get($stamp) != NULL) return false; //$memcache->set($stamp,1,USER_LOGIN_TIMESTAMP_TTL); // connect to db and check password // check password if (pack("H*",$password)!=pack("H*",sha1(TEST_PASSWORD))) { echo "Password incorrect.\n"; return false; } return true; } ?> <h1>Javascript RSA - Login Test</h1> This test is an example to perform user login using javascript RSA. <br/> <ol> <li>Once the encrypted data is received, the server side decrypt using private key.</li> <li>The message is separated into two parts, the hash and the timestamp.</li> <li>The timestamp is checked to make sure the request is made in recent time. Set to allow up to 30 second difference.</li> <li>The timestamp is recorded to make sure no single timestamp is repeated for a user.</li> <li>The password hash is compared to the hash in the database.</li> </ol> For testing purpose, the credential to login is any E-mail with the password "test".<br/> No database connection is made in this test. A hardcoded check is used. <br/> Also the duplicate timestamp check is by-passed since it requires the presence of a memcached server.<br/> The result is displayed:<br/> <pre> <?php $email = $_REQUEST["email"]; $login = base64_decode($_REQUEST["login"]); if(login($email, $login)) echo "login succeeded!"; else echo "login failed!"; ?> </pre> The source code for this php file is available <a href="login.txt">here</a>. </body> </html>
另外2个可以参考的例子的链接,都很值得一看:
http://blog.csdn.net/linvo/article/details/5666975
http://stackoverflow.com/questions/610048/rsa-encryption-decryption-compatible-with-javascript-and-php
相关文章推荐
- php使用MySQL保存session会话的方法
- php判断表是否存在的方法
- 四种排序算法PHP实现类
- php面向对象基础概念(接口)
- php判断表是否存在的方法
- php使用MySQL保存session会话的方法
- 基于PHP实现的事件机制实例分析
- 试用php中oci8扩展
- php编写简单的文章发布程序
- php遍历树的常用方法汇总
- php实现mysql数据库分表分段备份
- ThinkPHP里用U方法调用js文件实例
- php使用COPY函数更新配置文件的方法
- php实现只保留mysql中最新1000条记录
- 浅谈php中include文件变量作用域
- php文件压缩之PHPZip类用法实例
- php实现的用户查询类实例
- 基于php的CMS中展示文章类实例分析
- PHP批量生成图片缩略图的方法
- php文件操作相关类实例