[英]Can I generate a key-pair in NodeJS, encrypt data in PHP using the public key, and decrypt in NodeJS?
Requirements: 要求:
Essentially I have a series of devices (running NodeJS
) that need to maintain their own unique private and public keys. 本质上,我有一系列设备(运行
NodeJS
),它们需要维护自己的唯一私钥和公钥。 They communicate with a centralized server in PHP
by pulling content. 他们通过提取内容与
PHP
的集中式服务器进行通信。
When a new device starts up, I would like it to generate a private and public key and send only the public key to the PHP server to be stored. 当新设备启动时,我希望它生成一个私钥和公钥,并且仅将公钥发送到PHP服务器进行存储。
When a device runs a GET
request on the PHP server, the server should use the public key it was provided to encrypt the data. 当设备在PHP服务器上运行
GET
请求时,该服务器应使用提供的公共密钥来加密数据。
When the device receives this response, it should be able to use the private key to decrypt this data. 当设备收到此响应时,它应该能够使用私钥解密此数据。
Currently: 目前:
I am currently generating a private and public key pair using keypair . 我目前正在使用keypair生成私钥和公钥对。 I send the public key to the PHP server to be stored and associated with the unique device.
我将公钥发送到PHP服务器进行存储并与唯一设备关联。
I encrypt the data on the PHP server using EasyRSA : 我使用EasyRSA加密PHP服务器上的数据:
$message = "Decrypt me if you can";
$publicKey = new PublicKey($storedPublicKey);
$encrypted = EasyRSA::encrypt($message, $publicKey);
return $encrypted;
With this encrypted string being returned to the NodeJS
app, I then try to decrypt it using NodeRSA (where response
is the string response from the PHP server): 将这个加密的字符串返回到
NodeJS
应用之后,我然后尝试使用NodeRSA对其解密(其中response
是来自PHP服务器的字符串响应):
const key = new NodeRSA(storedPrivateKey)
const result = key.decrypt(response)
However it errors out with: 但是,它会出现以下错误:
Error during decryption (probably incorrect key).
I believe I am missing something fundamental here, but am unsure on what that may be. 我相信我在这里遗漏了一些基本的东西,但是不确定是什么。 Any thoughts?
有什么想法吗?
EasyRSA and NodeRSA aren't compatible. EasyRSA和NodeRSA不兼容。
EasyRSA is a wrapper for the PHP Secure Communications Library ( phpseclib ). EasyRSA是PHP安全通信库 ( phpseclib )的包装。 It's not a pure RSA encryption, but a hybrid encryption : RSA is used for asymmetric encryption and defuse/php-encryption for symmetric encryption.
它不是纯RSA加密,而是混合加密 :RSA用于非对称加密,而defuse / php-encryption用于对称加密。 EasyRSA is described in more detail here , defuse/php-encryption uses AES-256-CTR in its core and is described here .
EasyRSA被更详细地描述在这里 , 缓和/ PHP-加密使用AES-256-CTR在其核心并且被描述在这里 。 The message to the recipient contains among other things the secret encrypted with the public RSA key and the plaintext encrypted with the symmetric key, where each component is Base64-encoded and all components are concatenated, separated by a
$
. 发给接收者的消息除其他外,还包含用公共RSA密钥加密的秘密和用对称密钥加密的明文,其中每个组件都是Base64编码的,所有组件都被连接起来,并用
$
分隔。 Details can be found in the encrypt
-method of the EasyRSA
-class. 详细信息可在发现
encrypt
的的-方法EasyRSA
-class。 An example is: 一个例子是:
EzR2$D6rpL1QleeNLWhqj27VZf/nyyau6i0AIWyGR0G/2Z8tLDp5VbrcIrg9hROG6MMSH1+SLHKyU45+P+V2LAgm7pSnsi3rxVmHnfCXVYIuZDvzpov520tFa5IWHtvFDKCKzckDcJmI3g50RGShDXuYGCPpDy1XpSoP3dGMfkf9Dsj+Y6YLrFwEACoS16azfQ9iiWr7yK2xx66OHAzZqIDyxNRJS3jJUVrcykSkpx4fSgplaKf36yRGoApNXR6/m8CyBpHw3GWe3GMLZi33nmW0DOGTK/eJZJII7Xx7k6nThU1t4thKyvNLIp2JYaUMmYmvwD3R7D3X++twDhTp77hEMfAe0eaVC6P2mAa8I2zIpqlqnqHslXUpqwUxgwaULJSlQiaBex2U1e75onaHu9UDLjV/VK7jgiYgdwq5psHEC4Ig+Xj183mMS8+hWGLHUiLaC+/zcliZaNKYuBihZg9kn7fAwlmgUZT671+bvHONYaDgQg9ULd5QBYlalVIU3BZZPKgvYjk+aLgljv+sExhUmvudWe0FQQGbgLncC8rx7xJzRHMq4qpKgKYtp49b5Gk0OrRYfukQsY9fIc/4m7y67oPBYhJCOSqR0P5YFA9W7wx2C4gpZaYYq0LOAbcNXtfn4QZ8gpxhytQQ0c/Scus0jN8UyOgx8FWF1zlXc7Cu4UAk=$3vUCABOzsE0AWMMPy+EWtmAQheAq5oYVfOF7TapT1LoFn72UHbYNjpD2LgG7w6ZCQjRtLFzFZc17Ntme/LvWK97cV1+mOIpk+j6V6WHZRbwb36iBTGhACZUFTMPiSLPfTXJRu+tQkwi8$2f933da952b7c683
Such a message can't be decrypted directly by NodeRSA because NodeRSA expects a pure RSA message. 这样的消息不能被NodeRSA直接解密,因为NodeRSA需要纯RSA消息。 In principle the decryption is possible, but would have to be done manually on the NodeJS side with probably relatively high effort (the main tasks would essentially include the RSA decryption of the secret, the derivation of the symmetric key from that secret, and finally the AES decryption).
原则上解密是可行的,但是必须在NodeJS端手动进行,而这可能要付出相对较高的努力(主要任务主要包括RSA解密密钥,从该密钥派生对称密钥,最后是密钥。 AES解密)。 Since NodeRSA only covers the RSA part, the remaining parts require additional libraries or custom code on the NodeJS side.
由于NodeRSA仅涵盖RSA部分,因此其余部分在NodeJS端需要其他库或自定义代码。
Note that the EasyRSA page, section Important warns of a possibly insufficient security. 请注意, EasyRSA页面的“ 重要”部分会警告安全性可能不足。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.