简体繁体 English

哪种加密算法最适合Python和Php之间的数据传输？

[英]What encryption algorithm would be best for data transfer between Python and Php?

原文 2010-02-22 10:21:12 7 3 php/ python/ algorithm/ security/ encryption

I am writing a client / server based program, Server side is with Php and Client is with Python, and I need to make sure the transfer data is safe both way. 我正在编写一个基于客户端/服务器的程序，服务器端使用Php，客户端使用Python，并且我需要确保两种传输数据都是安全的。

So, My question is 所以，我的问题是

What encryption algorithm would be best for data transfer between Python and Php? 哪种加密算法最适合Python和Php之间的数据传输？

I couldn't use Https 我无法使用Https
Need to decrypt/encrypt with key on both Python and Php 需要在Python和Php上使用密钥解密/加密
I would't need to have ~~shared~~ public key, key could be set in both Python and Php manually 我不需要共享公共密钥，可以在Python和Php中手动设置密钥
Since I don't know how to implement algorithm myself, examples on both language would be great. 由于我自己不知道如何实现算法，因此两种语言上的示例都很好。
My data are not serious like banking site, but just want to encrypt to be safe on the wire from sniffing 我的数据并不像银行网站那样严重，但只是想加密以防窃听

I've tried to check this question but I couldn't find suitable answer for me 我试图检查这个问题，但找不到适合我的答案

Compatible encryption between C# and PHP, ColdFusion, Ruby, Python C＃和PHP，ColdFusion，Ruby，Python之间的兼容加密

Thanks in advance. 提前致谢。

3 个解决方案

Do not attempt to invent an encryption scheme yourself. 不要尝试自己发明一种加密方案。 This is extremely difficult to get right (even professionals can't do this correctly on a regular basis). 这是很难做到的（即使专业人士也无法定期正确地做到这一点）。 The SSL suite of security protocols embodies literally decades of research and implementation experience that you will not be able to reinvent. SSL安全协议套件实际上体现了数十年的研究和实施经验，您将无法重塑。

For protection of private data over HTTP, the only correct answer is SSL. 为了通过HTTP保护私有数据，唯一正确的答案是SSL。 Anything else is doing yourself a disservice. 其他任何事情都会给自己造成伤害。

The answer is usually "it depends". 答案通常是“取决于”。 If all you're looking for is symmetric encryption of sufficient quantities of data you'll probably want something like AES. 如果您只想对足够数量的数据进行对称加密，则可能需要使用AES之类的东西。 There are however many ways in which you could use encryption that can turn out to be insecure in the end, which is why using https is a good idea since it's a bit higher level and harder to get badly wrong. 但是，使用加密的方法有很多，最终可能会变得不安全，这就是为什么使用https是个好主意的原因，因为它的级别更高，更难出错。 I am not a security researcher, but this is just going on general advice I've been given in regard to security. 我不是安全研究人员，但这只是我所获得的有关安全性的一般建议。

Anyways, there's a python library and you can apparently use mcrypt to handle encryption/decryption in PHP itself. 无论如何，这里有一个python库，您显然可以使用mcrypt在PHP本身中处理加密/解密。

Greg Hewgill is correct and has the best advice. 格雷格·休吉尔（Greg Hewgill）是正确的，并提供最佳建议。 I tried to invent my own token system, while somewhat successful, it is not what it could be. 我尝试发明自己的令牌系统，虽然取得了一些成功，但事实并非如此。 So i believe SSL is the best way to go. 因此，我相信SSL是最好的选择。

PHP has openssl built into it and such you can easily use that, which is what i am currently using. PHP内置有openssl，因此您可以轻松使用它，这就是我当前正在使用的。 If you phone your hosting provider and ask them to enable openssl that shouldn't be difficult, that is if it is not activated already. 如果您致电您的托管服务提供商并要求他们启用openssl，那应该不会很困难，也就是说，它尚未被激活。

As for Python, im not 100% about what is available, but just to encrypt with a public key will be sufficient as your server will decrypt this data with a private key. 对于Python，可用资源不是100％，而是仅用公共密钥加密就足够了，因为您的服务器将使用私有密钥解密此数据。

Public and private keys can be generated using your command line. 可以使用命令行生成公用密钥和专用密钥。 Here is a link to that: 这是一个链接：

http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/ http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/

He does use a javascript library for client side encryption, however there should be options for Python. 他确实使用JavaScript库进行客户端加密，但是Python应该有选项。