I need a client-server encryption solution for web transfer, (ie signed and encrypted client-side, and verified and decrypted server-side).
I am using HTTP, but SSL is not available due to shared hosting restrictions (my server is a shared host environment). Looking into alternative solutions, I have decided on OpenPGP using GnuPG . One of the reasons is that it is supported in PHP through various PEAR and PECL modules (PHP is the language I intend to use for both my client script and my server script, though Perl is also available as a last resort).
I am now trying to decide on the best way to transmit the data. I have come across RFC 1847 , which defines encrypted and signed multipart MIME messages. This protocol is extended specifically for PGP in RFC 3156 . (I think these protocols are related to the S/MIME encrypted email protocol).
My question is: is there any reason to follow these standards? As far as protocols go, they look like sensible solutions, but are there any clients that actually use this protocol? For example, if I made a multipart/encrypted request to an Apache web server, will there be any easy way to retrieve the data? My tests using a PHP script made me think that PHP would be no use trying to decipher requests like these ($_POST data seems to come from 'multipart/form-data' MIME-type data).
As my host will let me open sockets, it would be possible for me to use PHP's socket programming API to write a PHP script to act as a server that will accept 'multipart/encrypted' and 'multipart/signed' HTTP requests, but this seems like overkill.
Any suggestions?
For more information on my problem, please see this question .
You're right - these protocols are related to enrypted mail protocol, using that in your case is a little bit of overkill and you wolud have to use OpenSSL php extension. Go with OpenPGP.
Since your client will be written in PHP - consider following scenarios:
Server and Client methods would be the same:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.