stackoom
  简体   繁体   中英

Encrypted and signed MIME messages using RFC 1847

 原文  2009-06-24 07:25:56       php/ encryption/ sockets/ gnupg/ openpgp

Question

I need a client-server encryption solution for web transfer, (ie signed and encrypted client-side, and verified and decrypted server-side).

I am using HTTP, but SSL is not available due to shared hosting restrictions (my server is a shared host environment). Looking into alternative solutions, I have decided on OpenPGP using GnuPG . One of the reasons is that it is supported in PHP through various PEAR and PECL modules (PHP is the language I intend to use for both my client script and my server script, though Perl is also available as a last resort).

I am now trying to decide on the best way to transmit the data. I have come across RFC 1847 , which defines encrypted and signed multipart MIME messages. This protocol is extended specifically for PGP in RFC 3156 . (I think these protocols are related to the S/MIME encrypted email protocol).

My question is: is there any reason to follow these standards? As far as protocols go, they look like sensible solutions, but are there any clients that actually use this protocol? For example, if I made a multipart/encrypted request to an Apache web server, will there be any easy way to retrieve the data? My tests using a PHP script made me think that PHP would be no use trying to decipher requests like these ($_POST data seems to come from 'multipart/form-data' MIME-type data).

As my host will let me open sockets, it would be possible for me to use PHP's socket programming API to write a PHP script to act as a server that will accept 'multipart/encrypted' and 'multipart/signed' HTTP requests, but this seems like overkill.

Any suggestions?

For more information on my problem, please see this question .

1 answers

solution1
 1 ACCPTED  2009-06-24 08:36:00

You're right - these protocols are related to enrypted mail protocol, using that in your case is a little bit of overkill and you wolud have to use OpenSSL php extension. Go with OpenPGP.

Since your client will be written in PHP - consider following scenarios:

Scenario 1: create simple SOAP webservice

Server and Client methods would be the same:

  • getPublicKey() - returns public key
  • sendMessage(msg) - returns answer

Scenario 2: use GET/POST message

  • Client -> HTTP GET (send me your public key) -> Server
  • Client <- (my public key is xxxx) <- Server
  • Client encrypts message with server's public key Client adds own public key to the message
  • Client -> HTTP POST (sends encrypted message) -> Server
  • Server decodes the message, and encodes answer with Clients public key
  • Client <- (encoded answer to client) <- Server

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sending emails digitally signed with S/MIME encryption using phpmailer Sending Encrypted Email S/MIME with PHP Can't decrypt signed S/Mime Message PHP-PKPass Not working with iOS 7 add the date and time that the pass was signed using the S/MIME signing-time attribute in PHP OneloginPHPSAMLSdk::processResponse() fails processing encrypted messages Blowfish-encrypted messages between NSIS and PHP How to decode encrypted soap messages with PHP How can I send a signed/encrypted Message with laravel? How to get Amazon s3 Encrypted object with signed URL? search in sap using sap_rfc
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM