Heim > Backend-Entwicklung > PHP-Tutorial > Sichern von Daten mit RSA-Verschlüsselung und -Entschlüsselung auf allen Plattformen

Sichern von Daten mit RSA-Verschlüsselung und -Entschlüsselung auf allen Plattformen

DDD
Freigeben: 2024-09-29 20:07:02
Original
563 Leute haben es durchsucht

Securing Data with RSA Encryption and Decryption Across Platforms

Introduction to RSA Encryption

In today's digital landscape, securing sensitive data is crucial for individuals and organizations alike. RSA (Rivest-Shamir-Adleman) encryption stands out as a robust solution for protecting data. It is an asymmetric encryption algorithm, which means that it uses a pair of keys: a public key for encryption and a private key for decryption. One of the main benefits of RSA encryption is that the private key never needs to be shared, which minimizes the risk of it being compromised.

This article explores how to use RSA encryption across three popular programming languages—JavaScript, Python, and PHP—making it easier to secure data in cross-platform applications.

Cross-Platform Encryption and Decryption: The Scenario

Imagine you're building a web application where sensitive information (like authentication data or personal details) must be securely transmitted between the client (front end) and the server (back end). For instance, you might encrypt a message on the client side in JavaScript and then decrypt it on the server using either Python or PHP.

RSA is well-suited for this scenario because it provides the flexibility of encryption in one language and decryption in another, ensuring cross-platform compatibility.

RSA Implementation: JavaScript, Python, and PHP

JavaScript (Next.js with JSEncrypt)
Encryption:

import JSEncrypt from 'jsencrypt';

// Function to encrypt a message using a public key
const encryptWithPublicKey = (message) => {
  const encryptor = new JSEncrypt();
  const publicKey = process.env.NEXT_PUBLIC_PUBLIC_KEY.replace(/\\n/g, "\n");
  encryptor.setPublicKey(publicKey);
  const encryptedMessage = encryptor.encrypt(message);
  return encryptedMessage;
};
Nach dem Login kopieren

Decryption:

import JSEncrypt from 'jsencrypt';

// Function to decrypt a message using a private key
const decryptWithPrivateKey = (encryptedMessage) => {
  const decryptor = new JSEncrypt();
  const privateKey = process.env.PRIVATE_KEY.replace(/\\n/g, "\n");
  decryptor.setPrivateKey(privateKey);
  const decryptedMessage = decryptor.decrypt(encryptedMessage);
  return decryptedMessage;
};
Nach dem Login kopieren

Explanation:

Public Key Encryption: The JSEncrypt library encrypts the message using the public key. This ensures that only the corresponding private key can decrypt it.
Private Key Decryption: The message is decrypted with the private key, which is securely stored in an environment variable.
Security Consideration: By using RSA, we ensure that the data sent from the client is encrypted and secure.

Python (using rsa library)
Encryption:

import rsa
import base64

def encrypt_with_public_key(message: str, public_key_str: str) -> str:
    public_key = rsa.PublicKey.load_pkcs1_openssl_pem(public_key_str.encode())
    encrypted_message = rsa.encrypt(message.encode(), public_key)
    return base64.b64encode(encrypted_message).decode()
Nach dem Login kopieren

Decryption:

import rsa
import base64

def decrypt_with_private_key(encrypted_message: str, private_key_str: str) -> str:
    private_key = rsa.PrivateKey.load_pkcs1(private_key_str.encode())
    encrypted_bytes = base64.b64decode(encrypted_message.encode())
    decrypted_message = rsa.decrypt(encrypted_bytes, private_key)
    return decrypted_message.decode()
Nach dem Login kopieren

Explanation:

Public Key Encryption: The message is encrypted using a public key, ensuring that only the intended private key holder can decrypt it.
Base64 Encoding: After encryption, the message is Base64 encoded to ensure compatibility with text transmission.
Private Key Decryption: The private key is used to decrypt the Base64-encoded encrypted message, ensuring confidentiality.

PHP (using OpenSSL)
Encryption:

function encrypt_with_public_key($message) {
    $publicKey = getenv('PUBLIC_KEY');
    openssl_public_encrypt($message, $encrypted, $publicKey);
    return base64_encode($encrypted);
}
Nach dem Login kopieren

Decryption:

function decrypt_with_private_key($encryptedMessage) {
    $privateKey = getenv('PRIVATE_KEY');
    $encryptedData = base64_decode($encryptedMessage);
    openssl_private_decrypt($encryptedData, $decrypted, $privateKey);
    return $decrypted;
}
Nach dem Login kopieren

Explanation:

Public Key Encryption: The openssl_public_encrypt function encrypts the message using the public key, ensuring that only the private key can decrypt it.
Private Key Decryption: The openssl_private_decrypt function decrypts the message using the private key, ensuring that sensitive information remains secure.
Environment Variables: Both the public and private keys are securely stored in environment variables, enhancing security.

Best Practices for Encryption

Use Environment Variables: Always store your keys in environment variables instead of hard-coding them into your application. This reduces the risk of exposing sensitive information.
Encrypt Sensitive Data: Encrypt personal and sensitive data such as passwords, financial details, or personally identifiable information (PII) to prevent unauthorized access.
Use HTTPS: Ensure your application communicates over HTTPS to safeguard data in transit.
Secure Key Management: Regularly rotate encryption keys and ensure they are stored securely.

Why Choose RSA Encryption?

Enhanced Data Security: RSA encryption ensures that sensitive data is kept secure during transmission, preventing unauthorized access.
Asymmetric Encryption: RSA uses a public key for encryption and a private key for decryption, which ensures the private key never needs to be shared.
Cross-Platform Compatibility: RSA works seamlessly across different platforms and programming languages, making it ideal for web applications where different technologies are used on the client and server sides.

Conclusion

Le cryptage RSA offre un moyen fiable de sécuriser les données sensibles dans plusieurs environnements de programmation. En implémentant le chiffrement et le déchiffrement RSA dans JavaScript, Python et PHP, vous pouvez protéger les informations sensibles, améliorer la sécurité et garantir la compatibilité multiplateforme. Qu'il s'agisse de sécuriser les appels API, de sauvegarder les données des utilisateurs ou d'assurer la confidentialité des messages, RSA fournit une solution de chiffrement robuste.

Si vous avez trouvé ce guide utile, pensez à le partager avec d'autres développeurs et restez à l'écoute pour plus d'informations sur le chiffrement et la sécurité des données !

Chiffrement #RSA #CyberSecurity #DataSecurity #WebDevelopment #CrossPlatformSecurity #JavaScript #Python #PHP

Das obige ist der detaillierte Inhalt vonSichern von Daten mit RSA-Verschlüsselung und -Entschlüsselung auf allen Plattformen. Für weitere Informationen folgen Sie bitte anderen verwandten Artikeln auf der PHP chinesischen Website!

Quelle:dev.to
Erklärung dieser Website
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn
Beliebte Tutorials
Mehr>
Neueste Downloads
Mehr>
Web-Effekte
Quellcode der Website
Website-Materialien
Frontend-Vorlage