When we are doing projects, we inevitably use interfaces to request data, or provide data to other applications through interfaces. However, in network requests, our data can be captured by other software. , so that our data will not be leaked or tampered with. How should we deal with it in our actual project?
Let’s briefly talk about several encryption algorithms:
1.DES symmetric encryption algorithm, the full name is Data Encryption Standard, is a type of encryption that uses a key block algorithm. The length of the encrypted string is 64 bits (bit), and the encrypted string exceeding the number of bits is ignored. The so-called symmetric encryption means that the encryption and decryption keys are the same. Symmetric encryption generally divides the string to be encrypted into blocks according to a fixed length, which is less than a whole block or there is a special padding character at the end. (16 rounds of Feistel iterative cipher, block length 64bit, 64bit length encrypted with 56bit key)
2. AES Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also known as cryptography Rijndael encryption method is an upgraded version of DES. The block length of AES is 128bit, and the three optional key lengths are 128bit, 192bit and 256bit, and the number of rounds are 10, 12 and 14 respectively.
3.RSA encryption algorithm is an asymmetric encryption algorithm. Data encrypted using the public key is decrypted using the private key. The result after encryption or signature is an unreadable binary, which is often converted to BASE64 code is then transmitted.
4.SHA1 and MD5 are hashing algorithms that map data of any size to a smaller, fixed-length unique value. A cryptographically strong hash must be irreversible, which means that no part of the original information can be deduced from the hash result.
Related recommendations: "php Getting Started Tutorial"
The first type of interface encryption:
Sender and receiver agreement An encrypted salt value is used to generate a signature. The two parties sort the data and then splice the encrypted salt value for MD5 encryption and then generate a signature. Then the sender and the receiver receive the data and sign according to the encryption steps agreed upon by each other. Verification ensures that the data is accurate and will not be tampered with, but the transmitted data can be visible to others.
For example: md5(url?age=12&name=xiaomign&key=1234567890)
Second interface encryption:
Sender and receiver agree An encryption salt value, encryption method, and encryption vector are used to symmetrically encrypt the data and then decrypt it when used.
For example:
$method = "AES-128-CBC"; $key = "2911827315869D7F"; $iv = "1234567812345678"; $passcrypt = openssl_encrypt(json_encode(['name'=>'xiaoming', 'age' => 19]), $method, $key, OPENSSL_RAW_DATA, $iv); echo base64_encode($passcrypt); $data = base64_decode($request_data); $data = openssl_decrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv); $data = json_decode($data, true);
The htts protocol we use uses the RSA algorithm and symmetric encryption algorithm to encrypt and transmit data.
1. The client initiates an SSL connection request to the server;
2. The server sends the public key to the client, and the server saves the unique private key;
3. The client uses the public key to encrypt the symmetric secret key communicated by both parties and sends it to the server;
4. The server uses its own unique private key to decrypt the symmetric secret key sent by the client. , during this process, the intermediary party cannot decrypt it (even the client cannot decrypt it, because only the server side has the unique private key). This ensures the security of the symmetric secret key during the sending and receiving process. At this time, the server side and the client have exactly the same set of symmetric keys.
5. For data transmission, both the server and the client use the same public symmetric key to encrypt and decrypt the data, which can ensure the security during the data sending and receiving process. Even if a third party obtains the data packet, it will also It cannot be encrypted, decrypted and tampered with.
The above is the detailed content of How to encrypt php interface. For more information, please follow other related articles on the PHP Chinese website!