JavaScript到PHP使用RSA算法进行加密通讯

Posted 2020-07-18

我们平时做用户登录表单提交，用户名密码都是明文直接POST到后端，这样很容易被别人从监听到。

在js上做rsa，感觉jsencrypt这个是封装的比较好的，但用起来还是遇到了些坑，所以踩进代码里填填坑～

项目在这里 https://github.com/travist/jsencrypt

关于jsencrypt和RSA我就不多介绍了，直接上代码

因为jsencrypt与最新的php不兼容所以折腾了好久，在js上做了些改动

可直接下载修改过的js：http://pan.baidu.com/s/1qYu0FA8

1，编辑jsencrypt.js，添加3个方法:

 1 function RSAEncryptLong(text) {
 2   var length = ((this.n.bitLength()+7)>>3) - 11;
 3   if (length <= 0) return false;
 4   var ret = "";
 5   var i = 0;
 6   while(i + length < text.length) {
 7     ret += this._short_encrypt(text.substring(i,i+length));
 8     i += length;
 9   }
10   ret += this._short_encrypt(text.substring(i,text.length));
11   return ret;
12 }
13 
14 /**
15    * base64编码
16    * @param {Object} str
17    */
18   function base64encode(str){
19     var out, i, len;
20     var c1, c2, c3;
21     len = str.length;
22     i = 0;
23     out = "";
24     while (i < len) {
25       c1 = str.charCodeAt(i++) & 0xff;
26       if (i == len) {
27         out += base64EncodeChars.charAt(c1 >> 2);
28         out += base64EncodeChars.charAt((c1 & 0x3) << 4);
29         out += "==";
30         break;
31       }
32       c2 = str.charCodeAt(i++);
33       if (i == len) {
34         out += base64EncodeChars.charAt(c1 >> 2);
35         out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
36         out += base64EncodeChars.charAt((c2 & 0xF) << 2);
37         out += "=";
38         break;
39       }
40       c3 = str.charCodeAt(i++);
41       out += base64EncodeChars.charAt(c1 >> 2);
42       out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
43       out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
44       out += base64EncodeChars.charAt(c3 & 0x3F);
45     }
46     return out;
47   }
48 
49   /**
50    * base64解码
51    * @param {Object} str
52    */
53   function base64decode(str){
54     var c1, c2, c3, c4;
55     var i, len, out;
56     len = str.length;
57     i = 0;
58     out = "";
59     while (i < len) {
60       /* c1 */
61       do {
62         c1 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
63       }
64       while (i < len && c1 == -1);
65       if (c1 == -1)
66         break;
67       /* c2 */
68       do {
69         c2 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
70       }
71       while (i < len && c2 == -1);
72       if (c2 == -1)
73         break;
74       out += String.fromCharCode((c1 << 2) | ((c2 & 0x30) >> 4));
75       /* c3 */
76       do {
77         c3 = str.charCodeAt(i++) & 0xff;
78         if (c3 == 61)
79           return out;
80         c3 = base64DecodeChars[c3];
81       }
82       while (i < len && c3 == -1);
83       if (c3 == -1)
84         break;
85       out += String.fromCharCode(((c2 & 0XF) << 4) | ((c3 & 0x3C) >> 2));
86       /* c4 */
87       do {
88         c4 = str.charCodeAt(i++) & 0xff;
89         if (c4 == 61)
90           return out;
91         c4 = base64DecodeChars[c4];
92       }
93       while (i < len && c4 == -1);
94       if (c4 == -1)
95         break;
96       out += String.fromCharCode(((c3 & 0x03) << 6) | c4);
97     }
98     return out;
99   }

2，找到这一行

RSAKey.prototype.encrypt = RSAEncrypt;

修改为：

RSAKey.prototype.encrypt = RSAEncryptLong;
RSAKey.prototype._short_encrypt = RSAEncrypt;

3，找到这一行代码

JSEncrypt.prototype.encrypt = function (string) {
  // Return the encrypted string.
  try {
    return hex2b64(this.getKey().encrypt(string));
  }

修改为：

JSEncrypt.prototype.encrypt = function (string) {
  // Return the encrypted string.
  try {
    return base64encode(this.getKey().encrypt(string));
  }

 

4，页面js加密代码

1 <script type="text/javascript" src="jsencrypt.js"></script>
2 <script>
3 function encrypt(msg) {
4     var rsa = new JSEncrypt();
5     rsa.setPublic(‘8a5f4d4fa7dd78ca8539ba8b9581b30c9ce04e1998cd881d5279221984bc606e2c7d3368dc184b357507966a0f20930ba665cd9e914d6b0b67c8636ffe8cacfd‘, ‘10001‘);
6     return rsa.encrypt(msg);
7 }
8 </script>

 

PHP解密代码

 1 require_once(‘Crypt/RSA.php‘);
 2 define("KEY_PRIVATE", "-----BEGIN RSA PRIVATE KEY-----
 3 MIIBOQIBAAJBAIpfTU+n3XjKhTm6i5WBswyc4E4ZmM2IHVJ5IhmEvGBuLH0zaNwYSzV1B5ZqDyCT
 4 C6ZlzZ6RTWsLZ8hjb/6MrP0CAwEAAQJAAlK9TTln9No5nbwtvHHesWHaO5V0b6b5ubkXmHlrtuwR
 5 nnNLGT9wqtIyP830/njo3qMFSIFKYGIErt+bSxEgBQIhAK5LTM2u2AudTUb6l1pi8qypXf7UHGUQ
 6 bTxqPZaeh4gHAiEAyz0Wt0emBEieUDw7D4g3IXCb36cJcqDJ0OOz9rAwedsCIEV7QzzjrMDEjp/z
 7 Gg8wTunCAvSpfkBT0hg5ih/XRtRVAiAQXVnf5iADBknhEgh7Zq9xvNyANLX5CeNWM4+BFIzCswIg
 8 dGr1KW1fmIGJXoJ8qbFUbY7Bgk+cEc0kf2GvudfGQ5k=
 9 -----END RSA PRIVATE KEY-----");
10 
11 function decrypt(msg) {
12     $rsa = new Crypt_RSA();
13     $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
14     $rsa->loadKey(KEY_PRIVATE, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
15     $s = new Math_BigInteger(base64_decode(msg), 16);
16     retrun $rsa->decrypt($s->toBytes());
17 }

 

最后 我希望这个解决方案能帮助你们中的一些人。如果我的文章有什么问题，请随时联系帮助我纠正它。

 

参考：

http://travistidwell.com/jsencrypt/

http://bestmike007.com/2011/08/secure-data-transmission-between-pure-php-and-javascript-using-rsa/