问题描述
我想使用RESTful请求中的头部的非对称加密来验证发送请求的系统的身份:即系统A在对系统B的请求中使用公钥加密其名称,时间戳和服务名称。系统B然后使用系统A的公钥进行解密,证明请求的真实性。1)php-mcrypt是否支持此功能?
2)有没有人对这种类型的操作进行基准测试?
不,mcrypt只是对称块密码。
然而,PHP OpenSSL扩展支持非对称操作。你想要的是和。
(您有一个轻微的术语问题 - 在非对称系统中,加密使用公钥和解密与私钥完成; 签名完成使用私钥和验证使用公钥。不要将签名与加密或解密混淆 - 尽管底层操作通常是相似的,但是并不一样,混淆可能导致不安全的实现)。
当然,您可以通过SSL进行REST,使用客户端证书进行身份验证。
I want to use asymmetric encryption of headers in RESTful requests to verify the identity of the system sending the request: i e System A encrypts it's name, timestamp, and the service name using it's public key in a request to System B. System B then uses the public key of System A to decrypt, proving the authenticity of the request.
1) Does php-mcrypt support this?
2) Has anyone benchmarked this type of operation?
No, mcrypt is just symmetric block ciphers.
However the PHP OpenSSL extension supports asymmetric operations. The ones you want are openssl_sign and openssl_verify.
(You have a slight terminology issue - in asymmetric systems, encryption is done with public keys and decryption with private keys; signing is done with private keys and verification with public keys. Do not confuse signing with encryption or decryption - although the underlying operations are often similar, it is not the same thing, and the confusion can lead to insecure implementations).
Of course, you could just do your REST over SSL, using client certificates for authentication.
这篇关于mcrypt是否支持非对称加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!