非对称加密提交表单到PHP
首先用openssl工具生成一对RSA非对称密钥
openssl genrsa -out rsa_1024_priv.pem 1024
openssl rsa -pubout -in rsa_1024_priv.pem -out rsa_1024_pub.pem
然后在前端引入jsencrypt库,用于非对称加密,再绑定submit的onclick事件,对表单需加密数据进行加密处理
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/controller.php" id="form" method="post">
username:
<input type="text" name="username">
password:
<input type="password" name="password">
<input type="submit">
</form>
</body>
<script src="http://cdn.bootcss.com/jsencrypt/2.3.0/jsencrypt.min.js"></script>
<script>
var form_ele = document.getElementById('form');
var password_ele = form_ele.querySelector('[name=password]');
var submit_ele = form_ele.querySelector('[type=submit]');
submit_ele.onclick = function (e) {
var password = password_ele.value;
var encrypt = new JSEncrypt();
var publickey = '-----BEGIN PUBLIC KEY-----\
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7xzfMsVgFc/q1wUQ7vAUU7CD8\
W5eq0PnJb0Hv7Py1GQ+qYaqiasOqOr6T2FizbzSbXd+ZirEiZVdtFX9nKK4OlVHR\
zDSGulioUESLUuNQau0BeWFsEwxCMIMkAMM1fI5zDMp1PvxULdC5hFTLDXNCf5DY\
Yl4Xkc1LNsa4XYQV1QIDAQAB\
-----END PUBLIC KEY-----';
encrypt.setPublicKey(publickey);
password = encrypt.encrypt(password);
password_ele.value = password;
form_ele.submit();
return false;
}
</script>
</html>
然后就可以在后端PHP中通过openssl_private_decrypt方法解析传输过来的加密数据了
<?php
$privatekey = '-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC7xzfMsVgFc/q1wUQ7vAUU7CD8W5eq0PnJb0Hv7Py1GQ+qYaqi
asOqOr6T2FizbzSbXd+ZirEiZVdtFX9nKK4OlVHRzDSGulioUESLUuNQau0BeWFs
EwxCMIMkAMM1fI5zDMp1PvxULdC5hFTLDXNCf5DYYl4Xkc1LNsa4XYQV1QIDAQAB
AoGARRGwGqCYydixPS2LlZVBIUMBlxFxpikb19YOoNvA0DQZqQgnpXoz4medNfB8
H/Qlm4hZ+LYlFYvFLqCbriwuaRl3utzULP6XxVjI8NlLbbg+sXquDAJVtiIFVpBs
VNbvBFFMG9kwM0UnfRTcLDVu5kPH8PSpkuEF6BKRS2oyXcECQQDgteyUuDvMejIR
sYHf+GDOhtY6Ncy25cEgk07xSNz84uRhMBe2lVI9rTEmE2lSVSBBfsdKwums2VOK
bj8uJQYJAkEA1ezLEKCdOWN8VZLe8jQIGoPX7kYqIo1BiaUa+8eER/tMZlCsXDPQ
wRBfRBiiDGO9KAWR8i0vRMGTYAnol31kbQJAN1DxdUbJCbQHAU4GH6FgC1csA1Zd
F6UFXsSEiWcbZ3FfMQGKxNqLTT2GPM5IfgkQkK7p1mCW74LsSsaK7QwWKQJAHJ+n
eB0VjHU8ULLrM9s0bl/Px6kJwD/IUiOOXbwPfhYo3dPTjC6+suZ+6LynCiNaTv2X
zqCvH3MLRiFtRr/XbQJBANDOugkjgfTQKt2yHWEPMp+pNeRyPIycuHQq+ejoTp+G
y0SXaEGYTNdLpZ4D1mCVea/4qnhlnW8ir7KEC6ecI0I=
-----END RSA PRIVATE KEY-----';
if (openssl_private_decrypt(base64_decode($_POST['password']), $decrypted, $privatekey)) {
echo $decrypted . "\n";
} else {
echo 'error';
}