JS与PHP通过RSA加密传输

首先在linux服务器运行如下指令生成2048位的私钥：

openssl genrsa -out private_key.pem 2048

Linux里如果生成了SSH Key，直接用.ssh/下的id_rsa密钥也可以。

运行如下指令可查看对应公开指数e：

openssl rsa -inform PEM -text -noout < private_key.pem

上图e的十六进制数为默认的10001。

最后运行如下指令生成十六进制公钥：

openssl rsa -inform PEM -modulus -noout < private_key.pem

所生成公钥为”Modulus=”后面的字符串，之后将该字符串作为JS加密所用十六进制公钥。

如下JS前端代码加密需要使用http://www.ohdave.com/rsa/中提供的三个JS文件，下载位置如下图所示：

JS前端加密

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>JS前端RSA加密</title>
<meta name="description" content="">
<meta name="keywords" content="">
<link href="" rel="stylesheet">
<script type="text/javascript" src="jquery-3.2.1.min.js"></script>
<script type="text/javascript" src="BigInt.js"></script>
<script type="text/javascript" src="Barrett.js"></script>
<script type="text/javascript" src="RSA.js"></script>
<script type="text/javascript">
    $(function (){
        $("#submit_button").on("click", function(){
            setMaxDigits(259); // 上述参考网址的demo设定的262，为十六进制公钥长度/2+6(更大也可以，设置过小会出错)
            var key = new RSAKeyPair("10001", '10001', $("#publickey").val(), 2048); // 10001为上述公开指数e的十六进制数
            var password = $("#password").val();
            password = encryptedString(key, password, RSAAPP.PKCS1Padding, RSAAPP.RawEncoding);
            $("#password").val(window.btoa(password)); // 传输的密文需要进行base64编码
            $("#login").submit();
        });
    })
</script>
</head>
<body>
    <form name="login" id="login" method="post" action="decrypt.php">
        <input type="password" id="password" name="password">
        <input type="hidden" id="publickey" value="B1E6062988679D65FC5DC2D7E903317A6E3CE011BB5CDB4B00A4854BE561A78DC70AE5561657FC29D2D24CEA60CA65CCF83C5AFF017696269535E03AA808FC112445B502F0EC3A8AF559366A284333F8FB05B3EF9634FFF796ADC48BBA61B006629B73DB29193A50C03E92E1504AB2D17EC8207A485CA7E3DF3AD077CD0B99957F265A5588A3F3D57AD7281B9BCC62138E94C3BD7AE3FCD07FB1073DBF873A0E6EAAE10B15CFCB0D879944C325C407AE113A3BF1130FCE93AF87E68E0A1D941EAAF6AB1E9AEE32B844E219170F9966DE55FF4B0EE8C4A70EBCB593284E5F5CA27696ACEE115D01F76779FF4009383C397CE1481F68D20C568A4E9D72BAD4F0A9">
        <input type="button" id="submit_button" value="提交">
    </form>
</body>
</html>

下面PHP后端解密代码为上述参考网址所给demo

PHP后端解密

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en">

<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
    <title>RSA In JavaScript - Decrypt - ohdave.com</title>

<?php

// Encryption exponent and modulus generated via
// openssl genrsa -out private_key.pem 2048
$private_key = openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAseYGKYhnnWX8XcLX6QMxem484BG7XNtLAKSFS+Vhp43HCuVW
Flf8KdLSTOpgymXM+Dxa/wF2liaVNeA6qAj8ESRFtQLw7DqK9Vk2aihDM/j7BbPv
ljT/95atxIu6YbAGYptz2ykZOlDAPpLhUEqy0X7IIHpIXKfj3zrQd80LmZV/JlpV
iKPz1XrXKBubzGITjpTDvXrj/NB/sQc9v4c6Dm6q4QsVz8sNh5lEwyXEB64ROjvx
Ew/Ok6+H5o4KHZQeqvarHpruMrhE4hkXD5lm3lX/Sw7oxKcOvLWTKE5fXKJ2lqzu
EV0B92d5/0AJODw5fOFIH2jSDFaKTp1yutTwqQIDAQABAoIBAQCdJ45UDGs0Uc8C
aUjhUG/aLx5Z93AkFJmKZMxYgrelFAs85eIJ9QoPTG15gyekRRAwTuk4EuvWsxjn
MkG/Bcjfv8JQqNt6ZDEzku8OEqljdVUT8aP6drGU4Ch708//0kehvqA3gHQH3yQl
Yw3mJ0cW6MAUaNIaADq+ji9xVdMkhcHduCC0PxfqMhcDcnXeVt63yo2wU2K/cKnI
1/gVVd4WADxbomQ099C2PR5M/rfPHdTCjn5zSAlZcUOtibQNYMIiLiAMHbPaGiYO
+Kx1QIAXOq9Kkx75x8EKgXW7ydNyoyaNYBgizoItDnrZQ8GhcRTTlhdagYffqPcX
HsdpqZkBAoGBAOGnGz0QkeRS24Iz4mRopmIT6NbnZ8EQ5/vQPTSyq+am6I9rFx7L
O09BGJxphKV4ktWAho3FrrHqeDYMajmKcIo5nLkSVI6FwT//yGythweClbgmpiIg
V+8K33hq4ypU5PNqo6DUjEfdBaXfzryMeJxLoyESSjAir4033mDTnLrhAoGBAMnS
z0Q1Mjg4cBfFiTtZFQx48iVFrRpkg/HdF/qMv6Xc13HVEkbsK7b6rIT77Cvh80qv
5Bqql9Z3nlV2D0XbsVPBrlbEP9RhitSKPQ2QeWvFhqIOw0P+7jvxw7VuVjzpiWjV
XcF7jsxL12r7gQK3K1E5ELgFjNArFRVqzinhcvbJAoGAY3R4f+iOtLiEQRXHIYQy
WSX3SMjDJQfjh0wXveNF+qnz9Eo57Xubj2nchAvJx/illu5H37KSNZ5nD0NXijbn
NTUBS1y14f831pJQ7v1odznp7TkznfTtbNE4/2T07JJwOoz0w40Kqx3SQHKtNtMe
0ZxQsOHTyvVutGo8XCbIfGECgYBTqjCB9gt7gun08M6S67ruELVQ/jFkX4bTHPRz
ySUpfQNTDSEmhYEZuZELD+Q3zNMugvvskgufvLbGdsqeCxTXw9Kh5XkQcd87fJMS
rHGpW5kUVUpdRbE86FxZOgRF/Aoai1jyfGYWCtqiXuB8X7J1WVK09pgJM9Lprf0J
H4ypAQKBgQCwKhQmKEhYD3Php2Cuy/V/Q2EGmWRAcVG1u4r7Nj8tnXG5JEyQNPRV
dxuTdmpXrNIKm2g7N9+R1PTzzODg/utKOY9q/OI9E/RDdVFFQ6sM8XFhHuLN+So6
fgv6GlAkbuVRbwW/VYrS8/iPdSLkBU7akVNXiLZ+/suIw8oa6HFbXg==
-----END RSA PRIVATE KEY-----');

// ciphertext generated by JavaScript uses PKCS1 padding, emitted as base-64 string...
$ciphertext = $_POST['password']; // 获取POST提交密文
// ...convert to binary.
$bin_ciphertext = base64_decode($ciphertext); // 对密文base64解码

openssl_private_decrypt($bin_ciphertext, $plaintext, $private_key, OPENSSL_PKCS1_PADDING) // $plaintext为解密明文，解密函数为PHP自带函数
    or die("openssl_private_decrypt failed.");

?>

</head>

<body>

<form>
    Ciphertext:<br />
    <textarea rows=8 cols=64 name="txtCiphertext"><?= $ciphertext ?></textarea>
    <br />
    <br />
    Plaintext:<br />
    <textarea rows=8 cols=64 name="txtPlaintext"><?= $plaintext ?></textarea>
</form>

<div>
    <a href="decrypt.php.txt">This page's source.</a>
</div>

<br>

<div>
    <a href="index.php">Return to main RSA page</a>
</div>

</body>

</html>

如下图在前端输入密码“123456”然后提交： 

后端对接收到的密文进行解密，得到如下图所示的明文“123456”：

POST提交过来的为密文密码，这样即时被截获也很难被破解得到明文密码，提高了网站的安全性。