For a PHP-only solution:

对于仅限PHP的解决方案:

If you can keep a secret (on both ends), then you can use a self-implemented variant (yes, a variant) of Keyed-Hash Message Authentication Code (HMAC or KHMAC).

如果你可以保密(在两端),那么你可以使用Keyed-Hash消息认证码(HMAC或KHMAC)的自我实现的变体(是的,变体)。

The concept is that if you have the same secret on both ends, you can hash (message+secret) on the sending end, and hash (message+secret) on the recieving end. If the hashes match, then you have a valid message.

这个概念是,如果你在两端都有相同的秘密,你可以在发送端散列(消息+秘密),并在接收端散列(消息+秘密)。如果哈希匹配,那么您有一个有效的消息。

The secret is the key (pun intended). Because without the secret, it is infeasible that an attacker could alter the message AND generate a new hash that will verify on the receiving end.

秘密就是关键(双关语)。因为没有秘密,攻击者可以改变消息并生成将在接收端验证的新散列是不可行的。

Here is some example PHP code:

这是一些示例PHP代码:

// On the sending end:
define('SECRET', '12734981273912379128739128739127938794729327492');
$message = 'your-message';
$packet = $message . sha1($message . SECRET);

// On the receiving end:
define('SECRET', '12734981273912379128739128739127938794729327492');
$message = substr($packet, 0, -40);
if(sha1($message . SECRET) != substr($packet, -40))
    throw new Exception("Message Authentication failed!")
else
    do_something_with($message);

If you wanted additional security from a hacker re-posting the same message, you could add a random request identifier to each request, and ensure that the same hash is NEVER accepted.

如果您希望黑客重新发布相同消息的额外安全性,您可以为每个请求添加随机请求标识符,并确保不会接受相同的哈希。

DISCLAIMER: this as with all security sensitive code should be peer reviewed and verified before being trusted with sensitive data. Do through research on the topic, or better yet, use an existing library that handles this type of verification+authentication.

免责声明:与所有安全敏感代码一样,在受到敏感数据信任之前,应对其进行同行评审和验证。通过对该主题的研究,或者更好的是,使用处理此类验证+身份验证的现有库。

Just use two-way ssl. The client authenticates itself at the server with a ssl certificate not only the other way around.

只需使用双向ssl。客户端使用ssl证书在服务器上进行身份验证,而不仅仅是相反。

So the server knows it's the right client he gets the data form.

所以服务器知道它是正确的客户端,他获得了数据表单。

The client knows he sends the data to the right server

客户端知道他将数据发送到正确的服务器

jitter's solution (bidirectional SSL) works. However, a possibly simpler way is to use one-way SSL (authenticate receiving server) and Basic Auth. SSL provides confidentiality and Basic Auth authenticates the client.

抖动解决方案(双向SSL)有效。但是,一种可能更简单的方法是使用单向SSL(验证接收服务器)和Basic Auth。 SSL提供机密性,Basic Auth对客户端进行身份验证。

I'd look into using GnuPG: http://devzone.zend.com/article/1265

我会考虑使用GnuPG:http://devzone.zend.com/article/1265

My vote is for SSL, but as an alternative.

我的投票是针对SSL,但作为替代方案。

If both sites know a secret key (SK) then,

如果两个站点都知道密钥(SK),那么,

1. website1 (WS1) can send website2 (WS2) a nonce (N1)

website1(WS1)可以发送website2(WS2)一个随机数(N1)

2. WS2 can send WS1 a message that contains:
   • the data (could be encrypted using the secret key)

   数据(可以使用密钥加密)

   • md5(SK . N1) (i.e. proof that WS2 knows SK)

   md5(SK.N1)(即证明WS2知道SK)

   • md5(SK . data) (i.e. proof that the data was not manipulated by a third party

   md5(SK。数据)(即证明数据未被第三方操纵)

WS2可以向WS1发送一条消息,其中包含:数据(可以使用密钥加密)md5(SK.N1)(即证明WS2知道SK)md5(SK。数据)(即证明数据未被操纵第三方