I have a webserver running mysql and php which sends data to a json string.
我有一个运行mysql和php的web服务器,它将数据发送到json字符串。
I have a second webserver which reads the data and then displays it.
我有第二个网络服务器,它读取数据然后显示它。
Everything works fine at the moment.
目前一切正常。
I need to add some sensitive data into the string, so I was wondering what is the best way to encrypt/decrypt the json using php?
我需要在字符串中添加一些敏感数据,所以我想知道使用php加密/解密json的最佳方法是什么?
Can someone help!?
有人可以帮忙!?
6 个解决方案
#1
9
I bet the best way is use SSL (HTTPS) and I recommend you to read the OWASP Guide and especially the How-To section.
我敢打赌最好的方法是使用SSL(HTTPS),我建议你阅读OWASP指南,特别是How-To部分。
#2
14
I always liked MCRYPT
我一直很喜欢MCRYPT
//Key
$key = 'SuperSecretKey';
//To Encrypt:
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, 'I want to encrypt this', MCRYPT_MODE_ECB);
//To Decrypt:
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB);
If that's something you're looking for. It'll treat the JSON as a string and then after you decrypt it you'll have to do your json_decode()
or whatever it is you're doing.
如果这是你正在寻找的东西。它会将JSON视为一个字符串,然后在解密之后你必须执行你的json_decode()或者你正在做的任何事情。
#3
5
It really depending on how sensitive the data are. However from my experience a simple php encryption usually do the trick. I would usually encrypt the sensitive fields in the json data fields before encoding it to a json string.
这实际上取决于数据的敏感程度。但是根据我的经验,简单的PHP加密通常可以解决问题。在将其编码为json字符串之前,我通常会对json数据字段中的敏感字段进行加密。
Here's the code for the encryption part.
这是加密部分的代码。
$key = 'password to (en/de)crypt'; $string = ' string to be encrypted '; // note the spaces
$ key ='密码到(en / de)crypt'; $ string ='要加密的字符串'; //注意空格
To Encrypt:
要加密:
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
To Decrypt:
要解密:
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
However, you should always hash (MD5, SHA1) passwords, preferably with some salt.
但是,您应始终哈希(MD5,SHA1)密码,最好使用一些盐。
#4
1
Store a private key on the server and use DES encryption; it's a 2-way algorithm.
在服务器上存储私钥并使用DES加密;这是一种双向算法。
EDIT:
编辑:
Per comments, it seems I've misinterpreted the question. My assumption was OP would like to send encrypted data out on the Internet like in an email or something then get the data back at a later time and be able to decrypt it. I'll be sure to clarify through comments in the future before submitting an answer.
根据评论,似乎我误解了这个问题。我的假设是OP希望像在电子邮件中那样在互联网上发送加密数据,然后在以后获取数据并能够解密它。在提交答案之前,我一定会在将来通过评论澄清。
#5
0
Use Open SSL:
使用Open SSL:
http://www.php.net/manual/en/book.openssl.php
http://www.php.net/manual/en/book.openssl.php
You can generate a public/private key pair without the need for https if it's unavailable.
如果不可用,您可以生成公钥/私钥对而无需https。
#6
-1
Of course, SSL (HTTPS) is needed to safely transfer data across the web.
当然,需要SSL(HTTPS)才能在Web上安全地传输数据。
But that said, there are still reasons to encrypt json data, before you sent them.
但是,在您发送之前,仍有理由加密json数据。
I had a problem with encrypting json data. It was caused by "\t" in json data. You need to remove them, before encryption. Otherwise there will be a problem when you want to decrypt it back to a propper json format.
我在加密json数据时遇到了问题。它是由json数据中的“\ t”引起的。在加密之前,您需要删除它们。否则,当您想要将其解密为propper json格式时会出现问题。
$plain_txt = str_replace("\r",'', $plain_txt);
$ plain_txt = str_replace(“\ r”,'',$ plain_txt);
$plain_txt = str_replace("\n",'', $plain_txt);
$ plain_txt = str_replace(“\ n”,'',$ plain_txt);
$plain_txt = str_replace("\t",'', $plain_txt);
$ plain_txt = str_replace(“\ t”,'',$ plain_txt);
See a working example: https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba
查看一个工作示例:https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba
#1
9
I bet the best way is use SSL (HTTPS) and I recommend you to read the OWASP Guide and especially the How-To section.
我敢打赌最好的方法是使用SSL(HTTPS),我建议你阅读OWASP指南,特别是How-To部分。
#2
14
I always liked MCRYPT
我一直很喜欢MCRYPT
//Key
$key = 'SuperSecretKey';
//To Encrypt:
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, 'I want to encrypt this', MCRYPT_MODE_ECB);
//To Decrypt:
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB);
If that's something you're looking for. It'll treat the JSON as a string and then after you decrypt it you'll have to do your json_decode()
or whatever it is you're doing.
如果这是你正在寻找的东西。它会将JSON视为一个字符串,然后在解密之后你必须执行你的json_decode()或者你正在做的任何事情。
#3
5
It really depending on how sensitive the data are. However from my experience a simple php encryption usually do the trick. I would usually encrypt the sensitive fields in the json data fields before encoding it to a json string.
这实际上取决于数据的敏感程度。但是根据我的经验,简单的PHP加密通常可以解决问题。在将其编码为json字符串之前,我通常会对json数据字段中的敏感字段进行加密。
Here's the code for the encryption part.
这是加密部分的代码。
$key = 'password to (en/de)crypt'; $string = ' string to be encrypted '; // note the spaces
$ key ='密码到(en / de)crypt'; $ string ='要加密的字符串'; //注意空格
To Encrypt:
要加密:
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
To Decrypt:
要解密:
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
However, you should always hash (MD5, SHA1) passwords, preferably with some salt.
但是,您应始终哈希(MD5,SHA1)密码,最好使用一些盐。
#4
1
Store a private key on the server and use DES encryption; it's a 2-way algorithm.
在服务器上存储私钥并使用DES加密;这是一种双向算法。
EDIT:
编辑:
Per comments, it seems I've misinterpreted the question. My assumption was OP would like to send encrypted data out on the Internet like in an email or something then get the data back at a later time and be able to decrypt it. I'll be sure to clarify through comments in the future before submitting an answer.
根据评论,似乎我误解了这个问题。我的假设是OP希望像在电子邮件中那样在互联网上发送加密数据,然后在以后获取数据并能够解密它。在提交答案之前,我一定会在将来通过评论澄清。
#5
0
Use Open SSL:
使用Open SSL:
http://www.php.net/manual/en/book.openssl.php
http://www.php.net/manual/en/book.openssl.php
You can generate a public/private key pair without the need for https if it's unavailable.
如果不可用,您可以生成公钥/私钥对而无需https。
#6
-1
Of course, SSL (HTTPS) is needed to safely transfer data across the web.
当然,需要SSL(HTTPS)才能在Web上安全地传输数据。
But that said, there are still reasons to encrypt json data, before you sent them.
但是,在您发送之前,仍有理由加密json数据。
I had a problem with encrypting json data. It was caused by "\t" in json data. You need to remove them, before encryption. Otherwise there will be a problem when you want to decrypt it back to a propper json format.
我在加密json数据时遇到了问题。它是由json数据中的“\ t”引起的。在加密之前,您需要删除它们。否则,当您想要将其解密为propper json格式时会出现问题。
$plain_txt = str_replace("\r",'', $plain_txt);
$ plain_txt = str_replace(“\ r”,'',$ plain_txt);
$plain_txt = str_replace("\n",'', $plain_txt);
$ plain_txt = str_replace(“\ n”,'',$ plain_txt);
$plain_txt = str_replace("\t",'', $plain_txt);
$ plain_txt = str_replace(“\ t”,'',$ plain_txt);
See a working example: https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba
查看一个工作示例:https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba