我可以在NodeJS中生成密钥对,使用公钥在PHP中加密数据,在NodeJS中解密吗?
Requirements:
Essentially I have a series of devices (running NodeJS) that need to maintain their own unique private and public keys. They communicate with a centralized server in PHP by pulling content.
When a new device starts up, I would like it to generate a private and public key and send only the public key to the PHP server to be stored.
When a device runs a GET request on the PHP server, the server should use the public key it was provided to encrypt the data.
When the device receives this response, it should be able to use the private key to decrypt this data.
Currently:
I am currently generating a private and public key pair using keypair. I send the public key to the PHP server to be stored and associated with the unique device.
I encrypt the data on the PHP server using EasyRSA:
$message = "Decrypt me if you can";
$publicKey = new PublicKey($storedPublicKey);
$encrypted = EasyRSA::encrypt($message, $publicKey);
return $encrypted;
With this encrypted string being returned to the NodeJS app, I then try to decrypt it using NodeRSA (where response is the string response from the PHP server):
const key = new NodeRSA(storedPrivateKey)
const result = key.decrypt(response)
However it errors out with:
Error during decryption (probably incorrect key).
I believe I am missing something fundamental here, but am unsure on what that may be. Any thoughts?
要求: strong> p>
基本上我有一个 一系列设备(运行 当新设备启动时,我希望它生成私钥和公钥并发送 只有要存储的PHP服务器的公钥。 p>
当设备在PHP服务器上运行 当设备收到此响应时,它应该能够使用私钥解密此数据。 p>
目前: strong> p>
我目前正在使用 keypair 。 我将公钥发送到PHP服务器进行存储并与唯一设备关联。 p>
我使用 EasyRSA : p>
使用此加密字符串 返回 但是它出错了: p>
我相信我在这里缺少一些基本的东西,但我不确定这是什么 也许。 有什么想法吗? p>
div> NodeJS code>),需要维护自己唯一的私钥和公钥。 他们通过提取内容与 PHP code>中的集中式服务器进行通信。 p>
GET code>请求时,服务器应该使用公钥 用于加密数据。 p>
$ message =”如果可以,请解密我“;
$ publicKey = new PublicKey($ storedPublicKey);
$ encrypted = EasyRSA :: encrypt($ message,$ publicKey);
return $ encrypted;
code> pre>
NodeJS code>应用程序,然后尝试使用 NodeRSA (其中 response code>是来自PHP服务器的字符串响应): p>
const key = new NodeRSA(storedPrivateKey)
const result = key .decrypt(响应)
code> pre>
解密时出错(可能是错误的密钥) 。 code> p>
EasyRSA and NodeRSA aren't compatible.
EasyRSA is a wrapper for the PHP Secure Communications Library (phpseclib). It's not a pure RSA encryption, but a hybrid encryption: RSA is used for asymmetric encryption and defuse/php-encryption for symmetric encryption. EasyRSA is described in more detail here, defuse/php-encryption uses AES-256-CTR in its core and is described here. The message to the recipient contains among other things the secret encrypted with the public RSA key and the plaintext encrypted with the symmetric key, where each component is Base64-encoded and all components are concatenated, separated by a $. Details can be found in the encrypt-method of the EasyRSA-class. An example is:
EzR2$D6rpL1QleeNLWhqj27VZf/nyyau6i0AIWyGR0G/2Z8tLDp5VbrcIrg9hROG6MMSH1+SLHKyU45+P+V2LAgm7pSnsi3rxVmHnfCXVYIuZDvzpov520tFa5IWHtvFDKCKzckDcJmI3g50RGShDXuYGCPpDy1XpSoP3dGMfkf9Dsj+Y6YLrFwEACoS16azfQ9iiWr7yK2xx66OHAzZqIDyxNRJS3jJUVrcykSkpx4fSgplaKf36yRGoApNXR6/m8CyBpHw3GWe3GMLZi33nmW0DOGTK/eJZJII7Xx7k6nThU1t4thKyvNLIp2JYaUMmYmvwD3R7D3X++twDhTp77hEMfAe0eaVC6P2mAa8I2zIpqlqnqHslXUpqwUxgwaULJSlQiaBex2U1e75onaHu9UDLjV/VK7jgiYgdwq5psHEC4Ig+Xj183mMS8+hWGLHUiLaC+/zcliZaNKYuBihZg9kn7fAwlmgUZT671+bvHONYaDgQg9ULd5QBYlalVIU3BZZPKgvYjk+aLgljv+sExhUmvudWe0FQQGbgLncC8rx7xJzRHMq4qpKgKYtp49b5Gk0OrRYfukQsY9fIc/4m7y67oPBYhJCOSqR0P5YFA9W7wx2C4gpZaYYq0LOAbcNXtfn4QZ8gpxhytQQ0c/Scus0jN8UyOgx8FWF1zlXc7Cu4UAk=$3vUCABOzsE0AWMMPy+EWtmAQheAq5oYVfOF7TapT1LoFn72UHbYNjpD2LgG7w6ZCQjRtLFzFZc17Ntme/LvWK97cV1+mOIpk+j6V6WHZRbwb36iBTGhACZUFTMPiSLPfTXJRu+tQkwi8$2f933da952b7c683
Such a message can't be decrypted directly by NodeRSA because NodeRSA expects a pure RSA message. In principle the decryption is possible, but would have to be done manually on the NodeJS side with probably relatively high effort (the main tasks would essentially include the RSA decryption of the secret, the derivation of the symmetric key from that secret, and finally the AES decryption). Since NodeRSA only covers the RSA part, the remaining parts require additional libraries or custom code on the NodeJS side.
Note that the EasyRSA page, section Important warns of a possibly insufficient security.