app接口传输加密，AES+签名，php实现

app接口传输加密，AES+签名，php实现

2018年01月23日 15:07:24

阅读数：607

一、说明

数据在传输层加密，app端：生成签名，并且对数据对接加密，服务端：解密数据，校验签名

通过抓包获取的效果

http://127.0.0.1/test_server.php?sign_c=55d714ddd874ee29462f00e6c3173450&send_u_e=RKt80FF4BvBwOUk7HRxWvUlpuUNtg30HGIX3AFfNOqKTv3lacOUcImXPXvUSaToTs8ju1sw/WtGUxw5vWUrGUZcBkB5q9mkwuo/MuDuRQivclvsX5NBMXNUP3rcEjj3Z3kvAq/ivCBWQH0MPZKXj2GGWZnuqia4fL00azVlJrMgB+bcbziaNKvZjpQebQZd3

这样安全性会很高，前提是app端反编译后得不到秘钥以及其算法

服务端解密：

二、代码如下：

1. <?php

2.  

3. //模拟app端

4. header("Content-type:text/html;charset=utf-8");

5.  

6. require 'encryption.class.php';

7. require 'sign.class.php';

8.  

9. //---------------very important------------

10.  

11. $signkey = 'asdfghjkl123trher65465er4m'; //签名秘钥

12. $contentkey = 'qwertyuiop123hewfti6545edrg'; //内容秘钥

13.  

14. //---------------------------------------

15.  
16.  

17. //修改资料

18. $send_data['uname'] = 'zhangsan';

19. $send_data['password'] = '1234567890';

20. $send_data['sex'] = '1';

21. $send_data['qianming'] = '这是我的blog：http://blog.csdn.net/qq43599939';

22. $send_data['deviceid'] = '821565464562154';

23. $send_data['time'] = time();

24.  
25.  

26. //第一步生成签名

27. $sign_c = SignatureClass::getSignature($send_data, $signkey);

28.  

29. //对内容进行加密 AES后base64

30. $send_u = SignatureClass::getStr($send_data);

31.  

32. $send_u_e = (EncryClass::encrypt($send_u,$contentkey));

33. //$send_u_e = trim(str_replace('+','%2B', (EncryClass::encrypt($send_u,$contentkey))));

34.  

35. //走get

36. //$url = 'http://127.0.0.1/test_server.php?sign_c='.$sign_c.'&send_u_e='.$send_u_e;

37.  

38. //走post

39. $curl = curl_init();

40. curl_setopt($curl, CURLOPT_URL, 'http://127.0.0.1/test_server.php');

41. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

42. curl_setopt($curl, CURLOPT_POST, 1);

43. $post_data = array(

44. "sign_c" => $sign_c,

45. "send_u_e" => $send_u_e

46. );

47. curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);

48. $data = curl_exec($curl);

49. curl_close($curl);

50. print_r($data);

1. <?php

2. //服务端，接受数据处理

3. header("Content-type:text/html;charset=utf-8");

4.  

5. require 'encryption.class.php';

6. require 'sign.class.php';

7.  

8. //---------------very important------------

9.  

10. $signkey = 'asdfghjkl123trher65465er4m'; //签名秘钥

11. $contentkey = 'qwertyuiop123hewfti6545edrg'; //内容秘钥

12.  

13. //---------------------------------------

14.  
15.  

16. $send_u_e = $_POST['send_u_e'];

17. $sign_c = $_POST['sign_c'];

18.  
19.  

20. $send_u = EncryClass::decrypt($send_u_e,$contentkey);

21.  

22. $send_data_t = explode('&',$send_u);

23. $send_data = array();

24. foreach($send_data_t as $k=>$v)

25. {

26. $v_t = explode('=', $v);

27. $send_data[$v_t[0]] = trim($v_t[1]);

28. }

29.  

30. $sign_c_s = SignatureClass::getSignature($send_data, $signkey);

31. echo $sign_c_s;

32. echo '----';

33. echo $sign_c;

34. echo '<br>';

35.  

36. var_dump($send_data);

37.  

1. <?php

2. //加密算法，可替换

3. class EncryClass

4. {

5.  

6. private static $iv = "0126779521026546";//密钥偏移量IV，可自定义

7.  

8. //加密

9. public static function encrypt($encryptStr,$encryptKey) {

10. $localIV = self::$iv;

11.  
12.  

13. //Open module

14. $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, $localIV);

15.  

16. //print "module = $module <br/>" ;

17.  

18. mcrypt_generic_init($module, $encryptKey, $localIV);

19.  

20. //Padding

21. $block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);

22. $pad = $block - (strlen($encryptStr) % $block); //Compute how many characters need to pad

23. $encryptStr .= str_repeat(chr($pad), $pad); // After pad, the str length must be equal to block or its integer multiples

24.  

25. //encrypt

26. $encrypted = mcrypt_generic($module, $encryptStr);

27.  

28. //Close

29. mcrypt_generic_deinit($module);

30. mcrypt_module_close($module);

31.  

32. return base64_encode($encrypted);

33.  

34. }

35.  

36. //解密

37. public static function decrypt($encryptStr,$encryptKey) {

38. $localIV = self::$iv;

39.  

40. //Open module

41. $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, $localIV);

42.  

43. //print "module = $module <br/>" ;

44.  

45. mcrypt_generic_init($module, $encryptKey, $localIV);

46.  

47. $encryptedData = base64_decode($encryptStr);

48.  

49. $encryptedData = mdecrypt_generic($module, $encryptedData);

50.  

51. return $encryptedData;

52. }

53. }

54.  

1. <?php

2. class SignatureClass

3. {

4. public static function getSignature($params, $secret)

5. {

6. $str = '';

7. ksort($params);

8. foreach ($params as $k => $v) {

9. $str .= "$k=$v&";

10. }

11. $str .= $secret;

12.  

13. return md5($str);

14. }

15.  
16.  

17. public static function getStr($params)

18. {

19. $str = '';

20. ksort($params);

21. foreach ($params as $k => $v) {

22. $str .= "$k=$v&";

23. }

24. $str = rtrim($str,'&');

25. return $str;

26. }

27. }