Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
704 views
in Technique[技术] by (71.8m points)

php - Does mcrypt support asymmetric encryption?

I want to use asymmetric encryption of headers in RESTful requests to verify the identity of the system sending the request: i e System A encrypts it's name, timestamp, and the service name using it's public key in a request to System B. System B then uses the public key of System A to decrypt, proving the authenticity of the request.

1) Does php-mcrypt support this?

2) Has anyone benchmarked this type of operation?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

No, mcrypt is just symmetric block ciphers.

However the PHP OpenSSL extension supports asymmetric operations. The ones you want are openssl_sign and openssl_verify.

(You have a slight terminology issue - in asymmetric systems, encryption is done with public keys and decryption with private keys; signing is done with private keys and verification with public keys. Do not confuse signing with encryption or decryption - although the underlying operations are often similar, it is not the same thing, and the confusion can lead to insecure implementations).

Of course, you could just do your REST over SSL, using client certificates for authentication.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...