所以我试图让libsodium的sodium_crypto_box_seal
和sodium_crypto_box_seal_open
工作,但由于某种原因,开放是失败的,我无法解决原因。
因此,在我努力实现这一目标的过程中,我构建了一个测试系统,该系统可以测试单个PHP文件如何跨服务器运行。
<pre>
<?php
/*** Client Sending ***/
// saved argument
$remotePublic = "DXOCV4BU6ptxt2IwKZaP23S4CjLESfLE+ng1tMS3tg4=";
// create out key for this message
$key = sodium_crypto_box_keypair();
// encrypt our message using the remotePublic
$sealed = sodium_crypto_box_seal("This is a test", base64_decode($remotePublic));
$send = json_encode((object)array("pub" => base64_encode(sodium_crypto_box_publickey($key)), "msg" => base64_encode($sealed)));
echo "Sending : {$send} \r\n";
/*** Server Setup ***/
$payload = json_decode($send);
$apps =
array (
'test' =>
array (
'S' => 'lv/dT3YC+Am1MCllkHeA2r3D25HW0zPjRrqzR8sepv4=',
'P' => 'DXOCV4BU6ptxt2IwKZaP23S4CjLESfLE+ng1tMS3tg4=',
),
);
/*** Server Opening ***/
$msg = $payload->msg;
$key = sodium_crypto_box_keypair_from_secretkey_and_publickey(base64_decode($apps['test']['S']), base64_decode($apps['test']['P']));
$opened = sodium_crypto_box_seal_open(base64_decode($msg), $key);
echo "Opened : {$opened} \r\n";
/*** Server Responding ***/
$sealedResp = base64_encode(sodium_crypto_box_seal("We Got your message '{$opened}'", base64_decode($payload->pub)));
echo "Responding : {$sealedResp}\r\n";
/*** Client Receiving ***/
$received = sodium_crypto_box_seal_open(base64_decode($sealedResp), $key);
echo "Received : {$received}\r\n";
/*** Sanity Checking ***/
if($received == "We Got your message 'This is a test'"){
echo "Test Successfull.\r\n";
}else{
echo "Test Failed got '{$received}' is not \"We Got your message 'This is a test'\"\r\n";
}
?>
</pre>
输出是:
Sending : {"pub":"DS2uolF5lXZ1E3rw0V2WHELAKj6+vRKnxGPQFlhTEFU=","msg":"VVYfphc2RnQL2E8A0oOdc6E\/+iUgWO1rPd3rfodjLhE+slEWsivB6QiaLiMuQ31XMP\/1\/s+t+CSHu8QukoY="}
Opened : This is a test
Responding : cvDN9aT9Xj7DPRhYZFGOR4auFnAcI3qlwVBBRY4mN28JmagaR8ZR9gt6W5C0xyt06AdrQR+sZFcyb500rx6iDTEC4n/H77cUM81vy2WfV8m5iRgp
Received :
Test Failed got '' is not "We Got your message 'This is a test'"
这里有两个问题。
首先 - 在“服务器打开”下的此步骤中:
$opened = sodium_crypto_box_seal_open($msg, $key);
$msg
仍然是Base64编码的,因此尝试解密它将失败。
第二 - 包含在"pub"
的$send
字段中的公钥是由sodium_crypto_box_keypair()
生成的随机密钥对的公钥,与$remotePublic
或$apps
中的对不同。此密钥将在应用程序中稍后调用sodium_crypto_box_keypair_from_secretkey_and_publickey()
覆盖,使原始邮件无法恢复。