我想构建一个消息加密系统,用户可以在其中以加密格式发送消息。我正在使用GnUPG。我得到了http://www.php.net/manual/en/gnupg.installation.php以安装GnUPG。在服务器中安装后,我通过以下代码创建公共和私人密钥环
$GeneratedKey = $gpg->GenKey($name, $comment, $email, $passphrase,$ExpireDate, $KeyType, $KeyLength,$SubkeyType, $SubkeyLength );
function GenKey($RealName, $Comment, $Email, $Passphrase = '', $ExpireDate = 0, $KeyType = 'DSA', $KeyLength = 1024, $SubkeyType = 'ELG-E', $SubkeyLength = 1024)
{
// validates the keytype
if (($KeyType != 'DSA') && ($KeyType != 'RSA')) {
$this->error = 'Invalid Key-Type, the allowed are DSA and RSA';
return false;
}
// validates the subkey
if ((!empty($SubkeyType)) && ($SubkeyType != 'ELG-E')) {
$this->error = 'Invalid Subkey-Type, the allowed is ELG-E';
return false;
}
// validate the expiration date
if (!preg_match('/^(([0-9]+[dwmy]?)|([0-9]{4}-[0-9]{2}-[0-9]{2}))$/', $ExpireDate)) {
$this->error = 'Invalid Expire Date, the allowed values are <iso-date>|(<number>[d|w|m|y])';
return false;
}
// generates the batch configuration script
$batch_script = "Key-Type: $KeyTypen" .
"Key-Length: $KeyLengthn";
if (($KeyType == 'DSA') && ($SubkeyType == 'ELG-E'))
$batch_script .= "Subkey-Type: $SubkeyTypen" .
"Subkey-Length: $SubkeyLengthn";
$batch_script .= "Name-Real: $RealNamen" .
"Name-Comment: $Commentn" .
"Name-Email: $Emailn" .
"Expire-Date: $ExpireDaten" .
"Passphrase: $Passphrasen" .
"%commitn" .
"%echo done with successn";
// initialize the output
$contents = '';
// execute the GPG command
if ( $this->_fork_process($this->program_path . ' --homedir ' . $this->home_directory .
' --batch --status-fd 1 --gen-key',
$batch_script, $contents) ) {
$matches = false;
if ( preg_match('/[GNUPG:]sKEY_CREATEDs(w+)s(w+)/', $contents, $matches) )
return $matches[2];
else
return true;
} else
return false;
}
我用以下代码加密
$gpg = new gnupg();
$gpg->addencryptkey($recipient);
$ciphertext = $gpg->encrypt($plaintext);
通过以下代码解密
$gpg = new gnupg();
$gpg->adddecryptkey($recipient, $receiver_passphrase);
$plain = $gpg->decrypt($encrypted_text, $plaintext);
通过这个,我成功地创建了一个用户名文件夹,并在那里生成了私钥和公钥,然后以加密的方式发送消息,并由接收者解密。但我主要担心的是,我不想在服务器中生成用户的公钥和私钥,而是想在用户的本地计算机中生成公钥和私钥。。
是否可以在本地计算机中生成公钥和私钥?因为我不希望用户依赖于服务器的安全性。只有接收者才能解密消息。。没有其他人能够解密。。
谢谢,
您可以使用在客户端浏览器中运行的OpenPGP.js创建密钥,将私钥存储在客户端的某个位置,只向服务器发送公钥。
// Create new key with RSA encryption (1), 4k length for
// John Doe with password "foobar"
var keys = openpgp.generate_key_pair(1, 4096,
"John Doe john.doe@example.org", "foobar");
keys.privateKeyArmored; // Access private key
keys.publicKeyArmored; // Access public key