The Youth Promotion on PHP Encryption and Decryption (API Security Enhancement II)

Why do headlines always carry the keyword “API security”? Because I think I’d like to.

In fact, this article and the previous one can both be regarded asThe Lazy Beginner-Level Chapter on PHP Encryption and Decryption (API Security Enhancement Chapter 1)“) only focuses on safety.

If you didn’t read the last article, you must go back and read it, otherwise you will definitely break it!

In order to avoid the article falling into too abstract and complicated theoretical explanations, this time it is necessary to rely on the heads of state, generals of the eastern front and “villain” Comrade zhukov.

List of People’s Good Actors:

  • Male head of state:

  • Male 2 guderian:

  • A passer-by Manstein:

  • Passerby B Von Bock

  • “Villain” Male One

In the first article, we know that the Fü hrer and guderian turned against each other, and then the two passed the asymmetric encryption technology diss. zhukov had no private key and could only use soy sauce on the roadside.

According to the facts, we know that guderian has returned to the eastern front. At the beginning I pulled people down, but now I have to send people to the eastern front to put out the fire. anyway, I can’t pull this face down, but the fuehrer pulled it down.

Returning to the problem mentioned in the previous result, it is: the security of symmetric encryption is fatal, while the performance of asymmetric encryption is very fatal. In our party’s words, it means “not to save as fast as possible”. it is not in line with “sustainable development” and does not meet “socialist mainstream values”.

This article is mainly about the green plan of “how fast and save”.

Let guderian back to the eastern front must be secretly ordered, encryption is for sure. But this place must be noted: that is, the Fü hrer must encrypt his public key with Comrade guderian’s and then send it out. At this time, although the ciphertext is scattered all over the ground by plane on the eastern route, only Comrade guderian can decrypt it with the private key hidden in his crotch, which means that only guderian and the Fü hrer know about it.

In addition, there are two other situations that may have been considered by thinking youth:

  • Whether the head of state can use his public key to encrypt the ciphertext. However, the end result of this practice is that the ciphertext can only be decrypted with the head of state’s private key, but the head of state’s private key is in the head of state’s crotch, which others cannot know. As a criminal with high intelligence quotient, the Fü hrer cannot make such a low-level mistake.
  • The Fü hrer uses his private key to encrypt the ciphertext. This time it means that only the eastern generals who hold the head of state’s public key can decrypt the ciphertext. however, if the head of state does not want others to know about his genius deployment, this method seems a little bit 2.

To sum up, in this case,The most correct way is for the head of state to use guderian’s public key to encrypt the ciphertext. However, after spreading everywhere, only guderian can decrypt the ciphertext with his private key at this moment.. At this time, both Manstein, von Bock and zhukov, the “villain”, can only be regarded as passers-by in silence.

In the above case (Note that the client should not be understood as a mobile phone client in a narrow sense!)

  • The Fuhrer acts as an API server.
  • Guderian acts as a client.
  • Manstein and Von Bock act as clients of passer-by.
  • Zhukov acts as the middle hijacker.

We return to reality, that is, the real reality of moving bricks and rolling codes. At this time, if the data transmitted by the server and the client are to be asymmetrically encrypted, the following conditions must be met:

  • The client has its own pair of public and private keys, and the client holds the server’s public key.
  • The serv has its own pair of public and private keys, and that serv holds the public key of the client

Then the problem arises: there is only one server and thousands of clients. At the moment in front of the brick removal men have only two choices:

  • The public key and the private key of the client share a pair, so that the server only needs one public key even if it has all the public keys of the client.
  • The client’s public key and private key are unique and are fireworks of different colors. At the moment, the server is forced to maintain a cluster of clients that are different from each other and at the same time establish corresponding relationships with different clients.

So, well, let’s let the brick movers take a bite of excrement and keep calm. Let’s see how Alipay is made. When your system is connected to Alipay, Alipay will require you to generate a pair of your public and private keys, then you hide the private keys yourself, upload the public key to Alipay (this process is equivalent to Alipay having your public key), and then after you upload your public key, Alipay will return to your public key of Alipay. When you use RSA common version, all merchants receive the same Alipay public key. When you use RSA2, each merchant receives different Alipay public keys.

Therefore, you can do whatever you want, and everything depends on your choice.

Speaking of Alipay, when you connect to Alipay, you must see a function called signature verification. I think this is very important and must be worth mentioning. Returning to the Fü hrer, we said that the Fü hrer sent a message to guderian “roll to the eastern front and go to Kursk’s angular section”. The correct approach should be to encrypt with guderian’s public key. At this time, the message can only be decrypted by guderian’s private key, and everyone else can only stare. If the Fü hrer had convulsions and encrypted the ciphertext with his private key, what would happen now? That is, people holding the head of state’s public key can see the confidential news of “roll to the eastern front and go to Kursk’s corner department”. Many people will send friends or chat privately, similar to “I heard that guderian is coming back”. In fact, using one’s own private key to decrypt and then using one’s own public key to decrypt is an act of coercion, but this process can be used to verify the signature without any problems. What is a signature check?

If one day Himmler wants to usurp the throne in advance and pretend to be the head of state to give orders to guderian. At this time, guderian only needs to verify the signature of the command with the head of state’s public key. Once the verification returns false, it means that the command does not come from the head of state, and this data should be thrown away directly!

So, the above force to force out for so long, in order to draw a conclusion, you reason (bei) solution (song):

  • Public key encryption, private key decryption
  • Private key encryption, public key signature verification

Then let’s go back and find out why our encryption is asymmetric. In order to prevent the secret key of symmetric encryption measures from leaking, but there is no secret key leakage in asymmetric encryption.

However, the performance and deployment of asymmetric encryption and decryption are beyond the reach of local tyrants. So, is there any way to get both fish and bear’s paw?

Recently, we opened a WeChat public number: High Performance API Community. All articles were posted here first.

图片描述