Today, I use RSA+AES to transfer encrypted passwords in registration (1 href=: to Github 2)
question:
1 Is there any logical problem with my JS?
2, how should PHP decrypt RSA and AES (even better if there is a library)
3, my idea:
client (JavaScript):
AES encryption original user password
RSA public key encryption AES key
-data transfer--
server (PHP):
RSA private key decryption to obtain AES secret key
AES decryption to obtain the original user password
and then encrypt the original user password to obtain the encrypted user password stored in the database
?
$(function () {
//
//AES
var password_form="QAQ";
console.log(password_form);
var password = CryptoJS.AES.encrypt(password_form,"Lime Website").toString();
console.log(password);
//RSA
var public_key = $("-sharpinputPublic_key").val();
console.log(public_key);
var private_key = $("-sharpinputPrivate_key").val();
console.log(private_key);
var encrypt = new JSEncrypt();
encrypt.setPublicKey(public_key);
var AES_key = encrypt.encrypt(password);
console.log(AES_key);
//
//RSA
var decrypt = new JSEncrypt();
decrypt.setPrivateKey(private_key);
var AES_key_decrypt = decrypt.decrypt(AES_key);
console.log(AES_key_decrypt);
//AES
var bytes = CryptoJS.AES.decrypt(AES_key_decrypt,"Lime Website");
var password_decrypt = bytes.toString(CryptoJS.enc.Utf8);
console.log(password_decrypt);
});