如何以便携方式存储密码?
[英]How to store password in portable way?
问题描述
I'm developing simple Twitter reader and I came across following problem: How to securely store the OAuth consumer-key and consumer-secret . 
我正在开发简单的Twitter阅读器,我遇到了以下问题:如何安全地存储OAuth consumer-key和consumer-secret 。 Those two passwords are necessary for accessing the Twitter API, but those should be transparent to user. 这两个密码是访问Twitter API所必需的,但这些密码应该对用户透明。
I was looking at CryptoAPI, DPAPI and encrypted config file, but those will work only for local machine, as they are bound to logged user or specific machine. 我正在查看CryptoAPI,DPAPI和加密的配置文件,但这些只适用于本地计算机,因为它们绑定到登录用户或特定计算机。
So the question is, how to store application level sensitive info in portable way? 那么问题是,如何以便携方式存储应用程序级敏感信息?
1 个解决方案
解决方案1
0 已采纳 2013-06-24 07:05:47
Try this: 尝试这个:
If there is communication happening between your server and the client, you can use session keys to encrypt/decrypt the secret data. 如果服务器和客户端之间发生通信,则可以使用会话密钥加密/解密秘密数据。
OR 要么
- Create a key pair (RSA) or get in touch with Certificate Authority 创建密钥对(RSA)或与证书颁发机构联系
- Encrypt the secret keys 加密密钥
- Send them via n/w 通过n / w发送
- Let the client get access to your key 让客户端访问您的密钥
- Client will decrypt the secret data 客户端将解密秘密数据
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.