在用户之间安全共享客户端加密的数据
[英]Sharing client-side-encrypted data securely between users
问题描述
I'm making a service that will store personal data written about a given user, that should be viewable only by the author and the target. 
我正在提供一项服务,该服务将存储有关给定用户编写的个人数据,该数据只能由作者和目标用户查看。 I would like to perform the encryption client-side and store only the resulting garbage on the server. 我想在客户端执行加密,并仅将生成的垃圾存储在服务器上。
The internet tells me to use , this will work well for a single users's data. 互联网告诉我使用,这对于单个用户的数据将非常有效。
Problem 问题
For my service, other users are able to enter data that should be viewable only by them and the target user - how might this be accomplished with client side encryption? 对于我的服务,其他用户能够输入只能由他们和目标用户查看的数据-如何通过客户端加密来实现?
Is it possible to do this purely client side? 是否可以这样做纯粹是客户端?
Update 更新资料
After considering this, I doubt it can be done purely client side. 考虑了这一点之后,我怀疑这完全可以在客户端完成。 I have come up with the following possible method: 我想出了以下可能的方法:
All traffic uses SSL connection 所有流量均使用SSL连接
- Generate a RSA keys, encrypt the private key with AES (using a salted passphrase) 生成RSA密钥,使用AES加密私钥(使用加盐密码)
- Salt generated in-browser 浏览器中生成盐
- Salt generated in-browser
- Store the passphrase salt, public key, encrypted private key on the server 将密码短语盐,公钥,加密的私钥存储在服务器上
All user data encrypted with their public key, decrypted by having them first decrypt their private key in-browser by entering their passphrase, then using the RSA private key to decrypt the data
所有使用公钥加密的用户数据,首先通过输入密码来解密浏览器中的私钥,然后使用RSA私钥对数据进行解密,从而对用户数据进行解密 If the user wishes to share data with another, encrypt said data with the other user's public key
如果用户希望与其他人共享数据,请使用其他用户的公共密钥对数据进行加密
Is my suggested method secure ? 我建议的方法安全吗?
Example of what would be stored on server: 将存储在服务器上的示例:
+----------+---------------------+---------------+
|Public Key|Encrypted Private Key|Passphrase Salt|
+----------+---------------------+---------------+
1 个解决方案
解决方案1
3 2013-07-21 13:43:08
It would be much easier for you to deal with OpenPGP. 您使用OpenPGP会容易得多。 OpenPGP uses public-key cryptography (RSA or Elgamal are used for encryption), so the scheme would be similar to what you describe but without the hassle of reinventing the wheel. OpenPGP使用公共密钥加密技术(使用RSA或Elgamal进行加密),因此该方案与您所描述的相似,但没有重新发明轮子的麻烦。
OpenPGP implementations exist for different languages including JavaScript (although using Javascript way is bad due to various security weaknesses that can lead to information disclosure). OpenPGP实现存在于包括JavaScript在内的不同语言中(尽管使用Javascript方式是很糟糕的,因为可能导致信息泄露的各种安全漏洞)。 Yet your RSA scheme implemented in JavaScript would be equally vulnerable due to the same conceptual weaknesses. 但是,由于相同的概念上的弱点,用JavaScript实现的RSA方案同样容易受到攻击。
One of benefits of OpenPGP is that users are either already acquainted with OpenPGP or can find plenty of information about it (which adds trust to your solution), and can already have their own keys. OpenPGP的好处之一是用户要么已经熟悉OpenPGP,要么可以找到有关它的大量信息(这增加了对您的解决方案的信任),并且已经可以拥有自己的密钥。 Also users can use any OpenPGP tool to generate keys and to open encrypted data. 用户还可以使用任何OpenPGP工具生成密钥并打开加密的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.