堆栈内存溢出
  简体   繁体   English

如何安全地将公钥和私钥保存在二进制文件中?

[英]How to save a public key and private key securely in a binary?

 原文  2013-10-17 06:11:52       cryptography/ key

问题描述

I am making a shared object that does a lots of encryption and decryption using public key and private key. 我正在制作一个使用公钥和私钥进行大量加密和解密的共享对象。 I want store these keys within the binary, Is there any way to save these keys securely so that no one can use it . 我想将这些密钥存储在二进制文件中,有没有办法安全地保存这些密钥,以便没有人可以使用它。 so How to embed a cryptographic key in a binary ? 那么如何在二进制文件中嵌入加密密钥?

3 个解决方案

解决方案1
 1  2013-10-17 15:13:01

If the code can access the keys, so can the users on whose machine the code is running. 如果代码可以访问密钥,那么运行代码的用户也可以访问密钥。 This is incontrovertible - there's no way around it unless you control the hardware. 这是无可争议的 - 除非您控制硬件,否则无法绕过它。

解决方案2
 1  2013-10-17 15:14:29

Is there any way to save these keys securely so that no one can use it . 有没有办法安全地保存这些密钥,以便没有人可以使用它。

As millimoose said, no you can not. 正如millimoose所说,不,你不能。 Or perhaps more accurately: you can not save data, any data, in a binary such that it is of use to your binary and not anyone else. 或者更准确地说:你不能将数据,任何数据保存在二进制文件中,以便它对你的二进制文件有用,而不是其他任何人。 While not usually discussed with this generic of a use case, this is the heart of Digital Rights Management - a desire to have some data (be it cryptographic or otherwise) that is only usable in a controlled manner. 虽然通常不会讨论这种用例的通用性,但这是数字版权管理的核心 - 希望拥有一些只能以受控方式使用的数据(无论是加密还是其他)。

The best you can accomplish, and this is a lot of work even for well funded and motivated organizations, would be to use the TPM to perform cryptographic operations on your behalf and in a manner that is tied to the state of the system. 您可以实现的最佳目标,即使是资金充足且积极主动的组织,这也是很多工作,可以使用TPM代表您执行加密操作,并以与系统状态相关的方式执行加密操作。 I'm guessing that solution isn't what you are looking for. 我猜这个解决方案不是你想要的。

解决方案3
 0  2013-10-21 00:04:55

You cannot do this if you don't have control over the hardware and operating system. 如果您无法控制硬件和操作系统,则无法执行此操作。 If you have full control, then then there is little need to add additional protection to the key. 如果您有完全控制权,那么几乎不需要为密钥添加额外的保护。 The best way of security storing keys is keeping them out of the binary . 安全存储密钥的最佳方法是将它们保留在二进制文件之外 You could for instance use a secure token. 例如,您可以使用安全令牌。 This could be a TPM, a smart card or even a HSM. 这可能是TPM,智能卡甚至是HSM。 Those secure tokens do the cryptographic calculations on the token itself, so you never need to load it into memory. 这些安全令牌对令牌本身进行加密计算,因此您永远不需要将其加载到内存中。

If you want to have a very safe storage in a binary then you could take a look at this HSM . 如果您想在二进制文件中拥有非常安全的存储空间,那么您可以查看此HSM You can run your code within the HSM. 您可以 HSM中运行代码。 Even with such a HSM, you should only generate the keys within the HSM and keep them in there. 即使使用这样的HSM,您也只应在HSM中生成密钥并将其保留在那里。 Oh, yeah, this requires you to spend several thousand dollars on an HSM... 哦,是的,这需要你在HSM上花几千美元......

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Android应用程序中安全地存储私钥? - how to store private key securely in application in android? 如何在Android中安全存储EC私钥? - How can I securely store EC private key in Android? JS和PHP如何安全生成相同的私钥? - How can I securely generate the same private key in JS and PHP? 如何有效地恢复 RSA 中的公钥或私钥? - How to efficiently restore public or private key in RSA? 如何使用公钥和私钥解码rsa - How to decode rsa with public and private key 如何在 Java 中验证公钥和私钥对 - How to validate a public and private key pair in Java 如何存储/检索 RSA 公钥/私钥 - How to store/retrieve RSA public/private key 如何编组 ECC 公钥或私钥 - How to marshal an ECC public or private key 如何安全保存和检索密钥/ IV对? - How do you save and retrieve a Key/IV pair securely? 如何使用 node.js 加密将公钥和私钥保存到文件? - How to save public and private key to file using node.js crypto?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM