堆栈内存溢出
  简体   繁体   English

我可以在Java中实现端到端加密吗?

[英]Can I implement end-to-end encryption in Java?

 原文  2014-08-12 22:47:06       java/ encryption/ cryptography

问题描述

I'm creating a web service that stores a list of users with their public keys online, as well as encrypted messages. 我正在创建一个Web服务,用于存储用户在线公钥以及加密消息的列表。 My end goal was end-to-end encryption. 我的最终目标是端到端加密。

I initially thought this would be pretty easy -- "Oh, OpenSSL and RSA private/public key asymmetric encryption is great." 我最初认为这很容易 - “哦,OpenSSL和RSA私钥/公钥非对称加密很棒。” False. 假。 RSA will only encrypt a tiny bit of data, presumably to pass a regular, symmetric key back and forth. RSA只会加密一小部分数据,大概是来回传递一个常规的对称密钥。

Okay, so I tried to find solutions online. 好的,所以我试着在网上找到解决方案。 Most of them either ended without a functioning example or pointed at using the command line , all of which seemed excessive and incomplete. 它们中的大多数要么在没有功能示例的情况下结束 ,要么指向使用命令行 ,所有这些都显得过分且不完整。

Is there a way to use end-to-end encryption on data with asymmetric keys, or is it all a personal pipe dream? 没有办法使用终端到端到端的数据加密与非对称密钥的方式,或者是这一切是个人白日梦? OpenSSL in PHP has a way to do this already , and it's kludgy but it works. PHP中 OpenSSL已经有了一种方法可以做到这一点 ,而且它很麻烦,但它确实有效。

Is there some method I'm missing here? 我在这里找不到一些方法吗?

3 个解决方案

解决方案1
 6 已采纳  2014-08-13 23:11:37

The common way to encrypt larger amount of data with a asymmetric keys (eg. RSA ) is by use of hybrid encryption . 使用非对称密钥(例如RSA )加密大量数据的常用方法是使用混合加密 In hybrid encryption you mix symmetric and asymmetric encryption . 在混合加密中,您可以混合使用对称和非对称加密 First you generated a random symmetric key, that is used to encrypt the data. 首先,您生成了一个随机对称密钥,用于加密数据。 Then you encrypt the symmetric key with the asymmetric key. 然后使用非对称密钥加密对称密钥。 The encrypted data + the encrypted random key are then put together and makes up the full encrypted data. 然后将加密数据+加密随机密钥放在一起并构成完整的加密数据。

The openssl_seal() in PHP you refer to, uses hybrid encryption where the symmetric algorithm is RC4. 您引用的PHP中的openssl_seal()使用混合加密,其中对称算法是RC4。 How data is encoded and put together in the encrypted files have been defined by the openssl implementation, and might not necessarily be the way you would want to do it. openssl实现已经定义了如何将数据编码并放在加密文件中,并且可能不一定是您想要的方式。 PGP, as an other example of hybrid encryption, uses it's own way of packing the data. 作为混合加密的另一个例子,PGP使用它自己的打包数据的方式。

In any case, hybrid encryption is not something you get out of the box in java, and you typically need to implement each of the encryption + packaging steps yourself, or use one of the libraries that implements there version of this. 在任何情况下,混合加密都不是你在Java中开箱即用的东西,你通常需要自己实现每个加密+打包步骤,或者使用其中一个实现此版本的库。 An example of doing it yourself is this Java code I found that can decrypt messages encrypted with the above mentioned openssl_seal() . 这样做的一个例子就是我发现的Java代码可以解密用上面提到的openssl_seal()加密的消息。

An example of using a library for hybrid encryption, could be using the PGP support in Bouncy Castle . 使用库进行混合加密的一个示例可能是使用Bouncy Castle中的PGP支持。

解决方案2
 0  2014-08-13 09:20:48

I'm not really sure what you're trying to en- and decrypt, but GnuPG for Java might be a good choice. 我不确定你要尝试解密和解密,但GnuPG for Java可能是一个不错的选择。

It supports public and private keys and can en- and decrypt bigger files and data. 它支持公钥和私钥,可以加密和解密更大的文件和数据。

解决方案3
 0  2017-04-10 05:15:11

Ebbe's answer is very good, however this question was highly ranked in Google in my attempt to try and find a decent hybrid encryption library (Bouncy Castle's documentation is non-existent and not straight-forward, and GnuPG for Java relies on the OS and is not fully tested). Ebbe的答案非常好,但是我试图找到一个像样的混合加密库这个问题在谷歌中排名很高(Bouncy Castle的文档不存在而且不直接,GnuPG for Java依赖于OS而且是没有经过充分测试)。 So I thought I'd add on to Ebbe's answer for the weary traveller. 所以我想我会为疲惫的旅行者增加Ebbe的答案。

If you can use them, JWTs (JavaScript Web Tokens) could be handy for this. 如果你可以使用它们, 那么JWT(JavaScript Web Tokens)可以很方便。 It's also an IETF Standard . 它也是IETF标准 There are two different types: 有两种不同的类型:

Support for JWEs are unfortunately a bit poor at this point in time. 不幸的是,目前对JWE的支持有点不足。 However this should hopefully improve. 然而,这应该有望改善。 At this point in time (2017-04-11), the only Java JWT library that supports JWEs is BitBucket's Jose4j . 在这个时间点(2017-04-11),唯一支持JWE的Java JWT库是BitBucket的Jose4j

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Storm 中测量每个元组的端到端延迟? - How can I measure each tuple's end-to-end latency in storm? 端到端响应式流RESTful服务 - End-to-End Reactive Streaming RESTful service 使用JUnit运行端到端测试 - Running end-to-end tests with JUnit Spring微服务端到端测试 - Spring microservice end-to-end testing AngularJs使用Java编写的现有Selenium测试进行端到端测试 - AngularJs end-to-end testing using existing Selenium tests written in Java Axon是否可以使用DistributedCommandBus和Clustering Event Bus保证同步的端到端请求周期? - Can Axon guarantee a synchronous end-to-end request cycle using a DistributedCommandBus and a Clustering Event Bus? 如何为委托模型设计构建端到端测试? - How do I structure an end-to-end test for a delegate model design? 使用Talend根据输入关键字将HTML搜索页面提取为.txt文件。如何从头到尾解析这些数据并将其写入MySQL? - Using Talend to extract HTML Search Pages into .txt files based on input keywords. How can I parse this data End-to-End and write it to MySQL? 我可以在Java Swing中使用一个非终端菜单栏吗? - Java Swing can I have a not end-end Menubar? Spring 启动 docker 应用程序端到端测试与 chrome 驱动程序 - Spring boot docker application end-to-end Testing with chrome driver
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM