如何保存安全的AES密钥
[英]How to save secure a aes key
问题描述
following scenario: I've a client server application, the communication is crypted by aes and rsa (poor man ssl). 
以下情况:我有一个客户端服务器应用程序,通信被aes和rsa(可怜的人ssl)加密。 But that's not my problem. 但这不是我的问题。 The client itself, crypted some text (also aes), this text will be send to the server and will stored into a database. 客户端本身将加密一些文本(也包括aes),该文本将发送到服务器并存储到数据库中。 So, here's the problem: The same client can receive this text and can decrypt it. 因此,这就是问题所在:同一客户端可以接收此文本并可以对其解密。 The key for this is stored in the memory. 密钥存储在存储器中。 But how can decrypt a second client this data? 但是如何解密第二个客户端此数据? The second client hasn't the key. 第二个客户端没有密钥。 These two clients, will be logged in, in the same account. 这两个客户端将以相同的帐户登录。 But the key for decrypt the text is on client-side. 但是解密文本的密钥在客户端。 How can get the second client, with the same login profil the key from the first client? 如何获得具有相同登录名的第二个客户端从第一个客户端配置密钥?
1 个解决方案
解决方案1
0 2015-01-19 14:56:29
If two clients must be able to read the same encrypted data then they must share the key used for encryption. 如果两个客户端必须能够读取相同的加密数据,则它们必须共享用于加密的密钥。
Of course the server could store this key and automatically share it between clients (same account) after authentication but this means that the server will be able to decrypt data, rendering the extra encryption layer useless. 当然,服务器可以存储此密钥,并在身份验证后自动在客户端(相同帐户)之间共享它,但这意味着服务器将能够解密数据,从而使额外的加密层变得无用。
Conclusion: If you really need to use this method, the two clients must share the key using a different channel (eg phone). 结论:如果您确实需要使用此方法,则两个客户端必须使用不同的通道(例如电话)共享密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.