简体繁体 English

使用盐对ID进行编码/解码

[英]Encode/Decode an id using a salt

原文 2015-05-12 19:47:26 7 1 javascript/ c#/ node.js

I have an api that I want allow users to send an id to, but I don't want the id to be visible over a network. 我有一个api ，希望允许用户向其发送id ，但是我不希望该ID在网络上可见。 I decided that I will then generate a secret for the user which will be used as a salt to hash the id they send. 我决定，然后为用户生成一个secret ，将其用作盐来哈希他们发送的id 。 They will then take that id and secret to connect to my api . 然后，他们将使用该id和secret连接到我的api 。

The server is written with node.js , and the client will be written in c# , so I need a way so that both languages can encode/decode if they know the secret . 服务器是用node.js编写的，而客户端将是用c#编写的，所以我需要一种方法，使得两种语言都可以在知道secret进行编码/解码。

So... 所以...

C# will encode the id C#将对id进行编码
Node.js will decode the id Node.js将解码id

I have never create an salt like this before, so what method(s) can I use to do this? 我以前从未制造过这样的盐，那么我可以使用什么方法来做呢？ I think eventually I will be using more just C# to encode the id , so methods for other languages would be awesome too! 我认为最终我将使用更多的C#来编码id ，因此其他语言的方法也很棒！

1 个解决方案

If you want to hide information from prying eyes, use TLS (as suggested in the comments). 如果要隐藏信息，请使用TLS（如注释中所建议）。 Also from the comments, it looks like what you want is not to hide the ID but a way to sign messages so you can make sure the messages you receive are legal messages from your application. 同样，从注释中看，您想要的不是隐藏ID，而是一种签名消息的方式，这样您可以确保收到的消息是来自应用程序的合法消息。 In this case, each message you receive will come with a hash, that hash is computed from the message and the secret key. 在这种情况下，您收到的每条消息都将带有一个哈希，该哈希是根据消息和密钥计算得出的。 Then your server will try to compute the same hash from the received message and the stored secret key and then compare it to the received hash. 然后，您的服务器将尝试根据接收到的消息和存储的密钥计算相同的哈希，然后将其与接收到的哈希进行比较。 A salt has a different use. 盐有不同的用途。 (this was intended as a comment but didn't fit) （此内容仅供参考，但不合适）