具有数字签名的Java REST服务
[英]Java REST-Service with Digital Signing
问题描述
I have a small REST-Service which a handfull of clients connect to. 
我有一个小的REST服务,有很多客户端连接到该服务。 Now I need to make sure that request comes only from my clients and the response only from my server. 现在,我需要确保该请求仅来自客户端,而响应仅来自服务器。 I don't need to encrypt the data because it doesn't matter if someone can read it, it is just important noone can enter wrong data. 我不需要加密数据,因为有人可以读取它并不重要,重要的是没人可以输入错误的数据。
Now my idea was to use digital signation with public and private keys (RSA). 现在,我的想法是将数字签名与公钥和私钥(RSA)结合使用。 What's really important is the speed of the algorithm. 真正重要的是算法的速度。
Is this the right idea? 这是正确的主意吗? How do I implent this in JAX-RS? 如何在JAX-RS中做到这一点?
1 个解决方案
解决方案1
1 已采纳 2016-06-23 20:16:39
TLS is pretty fast and it's rather secure (compared to most home-brew stuff anyway). TLS相当快而且相当安全(无论如何,与大多数自制软件相比)。 OK, it also provides confidentiality, but that should be OK. 好的,它还提供了保密性,但是应该可以。 Using TLS - possibly with self signed certificates - probably makes most sense. 使用TLS(可能带有自签名证书)可能最有意义。 You have pretty fast algorithms here, such as ECDHE-ECDSA-AES128-GCM-SHA256 . 您在这里有非常快速的算法,例如ECDHE-ECDSA-AES128-GCM-SHA256 。
ECDSA using SHA-512 probably makes most sense if you want to go for application level security (signing the requests / responses) possibly using a CMS container format. 如果您想使用CMS容器格式来获得应用程序级安全性(对请求/响应进行签名),则使用SHA-512的ECDSA可能最有意义。 Note that you may have to protect against replay attacks if you go this route. 请注意,如果您选择此路线,则可能必须防止重放攻击。 The chances of screwing this up are much higher though. 不过,搞砸这一点的机会要高得多。
ECDSA is much faster than RSA for private key operations, so it should definitely be preferred over RSA when high efficiency is required (unless RSA is still fast enough, something that may very well be the case). 对于私钥操作,ECDSA比RSA快得多,因此在需要高效率的情况下,ECDSA绝对比RSA更可取(除非RSA仍然足够快,这很可能就是这种情况)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.