堆栈内存溢出
  简体   繁体   English

多平台数据保护

[英]Multi platform data protection

 原文  2017-03-17 06:08:39       c#/ asp.net-core/ .net-core

问题描述

Question: what is the best way to secure data when developing a multi-platform .NET Core 1.1 application? 问题:开发多平台.NET Core 1.1应用程序时,保护数据安全的最佳方法是什么?

Let me explain what I mean: the application has a configuration file that contains a database connection password. 让我解释一下我的意思:该应用程序有一个配置文件,其中包含数据库连接密码。

I want to do things the right way, which means that after reading the password for the very first time I would prefer to encrypt the string in the configuration file. 我想以正确的方式进行操作,这意味着在第一次读取密码后,我希望对配置文件中的字符串进行加密。 Clearly, I need to use some kind of symmetric encryption with some kind of passphrase. 显然,我需要使用带有某种密码短语的某种对称加密。 With Windows I would use DPAPI and host identity to produce my passphrase ( after obfuscating it a bit of course ). 在Windows中,我将使用DPAPI和主机身份来生成我的密码( 当然,将其混淆一些之后 )。

Linux does not have DPAPI... Is there a truly multiplatform way of achieving what I've described? Linux没有DPAPI ...是否有真正的多平台方式来实现我所描述的?

Thanks in advance! 提前致谢!

Edit: it's preferred for the implementation code base to be the same not depending on the environment / host OS. 编辑:实施代码库最好是相同的,而不取决于环境/主机操作系统。

2 个解决方案

解决方案1
 2 已采纳  2017-03-17 06:20:13

  1. All the sensitive settings should be encrypted in the configuration file 所有敏感设置都应在配置文件中加密
  2. The decryption keys should be stored in environment-variables 解密密钥应存储在环境变量中

Then the application should decrypt the settings on the fly, when it needs those. 然后,应用程序应在需要时动态解密设置。

解决方案2
 2  2017-03-17 06:31:13

I don't believe there is a "truly multiplatform" way to invoke the native OS-level encryption primitives on every platform from a single implementation. 我不相信有一种“真正的多平台”方式可以通过单个实现在每个平台上调用本机OS级加密原语。 I believe many vendors have to target the OS' APIs on a case-by-case basis. 我相信许多供应商都必须根据具体情况针对操作系统的API。

This CIA advice is probably good evidence to support that working around "doing it the hard way" and targeting every platform specifically, probably speaks to the risks involved with trying to find a shortcut: 中央情报局的这一建议可能是支持“以艰辛的方式做事”并专门针对每个平台进行工作的有力证据,这或许表明了尝试寻找捷径所涉及的风险:

All tools must utilize Operating System (OS) provided cryptographic primitives where available (eg, Microsoft CryptoAPI-NG, OpenSSL, PolarSSL, GnuTLS, etc). 所有工具必须在可用的情况下利用操作系统(OS)提供的加密原语(例如Microsoft CryptoAPI-NG,OpenSSL,PolarSSL,GnuTLS等)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .NET中的数据保护 - Data Protection in .Net 多平台编码 - Coding in Multi-Platform 有关Data Protection API(DPAPI)的信息 - information on Data Protection API (DPAPI) 数据保护密钥未保留到Azure - Data Protection Keys Not Persisted To Azure Azure网站上的数据保护/加密? - Data protection / encryption on Azure websites? Endian在网络和多平台中-澄清吗? - Endian in networking and multi platform - clarification? 在 azure 上存储和使用现有的数据保护密钥 - Store and use existing Data Protection keys on azure 如何在 Xamarin.iOS 中使用数据保护? - How to use Data Protection in Xamarin.iOS? 以另一种形式存储数据保护问题 - storing data in another form protection issues .NET 核心数据保护——用在什么地方? - .NET Core data protection - where is it used?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM