通过两个网络域传输私钥的最佳解决方案
[英]Best solution to transfer private key over two web domain
问题描述
What is the best way to pass the private key to one website to another one.
将私钥传递给一个网站到另一个网站的最佳方法是什么? Website A will have a link with encrypted URL.网站 A 将有一个带有加密 URL 的链接。 On click of the link it will go to Website B where the encrypted text requires decrypt.单击该链接后,它将转到需要解密加密文本的网站 B。 Encryption is done throuh RSA.加密是通过 RSA 完成的。 I can see two approach can be here.我可以在这里看到两种方法。 Create one time private key and share with decryption domains.创建一次性私钥并与解密域共享。 Here no need to pass the key with every request.这里不需要在每个请求中传递密钥。 Another is two create key with every request.另一个是每个请求都有两个创建密钥。 In this case how can I pass the key securely to other domain.在这种情况下,我如何将密钥安全地传递给其他域。 Which approach is the best or anything else I should do with respect to security.哪种方法是最好的,或者我应该在安全方面做任何其他事情。 Or any other best solution.或任何其他最佳解决方案。
1 个解决方案
解决方案1
0 2020-01-27 16:48:52
You can use public key cryptography to securely send data (in your case a private key) from one side to another.您可以使用公钥加密将数据(在您的情况下是私钥)从一侧安全地发送到另一侧。 While both sides have access to the public key, only one side has access to the private key.虽然双方都可以访问公钥,但只有一方可以访问私钥。 While the public key is used to encrypt data the private key is used to decrypt the data.公钥用于加密数据,而私钥用于解密数据。 The size of data which can be encrypted this way is limited (usually only 128-256 bytes).可以通过这种方式加密的数据大小是有限的(通常只有 128-256 字节)。 Therefore normally this technique is used to encrypt/decrypt another encrypted key (AES...) which encrypts/decrypts the actual data.因此,通常这种技术用于加密/解密另一个加密/解密实际数据的加密密钥 (AES...)。
class Program
{
static void Main(string[] args)
{
// your data you want to securely send from B to A without revealing the content
byte[] data = new byte[] { 1, 2, 3, 4, 5, 6 };
// side A
System.Security.Cryptography.RSACryptoServiceProvider full_rsa = new System.Security.Cryptography.RSACryptoServiceProvider(1024);
byte[] publickey = full_rsa.ExportCspBlob(false);
// send the public key to B
// send(publickey)...
// side B
//send encrypted data back to side A
byte[] encrypteddata = EncryptData(publickey, data);
// side A
// decrypt the data encryped by side B
byte[] decrypteddata = DecryptData(full_rsa, encrypteddata);
// decrypteddata = 1,2,3,4,5,6
}
public static byte[] DecryptData(System.Security.Cryptography.RSACryptoServiceProvider full_rsa, byte[] data)
{
System.IO.BinaryReader br = new System.IO.BinaryReader(new System.IO.MemoryStream(data));
int encryptedkeylength = br.ReadInt32();
int aeskeylength = br.ReadInt32();
int aesivlength = br.ReadInt32();
byte[] encryptedaeskey = br.ReadBytes(encryptedkeylength);
byte[] encrypteddata = br.ReadBytes( (int)(data.Length - br.BaseStream.Position));
br.Close();
byte[] decryptedkey = full_rsa.Decrypt(encryptedaeskey, false);
br = new System.IO.BinaryReader(new System.IO.MemoryStream(decryptedkey));
using (System.Security.Cryptography.Aes myAes = System.Security.Cryptography.Aes.Create())
{
byte[] aeskey = br.ReadBytes(aeskeylength);
byte[] aesiv = br.ReadBytes(aesivlength);
System.Security.Cryptography.ICryptoTransform decryptor = myAes.CreateDecryptor(aeskey, aesiv);
using (System.IO.MemoryStream msDecrypt = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream csEncrypt = new System.Security.Cryptography.CryptoStream(msDecrypt, decryptor, System.Security.Cryptography.CryptoStreamMode.Write))
{
using (System.IO.BinaryWriter bw = new System.IO.BinaryWriter(csEncrypt))
{
bw.Write(encrypteddata);
}
return msDecrypt.ToArray();
}
}
}
}
public static byte[] EncryptData(byte[] publickey, byte[] data)
{
using (System.Security.Cryptography.Aes myAes = System.Security.Cryptography.Aes.Create())
{
System.Security.Cryptography.ICryptoTransform encryptor = myAes.CreateEncryptor(myAes.Key, myAes.IV);
using (System.IO.MemoryStream msEncrypt = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream csEncrypt = new System.Security.Cryptography.CryptoStream(msEncrypt, encryptor, System.Security.Cryptography.CryptoStreamMode.Write))
{
System.IO.MemoryStream headerms = new System.IO.MemoryStream();
System.IO.BinaryWriter headerbw = new System.IO.BinaryWriter(headerms);
using (System.IO.BinaryWriter bw = new System.IO.BinaryWriter(csEncrypt))
{
System.Security.Cryptography.RSACryptoServiceProvider public_key = new System.Security.Cryptography.RSACryptoServiceProvider(1024);
public_key.ImportCspBlob(publickey);
byte[] encryptedkey = public_key.Encrypt(Combine(myAes.Key, myAes.IV), false);
headerbw.Write(encryptedkey.Length);
headerbw.Write(myAes.Key.Length);
headerbw.Write(myAes.IV.Length);
headerbw.Write(encryptedkey);
headerbw.Flush();
bw.Write(data);
}
byte[] result = Combine(headerms.ToArray(), msEncrypt.ToArray());
headerbw.Close();
return result;
}
}
}
}
static byte[] Combine(byte[] first, byte[] second)
{
byte[] ret = new byte[first.Length + second.Length];
Buffer.BlockCopy(first, 0, ret, 0, first.Length);
Buffer.BlockCopy(second, 0, ret, first.Length, second.Length);
return ret;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.