堆栈内存溢出
  简体   繁体   English

在 Windows、C++ 和 Java 中加密传输中的数据

[英]Encrypt data in transit in Windows, C++ and Java

 原文  2020-02-06 16:51:24       java/ c++/ ssl/ encryption

问题描述

I have a requirement for encryption of "data in transit" for our client/server application.我需要为我们的客户端/服务器应用程序加密“传输中的数据”。 Our server is written in C++ running on Windows.我们的服务器是用在 Windows 上运行的 C++ 编写的。 Our clients are in C++ on Windows and also on Java.我们的客户在 Windows 和 Java 上使用 C++。 We use TCP/IP for our communication, make direct calls to the usual Winsock APIs like connect, send, bind, etc., and we use our own port numbers (none of which are 80 or 443).我们使用 TCP/IP 进行通信,直接调用通常的 Winsock API,如连接、发送、绑定等,并使用我们自己的端口号(都不是 80 或 443)。 Of course, the Java client code makes standard Java TCP/IP networking calls to communicate with the Windows server.当然,Java 客户端代码会进行标准的 Java TCP/IP 网络调用以与 Windows 服务器进行通信。 I'm still early on in the investigation and I'm trying to understand all the jumble of technologies, protocols, ciphers, etc. I found this article that looks great: [ https://www.codeproject.com/Articles/1000189/A-Working-TCP-Client-and-Server-With-SSL][1] The title of this article is SSL but it actually uses TLS 1.2.我还处于调查的早期,我正在尝试了解所有混乱的技术、协议、密码等。我发现这篇文章看起来很棒:[ https://www.codeproject.com/Articles/1000189 /A-Working-TCP-Client-and-Server-With-SSL][1]这篇文章的标题是 SSL 但它实际上使用的是 TLS 1.2。 It seems that TLS 1.2 is a very good solution for us and it looks like it should be reasonably easy to add these encryption calls to our code. TLS 1.2 似乎对我们来说是一个非常好的解决方案,并且将这些加密调用添加到我们的代码中应该相当容易。

So, my questions are: is TLS the way to go?所以,我的问题是:TLS 是要走的路吗? Or, is there some other technology that would be a better fit?或者,是否有其他更适合的技术? I don't want to overlook anything easier, like: "oh just turn on THIS setting and all your communications will be encrypted".我不想忽略任何更简单的事情,例如:“哦,只需打开此设置,您的所有通信都将被加密”。 Meaning: it would be nice to just have Windows do all the work for us.意思是:让 Windows 为我们完成所有工作会很好。 I don't think a 3rd party VPN would be appropriate for us b/c we want full control and customers would not want to trust a 3rd party with their sensitive data.我认为 3rd 方 VPN 不适合我们 b/c 我们想要完全控制并且客户不想信任 3rd 方处理他们的敏感数据。 The solution also needs to work with a client written in Java.该解决方案还需要使用 Java 编写的客户端。 Doing some quick googling: Java supports TLS and it should be able to negotiate the communication with our C++ Windows server, correct?做一些快速的谷歌搜索:Java 支持 TLS,它应该能够与我们的 C++ Windows 服务器协商通信,对吗? I know there's HTTPS but since we're making direct calls to the Winsock APIs using our own port numbers, it doesn't appear that HTTPS is right for us, correct?我知道有 HTTPS,但由于我们使用自己的端口号直接调用 Winsock API,因此 HTTPS 似乎不适合我们,对吗? I've also read about OpenSSL, but since it's a C-library, it doesn't appear appropriate for Java, correct?我也读过 OpenSSL,但由于它是一个 C 库,它似乎不适合 Java,对吗?

Authentication: Since we're essentially a closed system (we own both the client and server), I think we'd only put a certificate on the server and only the clients would authenticate the server.身份验证:由于我们本质上是一个封闭系统(我们拥有客户端和服务器),我认为我们只会在服务器上放置一个证书,只有客户端才能对服务器进行身份验证。 I'd prefer to not add certs on the client.我不想在客户端上添加证书。

One of my biggest concerns is getting this right.我最关心的问题之一就是把这件事做好。 And my understanding is that security can be very tricky and you don't want to re-invent the wheel.我的理解是安全性可能非常棘手,您不想重新发明轮子。 Therefore, my preference would be to use some proven technology that works in C++ and Java, that is easy enough to add to our code, and provides the necessary encryption.因此,我更喜欢使用一些在 C++ 和 Java 中工作的成熟技术,这些技术很容易添加到我们的代码中,并提供必要的加密。

1 个解决方案

解决方案1
 2  2020-02-06 17:21:14

If you ensure that your application uses TLS for all of its network communications, and particularly if you use digital certificates (which are available but too-often not used), then your crypto requirement will be satisfied.如果您确保您的应用程序在其所有网络通信中使用 TLS,特别是如果您使用数字证书(可用但经常不使用),那么您的加密要求将得到满足。 The applications don't have to further encrypt their communications since the tunnel itself is secure.由于隧道本身是安全的,因此应用程序不必进一步加密它们的通信。

I do very-strongly recommend the use of certificates on both ends.我做的很,强烈建议使用两端证书。 Certificates allow both parties to securely recognize each other, they can be individually revoked, and they can't be spoofed.证书允许双方安全地相互识别,它们可以单独撤销,并且不能被欺骗。

Another strong possibility to consider is VPN, particularly OpenVPN.另一个需要考虑的强大可能性是 VPN,尤其是 OpenVPN。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将加密数据从C ++传输到Java - How to transfer encrypt data from c++ to java 使用C / C ++与Java进行DES加密 - DES encrypt in C/C++ vs Java 在Windows上的Java和C ++之间发送数据? - Sending data between Java to c++ on windows? 用Java加密(AES),用C ++解密(OpenSSL) - Encrypt in Java (AES), Decrypt in C++ (OpenSSL) 在Java上加密信息并在Objective-C / C ++ / C上解密 - Encrypt information on Java and Decrypt it on Objective-C/C++/C 在Windows上从Java到C ++的高效数据传输 - Efficient data transfer from Java to C++ on windows Java实现的C ++加密解密功能(Cryptix工具箱) - Java implementation of C++ encrypt decrypt function(Cryptix toolbox) 在Windows Phone 8.1上以C#加密并在Java中解密 - Encrypt on Windows Phone 8.1 in C# and decrypt in Java 用Java加密解密数据 - Encrypt Decrypt data in Java 在Windows上通过管道进行Java / C ++通信 - Java/C++ communication via pipe on Windows
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM