PKCE 与 RSA 双向
[英]PKCE with RSA both ways
问题描述
Can PKCE be implemented with both server and client generating public and private keys? 
PKCE 可以通过服务器和客户端生成公钥和私钥来实现吗? Is it worth it?这值得么? What I think is this flow:我认为是这样的流程:
- Client generates private and public key客户端生成私钥和公钥
- Client sends public key to server客户端向服务器发送公钥
- Server generates private and public key, generates random secret and encrypts secret with clients public key服务器生成私钥和公钥,生成随机密钥并使用客户端公钥加密密钥
- Server sends back to client encrypted secret and servers public key服务器将加密的秘密和服务器公钥发送回客户端
- Client decrypts secret with his secret key, encrypts it again with servers public key and sends encrypted secret back to server客户端用他的密钥解密秘密,用服务器公钥再次加密,并将加密的秘密发送回服务器
- Server decrypts secret with his private key and check if generated and now decrypted secret are the same服务器用他的私钥解密秘密并检查生成的秘密和现在解密的秘密是否相同
Am I missing something?我错过了什么吗? Is this bad approach?这是不好的方法吗? Is this encryprtion/decryption/generating keys heavy to compute?这种加密/解密/生成密钥计算量大吗?
1 个解决方案
解决方案1
1 2022-06-27 08:30:15
Your algorithm seems to be as secure as the PKCE standard.您的算法似乎与 PKCE 标准一样安全。 I don't think there's any additional value in encrypting the random strings.我认为加密随机字符串没有任何附加价值。 You also add one roundtrip to the server, as in PKCE it is the client who generates the initial random string.您还向服务器添加了一次往返,因为在 PKCE 中,生成初始随机字符串的是客户端。
Encrypting consumes resources and it's simple to implement it wrong.加密会消耗资源,而且很容易实现错误。 You also need support for encryption algorithms on both the server and the client side.您还需要在服务器端和客户端都支持加密算法。 Thus, I think it's just redundant to try to add that encryption to a proven standard.因此,我认为尝试将加密添加到经过验证的标准中只是多余的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.