如何加密字符串数据,使其只能由驻留在其上的计算机解码?
[英]how to encrypt string data so that it can only be decoded by the computer it resides on?
问题描述
say i have strings that are sent back and forth from the client, and server via AJAX. 
说我有从客户端和服务器通过AJAX来回发送的字符串。
however i wish to securely encrypt it before being sent via the client. 但是我希望在通过客户端发送之前对其进行安全加密。 once it's on the server, it should be decrypted, and processed. 一旦将其放在服务器上,就应该对其进行解密和处理。
additionally, how does password encrypting work ? 另外,密码加密如何工作? user signs up, and upon entering password, its encrypted on the server, and stored on the database. 用户注册,并在输入密码后将其加密在服务器上并存储在数据库中。 what about when user logs in? 用户登录时该怎么办? is the user password being encrypted again and being matched against the one in the database? 用户密码是否再次加密并与数据库中的密码匹配?
2 个解决方案
解决方案1
9 已采纳 2009-11-04 21:50:31
An asymmetric algorithm could be used like so: 可以这样使用非对称算法 :
- The server generates a pair of private/public keys 服务器生成一对私钥/公钥
- Client asks server (via AJAX) its public key 客户端(通过AJAX)询问服务器其公钥
- Client encrypts data with the public key 客户端使用公钥加密数据
- Client sends encrypted data to server 客户端将加密的数据发送到服务器
- Server uses private key to decrypt data 服务器使用私钥解密数据
All these things have already been implemented and tested, so why reinvent the wheel and not directly use HTTPS? 所有这些事情都已经实现和测试,那么为什么要重新发明轮子而不直接使用HTTPS? This will guarantee you that any exchange between client and server will be encrypted. 这将保证您在客户端和服务器之间的任何交换都将被加密。
解决方案2
1 2009-11-04 21:51:47
On the login question 关于登录问题
There are many ways passwords can be used. 可以使用多种方式使用密码。 The most direct (but less secure) is where the password itself is sent, in the clear, to the server. 最直接(但不太安全)的是密码本身以明文形式发送到服务器的位置。 Other approaches still require the password to be sent but it is encrypted, for example with the server's public key. 其他方法仍然需要发送密码,但必须使用服务器的公共密钥对其进行加密。 Other approaches involve an authentication challenge , whereby the server sends a random value/string which the client converts thorugh a hash function of sorts (involving the password as a key, of course), the result of the conversion is sent to the server which compares it with its own computation of the same process. 其他方法涉及身份验证挑战 ,服务器将向服务器发送一个随机值/字符串,客户端将其转换为某种哈希函数(当然,将密码作为密钥),然后将转换结果发送到服务器进行比较它可以自己计算相同的过程。 The advantage of using a challenge is that it prevents man-in-the-middle attacks , since the authentication message is different each time (whereby a fixed message would allow the "man in the middle" to replay a recorded sequence of packets associated with the password passing, and hence falsely identify itself) 使用质询的优势在于,它可以防止中间人攻击 ,因为每次身份验证消息都是不同的(因此,固定消息将允许“中间人”重播与之关联的已记录数据包序列密码传递,因此错误地标识了自己)
On the [badly worded] main question ("only being able to be decoded on the computer it resides on"...) 在 [措辞不佳] 主要问题上 (“只能在其所在的计算机上解码” ...)
There exists several physical devices (dongles and such) as well as intrinsic identity indicators on a given computer (MAC addresses), along with logical constructs/contents on the hard disk (although we're getting in the "soft", ie more easily portable area here...), which can be used to identify a given host and thence supply the necessary elements (keys and such) to decode a message. 给定计算机上存在数个物理设备 (加密狗等)以及固有身份指示符(MAC地址),以及硬盘上的逻辑结构/内容(尽管我们使用的是“软”软件,即更容易实现)可移植区域...),可用于识别给定的主机,并因此提供必要的元素(键等)来解码消息。
However, I believe this question was more generic: 但是,我认为这个问题更为笼统:
It is possible for two computers to share, secretly, a key which they can use to exchange information that other computers could not decrypt (easily). 两台计算机可能秘密地共享一个密钥,它们可以用来交换其他计算机无法(轻松)解密的信息。 These keys can either be put in place externally, or be negociated on the fly of each new session, using, initially, public key encryption for example as the Diffie-Hellman key exchange 这些密钥可以放在外部,也可以在每个新会话进行时进行协商,首先使用公钥加密,例如作为Diffie-Hellman密钥交换。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.