堆栈内存溢出
  简体   繁体   English

从客户端到服务器以及从服务器到客户端的Http加密

[英]Http with Encryption from Client to Server and Server to Client

 原文  2010-07-05 13:33:11       c#/ http/ deployment/ encryption

问题描述

Here is a scenario: 这是一个场景:

  1. Desktop application 桌面应用
  2. Installed from the web 通过网络安装
  3. Needs to call a WCF webservice 需要调用WCF Web服务
  4. Transferred data needs to be encrypted from Client to Server and Server to Client 需要对从客户端到服务器以及从服务器到客户端的传输数据进行加密

Is there a well understood solution for this that is: 是否对此有一个很好理解的解决方案:

  1. Secure 安全
  2. Easy to manage and deploy 易于管理和部署

I guess what this comes down to firstly is whether https encryption happens in both directions... Does it? 我想这首先归结为https加密是否在两个方向上都发生了?是吗? Or do you need mutual authentication for that? 还是您需要相互认证?

3 个解决方案

解决方案1
 4  2010-07-05 13:36:27

尝试通过SSL使用HTTP

解决方案2
 2 已采纳  2010-07-05 14:00:19

HTTPS is what you're after - it does provide end-to-end encryption (client-to-server and server-to-client). HTTPS是您所需要的-它确实提供了端到端加密(客户端到服务器和服务器到客户端)。

So long as you can generate and install a server certificate, and be sure that your clients 'trust' the issuing authority of your certificate, then you're good to go. 只要您可以生成并安装服务器证书,并确保您的客户“信任”证书的颁发机构,那么您就很好了。 Note that this is not mutual authentication - your clients know that they have contacted the correct server, but the server does not know who has contacted it. 请注意,这不是相互身份验证-您的客户知道他们已经联系了正确的服务器,但是服务器不知道是谁联系了它。

It can offer mutual authentication through the use of client-side certificates, but I would argue that does not fall under the 'easy to deploy' requirement. 可以通过使用客户端证书提供相互身份验证,但是我认为这不属于“易于部署”的要求。

解决方案3
 0  2010-07-05 14:00:00

HTTPS works... HTTPS有效...

I was confusing Encryption with Authentication and they are two different things. 我将加密与身份验证混淆了,这是两件事。 Simple Https which is the most common only authenticates the server to the client which is sufficient in many cases. 最常见的简单Https仅向客户端认证服务器,这在许多情况下就足够了。 An additional step (where the client also has a certificate) can be required to authenticate the client to the server but this is not required. 可能需要一个附加步骤(客户端也有证书)才能向服务器验证客户端,但这不是必需的。 In both scenarios, data with Https is encrypted from both the server to the client and client to the server using a session key once the SSL handshake has been completed. 在这两种情况下,一旦SSL握手完成,带有Https的数据就会使用会话密钥从服务器加密到客户端,再从客户端加密到服务器。 This is all described here: 此处描述全部:

Description of the Secure Sockets Layer (SSL) Handshake 安全套接字层(SSL)握手的说明

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 RSA客户端服务器加密解密 - RSA Client Server Encryption Decryption 浏览器客户端和服务器端代码中的加密 - Encryption in both browser client and server side code RSA(客户端加密/服务器解密) - RSA (client side encryption/ server decryption) 客户端-服务器数据加密和协议设计 - Client-Server Data Encryption and Protocol Design 在客户端-服务器环境中使用AES加密 - Using AES encryption in a client-server environment 快速轻量级.NET客户端加密 - >服务器解密 - Fast Lightweight .NET Client Encryption -> Server Decryption NodaTime:从服务器到客户端 - NodaTime: From server to client 从服务器通知客户端 - notify client from server 在Windows应用程序中将消息从服​​务器推送到客户端(仅HTTP) - Pushing messages from server to client in windows application (HTTP only) 是否可以通过http将数据从客户端流传输到服务器? - Is it possible to stream data from client to server via http?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM