简体繁体 English

一种保护通过网络发送数据的方法？

[英]A way to protect data being sent over a network?

原文 2011-09-12 17:41:18 8 4 c++/ c/ network-programming/ cryptography

I have just finished an application, a simple messenger client and I am looking to encrypt all of the data, whether a phrase of 3 or 200 letters . 我刚刚完成了一个应用程序，一个简单的Messenger客户端，并且希望对所有数据进行加密，无论是3个字母还是200个字母的短语 。

What's the best algorithm for this type of app? 这类应用的最佳算法是什么？ At this moment I am trying to use 3DES with crypto++ (on VC10), but padding and others things seem a bit difficult. 目前，我正在尝试将3DES与crypto ++（在VC10上）配合使用，但是填充和其他操作似乎有些困难。

I am not familiar with cryptography, so any helpful advice is welcome. 我不熟悉加密技术，因此欢迎提供任何有用的建议。

4 个解决方案

Use TLS , say, OpenSSL, which is tried-and-tested technology for protecting data in transit (although you need a trusted root node, and there are PROBLEMS with that so you may want to self-sign). 使用TLS （例如OpenSSL），它是一种经过验证的技术，可以保护传输中的数据（尽管您需要一个受信任的根节点，并且存在一些问题，因此您可能需要自签名）。

After that, you should ask whether you need to store these messages locally, and if so whether to encrypt them then. 之后，您应该询问是否需要在本地存储这些消息，以及是否需要对它们进行加密。 The security requirements are different -- a password-protected symmetric cipher might be more appropriate. 安全要求不同-密码保护的对称密码可能更合适。

If you're concerned about a secure chat service, then you may be concerned about a secure anonymous chat service, in which case you might want to look at key exchange protocols . 如果您担心安全的聊天服务，那么您可能会担心安全的匿名聊天服务，在这种情况下，您可能需要查看密钥交换协议。

One important factor is how reliable the network connection is expected to be. 一个重要因素是预期网络连接的可靠性。 If you don't expect many dropped packets, or packets that arrive quite late, then you can use a stream cipher, or a symmetric block cipher in chaining mode. 如果不希望有很多丢弃的数据包或到达很晚的数据包，则可以在链接模式下使用流密码或对称分组密码。 If you expect more network unreliability, then a symmetric block cipher in ECB mode would be more appropriate, because lost data would simply be lost data, and wouldn't throw the whole thing out of sync. 如果您期望更多的网络不可靠性，那么ECB模式下的对称块密码会更合适，因为丢失的数据只会丢失数据，并且不会使整个过程不同步。 You'd want to pad each cleartext block with some random data; 您需要在每个明文块中填充一些随机数据。 eg, if each block is 64 bits, make at most 32 bits of that data, and the rest random. 例如，如果每个块为64位，则使该数据最多32位，其余为随机数。 That way, it won't be obvious if the same data is sent multiple times. 这样，多次发送相同的数据就不会很明显。

Generally speaking, PKC isn't used to encrypt messages. 一般来说，PKC不用于加密消息。 It's used to encrypt a random session key, which is then used with a fast symmetric algorithm such as 3DES, AES, or Blowfish. 它用于加密随机会话密钥，然后将其与快速对称算法（例如3DES，AES或Blowfish）一起使用。

First of all, nearly the only reason to use 3DES is to be compatible with something else that already uses 3DES, and doesn't support anything newer. 首先，几乎唯一使用3DES的原因就是要与其他已经使用3DES的东西兼容，并且不支持任何更新的东西。 3DES was mostly a quick hack to allow pre-existing implementations of DES (especially in hardware) to continue to be used until they could be replaced -- but it's a pretty lousy choice in general. 3DES主要是一种快速的技巧，它可以允许在不被替换的情况下继续使用DES的现有实现（尤其是在硬件中），但这通常是一个很糟糕的选择。 DES was really designed to be implemented in hardware -- in software, it takes a lot of CPU time for the security achieved. DES实际上是设计为在硬件中实现的-在软件中，要实现安全性需要花费大量CPU时间。

Second, you haven't really told us enough about the situation to give a real answer. 其次，您还没有真正告诉我们有关情况的确切答案。 Are you talking about a basically closed system, where you can pre-share the key(s) to the users, or get a key to them by some out of band means (eg, call them, agree on a key, and after that they can use it without further calls?) or do you need to be able to accept arbitrary users without any manual setup (much more complex)? 您是在谈论一个基本封闭的系统吗？您可以在其中向用户预共享密钥，或通过某种带外方式（例如，打电话给他们，商定密钥，然后再向其获取密钥）他们可以不经进一步调用就使用它吗？）还是您需要无需任何手动设置即可接受任意用户（复杂得多）？ Do users need some way of verifying the identity of the server, or do you want them to just trust that whatever responds to the correct URL will be the right server (again, adding such verification adds a lot more complexity)? 用户是否需要验证服务器的身份的一些方法，或做你想让他们只是相信任何响应正确的URL 将是正确的服务器（再次，增加这样的验证增加了更多的复杂性）？

For the sake of argument, let's assume you want encryption but not authentication (ie, no necessity to verify connection to the correct server). 为了便于讨论，我们假设您需要加密而不是身份验证（即，无需验证与正确服务器的连接）。 In such a case, I'd start by choosing AES -- well-known, easily available, heavily studied, and as far as is publicly known, quite secure. 在这种情况下，我将从选择AES入手，AES是众所周知的，容易获得，经过大量研究并且据公众所知是相当安全的。

From there, you need to choose a key. 从那里，您需要选择一个钥匙。 One typical way is to use some public-key protocol (eg, RSA) to exchange a key. 一种典型的方法是使用某些公共密钥协议（例如RSA）来交换密钥。 One possible way is for the client to send its public key to the server. 一种可能的方式是客户端将其公钥发送到服务器。 The server generates a session key (just a random number the right size to use as an encryption key), encrypts it with the client's public-key, and sends the result back to the client. 服务器会生成一个会话密钥（只是一个大小合适的随机数作为加密密钥），并使用客户端的公共密钥对其进行加密，然后将结果发送回客户端。 For the remainder of that session, all of the data exchanged between the two is encrypted with the symmetric protocol (eg, AES) using that session key. 对于该会话的其余时间，使用该会话密钥使用对称协议（例如AES）对两者之间交换的所有数据进行加密。

As far as how to generate the random number goes: do not use rand() or anything on that order. 至于如何产生随机数云：不使用rand()或任何顺序。 The usual method is to use the same encryption algorithm (AES) in what's called counter mode -- you just keep a counter, and to create a key you increment a counter you keep internally, encrypt that with some secret key, and use the result as a session key. 通常的方法是在所谓的计数器模式下使用相同的加密算法（AES）-您只需保留一个计数器，然后创建一个密钥，然后在内部增加一个保留的计数器，并使用一些秘密密钥对其进行加密，然后使用结果作为会话密钥。

Since others have mentioned the mode of operation to use with the encryption, I'll chip in my two cents worth on that as well: you probably do not want to use ECB unless you really expect a horrendously noisy connection, and it's really crucial for the receiver to get all possible data, even at the risk of exposing data to an attacker. 由于其他人所说的操作模式与加密使用，我将在我的价值在那两毛钱芯片得好：你可能不希望使用ECB，除非你真的希望一个窘况嘈杂的连接，它是真正的关键接收者获取所有可能的数据，即使有将数据暴露给攻击者的风险。

CBC (for only one obvious possibility) gives almost as good of capability to recover from lost packets (it's self-synching, so a burst of noise in transmission can destroy two packets instead of one like in ECB), but does a great deal more to hide the data from an attacker. CBC（只有一个明显的可能性）给出了几乎一样好能力，从数据包丢失恢复的（这是自synching，所以在传输可以摧毁两个包而不是一个像欧洲央行噪声突发），但确实更大量的隐藏攻击者的数据。