[英]Android : What kind of encryption do I choose to send my data safely to an app using WCF?
I have a project where I need to connect an Android App to an ERP that uses WCF, IIS (Internet Information Services), Active Directory and Role Based Scurity. 我有一个项目,需要将Android应用程序连接到使用WCF,IIS(Internet信息服务),Active Directory和基于角色的Scurity的ERP。
There are thus a lot of security options allready included by default like basicHttpBinding which allows the use of certificates and HTTPS and so on. 因此,默认情况下已经包含了许多安全选项,例如basicHttpBinding,它允许使用证书和HTTPS等。
The one thing I haven't decided yet is what data encryption I'll use to secure the data when it travels from the app to the ERP. 我还没有决定的一件事是,当数据从应用程序传输到ERP时,我将使用哪种数据加密来保护数据。 I have read that there is a Java AES library that can be used, then again I also read that somebody could also decrypt the packages if he or she intercepts them. 我读到有一个可以使用的Java AES库,然后我又读到,如果有人拦截了这些程序包,则也可以解密该程序包。
I was wondering two things: 我在想两件事:
Is there a "Best Practice" concerning data encryption on mobile apps, since the computing power is not as strong as a computer's and the message can't be too heavy or long to decrypt since this would slow down the app which we do not want of course. 是否有关于移动应用程序上数据加密的“最佳实践”,因为计算能力不如计算机强,并且消息不能太重或太长而无法解密,因为这会使我们不希望的应用程序变慢当然。
I was actually thinking about using some kind of PGP public key where the public key is in the Android Devices and the private Key is in the ERP but maybe this is not a smart or even a very secure way to do it? 我实际上是在考虑使用某种PGP公钥,其中公钥位于Android设备中,而私钥位于ERP中,但这可能不是一种聪明甚至是非常安全的方法吗?
Then again.. since I'll be using TLS, maybe I don't need to encrypt my Data and it's secure enough? 再说一次..因为我将使用TLS,也许我不需要加密我的数据并且它足够安全吗?
Thanks in advance! 提前致谢!
android is pretty much strait forward with their security protocols. android在其安全协议方面几乎向前迈进了一步。
What you can do is use this function and find the protocol you would like to use: 您可以做的就是使用此功能,然后找到要使用的协议:
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
for (Object entry : provider.keySet()) {
String name = String.valueOf(entry);
if (name.startsWith("Cipher")) {
Log.d("Cipher", "Supports: " + name.substring(7));
}
}
}
any one of those is a standart protocol and can be used both on the client side and the server side. 这些协议中的任何一个都是标准协议,可以在客户端和服务器端使用。
good luck. 祝好运。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.