堆栈内存溢出
  简体   繁体   English

Android:我选择哪种加密方式,以使用WCF将数据安全地发送到应用程序?

[英]Android : What kind of encryption do I choose to send my data safely to an app using WCF?

 原文  2012-07-04 13:19:52       java/ android/ wcf/ encryption/ aes

问题描述

I have a project where I need to connect an Android App to an ERP that uses WCF, IIS (Internet Information Services), Active Directory and Role Based Scurity. 我有一个项目,需要将Android应用程序连接到使用WCF,IIS(Internet信息服务),Active Directory和基于角色的Scurity的ERP。

There are thus a lot of security options allready included by default like basicHttpBinding which allows the use of certificates and HTTPS and so on. 因此,默认情况下已经包含了许多安全选项,例如basicHttpBinding,它允许使用证书和HTTPS等。

The one thing I haven't decided yet is what data encryption I'll use to secure the data when it travels from the app to the ERP. 我还没有决定的一件事是,当数据从应用程序传输到ERP时,我将使用哪种数据加密来保护数据。 I have read that there is a Java AES library that can be used, then again I also read that somebody could also decrypt the packages if he or she intercepts them. 我读到有一个可以使用的Java AES库,然后我又读到,如果有人拦截了这些程序包,则也可以解密该程序包。

I was wondering two things: 我在想两件事:

  • Is there a "Best Practice" concerning data encryption on mobile apps, since the computing power is not as strong as a computer's and the message can't be too heavy or long to decrypt since this would slow down the app which we do not want of course. 是否有关于移动应用程序上数据加密的“最佳实践”,因为计算能力不如计算机强,并且消息不能太重或太长而无法解密,因为这会使我们不希望的应用程序变慢当然。

  • I was actually thinking about using some kind of PGP public key where the public key is in the Android Devices and the private Key is in the ERP but maybe this is not a smart or even a very secure way to do it? 我实际上是在考虑使用某种PGP公钥,其中公钥位于Android设备中,而私钥位于ERP中,但这可能不是一种聪明甚至是非常安全的方法吗?

Then again.. since I'll be using TLS, maybe I don't need to encrypt my Data and it's secure enough? 再说一次..因为我将使用TLS,也许我不需要加密我的数据并且它足够安全吗?

Thanks in advance! 提前致谢!

1 个解决方案

解决方案1
 1 已采纳  2012-07-05 08:51:03

android is pretty much strait forward with their security protocols. android在其安全协议方面几乎向前迈进了一步。

What you can do is use this function and find the protocol you would like to use: 您可以做的就是使用此功能,然后找到要使用的协议: 

Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
    for (Object entry : provider.keySet()) {
        String name = String.valueOf(entry);
        if (name.startsWith("Cipher")) {
            Log.d("Cipher", "Supports: " + name.substring(7));
        }
    }
}

any one of those is a standart protocol and can be used both on the client side and the server side. 这些协议中的任何一个都是标准协议,可以在客户端和服务器端使用。

good luck. 祝好运。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我的系统选择加密算法的标准是什么 - what is the criteria to choose encryption algorithm for my system 这是什么类型的散列/加密? - What kind of hashing / encryption is this? 如何使用LDAP识别我的函数引发的哪种错误? - How i do for recognize what kind of error my function raises, using LDAP? 我应该在Android应用程序中使用哪种简单的数据存储区? - What kind of simple datastore should I use in my android application? 如何在Android应用中以正确的时间发送数据? - How do I send data with accurate timing in Android app? 有什么选择可以安全地将文件保存在android应用中? - What is the alternatives safely keep files in android app? 如何使用android应用将参数发送到使用JSON的远程服务器。 代码如下 - how do i send parameters using my android app to a remote server using JSON. the code is given below 我需要在服务器上做什么才能与Android应用程序通信? - What to I need to do to on my server to communicate with an Android app? 如何使用JSON从远程数据库检索数据并显示在android应用程序xml文件中? - How do i retrieve the data using JSON from the Remote Database and display in my android app xml file? 如何使用Java在Android应用程序的googlemaps api中传递和提取数据? - How do I pass and extract data in googlemaps api in my android app using java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM