How to save secure a aes key
Question
following scenario: I've a client server application, the communication is crypted by aes and rsa (poor man ssl). But that's not my problem. The client itself, crypted some text (also aes), this text will be send to the server and will stored into a database. So, here's the problem: The same client can receive this text and can decrypt it. The key for this is stored in the memory. But how can decrypt a second client this data? The second client hasn't the key. These two clients, will be logged in, in the same account. But the key for decrypt the text is on client-side. How can get the second client, with the same login profil the key from the first client?
1 answers
solution1
0 2015-01-19 14:56:29
If two clients must be able to read the same encrypted data then they must share the key used for encryption.
Of course the server could store this key and automatically share it between clients (same account) after authentication but this means that the server will be able to decrypt data, rendering the extra encryption layer useless.
Conclusion: If you really need to use this method, the two clients must share the key using a different channel (eg phone).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.