什么是付费和开源的顶级密钥管理系统 [英] What are the top key management system both paid and open source

问题描述

我的应用程序采用点网技术构建，我们将客户端特定数据存储在云端。由于信息敏感，我们希望在将敏感信息存储到云之前对其进行加密。所以有人可以建议最好的方法是什么。

另外，我正在使用Visual Studio的快速版本来构建我的应用程序。

解决方案

如果您的信息非常敏感，那么您应该购买功能完整的Visual Studio版本，以便能够整合所有必需的功能。至于加密数据，互联网上有许多文章提供建议。你也可以在SQL服务器中为你的数据库使用加密选项。

谢谢..但我们的情况有点不同......我在下面详细解释： -



我们的应用程序向客户端发送敏感信息（每个客户端都有自己的敏感信息）。所有信息都不敏感，但只有少数字段敏感，所以每当客户请求数据时，我们都想要为了加密这些信息并将其发送出去。为了客户端，他们将拥有自己的密钥管理系统（不同的客户端可以拥有不同的密钥管理服务。）所以现在我们想要实现的是当客户端收到这些信息然后我们的响应时（可能在javascprit中）会要求他们提供他们正在使用的技术的密钥，并使用这个密钥他们将解密响应。这似乎有点复杂，但如果有人能为它提出一些解决方案，那将非常有用。

您可以使用任何Visual Studio edi你需要的，你可以负担得起的。请参阅此处的功能比较： http://www.visualstudio.com /en-us/products/compare-visual-studio-products-vs.aspx [ ^ ]，我建议你试试社区版 [ ^ ]。它也是免费的，也可以用于纪念应用（查看这个 [ ^ ]文章），但比Express快得多。



你写道，你想托管你的应用程序和数据云端。首先，如果您不信任您的提供者，请忘掉它。通常，您不会加密服务器端的数据。你可以，但是如果你需要在服务器端取消数据，它就没用了。所以，假设您信任您的提供商，并且数据以未加密的方式存储。您写道，您需要伪装Web应用程序的通信。您描述的机制是现有的，它被称为 https [ ^ ]。所有数据都从服务器加密到客户端。您可以将http和https组合为加密成本。它的资源成本可能会或可能不会由提供商收取，但如果您需要常规或扩展（绿色条）证书，它肯定会花费您。尽管如此，这是向您的客户保证您的网站值得信赖的唯一方法。自签名证书仅用于开发目的。如果需要，您可以通过http服务GUI元素的方式构建应用程序，并且所有数据都通过https传输，但如果您能负担得起，则通过https传递所有争议。



但是https不会为客户端分配固定密钥。如果需要，可以在javascript端实现PKI（ http://pkijs.org/ [ ^ ]），但我不认为这是这样做的方法。如果要限制对站点的访问并强化应用程序，可以使用客户端证书身份验证。您为他们安装的客户端颁发证书。您可以配置IIS [ ^ ]使用基于此的身份验证客户端。 Windows证书存储是安全的，我无法弄清楚证书身份验证和https不够的情况。是的，它是自动的，因此客户端不需要提供任何密钥，但您仍然可以在其上添加用户名密码验证。

My application build in dot net technology and we are storing client specific data on cloud.Since the information is sensitive , we want to encrypt sensitive information before storing it to cloud. so can anyone suggest what is the best way to do this.
Also, i am using an express version of visual studio for building my application.

解决方案

If your information is that sensitive, then you should buy a fully functional version of Visual Studio in order to be able to incorporate all required features. As to encrypting the data there are many articles on the internet that offer suggestions. You could also use the encryption option in SQL server, for your database.

Thanks..but our scenario is bit different..I am explaining in details below:-

Our application send sensitive information to clients(each client has its own sensitive information).Not all the information will be sensitive but only few fields will be sensitive so whenever client request data, we want to encrypt that information and send it across.To the client ends, they will have their key management system(different client can have different key management services.) so now what we want to achieve is that when client receive this information then our response( probably in javascprit) will ask them to provide key from the technique they are using and using this key they will decrypt the response.This seems to be bit complicated but it will be really heplful if anyone can suggest some solution for it.

You can use any Visual Studio edition you need and you can afford. See a comparison of features here: http://www.visualstudio.com/en-us/products/compare-visual-studio-products-vs.aspx[^], I suggest you try Community edition[^]. It is also free, and can be also used for commertial applications (check this[^] article), but much better than Express.

You wrote, that you want to host your application and data in the cloud. First of all, if you don't trust your provider, forget it. In general you don't encrypt data on server side. You can, but in case you need to dechyper data on server side, it has no use. So le't suppose you trust your provider, and data is stored unencrypted. You wrote you need to enctrypt the communication of the web application. The mechanism you described is existing, it is called https[^]. All the data is travelling encrypted from server to client. You can combine http and https as encryption costs. It's resource cost might or might not be charged by the provider, but if you want regular or extended (green bar) certificate it will cost you for sure. Still, this is the only way to assure your clients that your site is trustworthy. Self-signed certificates are for development purposes only. If you want, you can build your application in a way where GUI elements are served over http, and all data is travelling via https, but if you can afford, deliver all contetn over https.

But https won't assing fixed key to the clients. If you need that you can implement PKI on javascript side (http://pkijs.org/[^]), but I don't think it is the way to do this. If you want to restrict access to the site, and harden the application, you can use client side cerificate authentication. You issue certificates for the clients, which they install. You can configure IIS[^] to use authenticate the client based on this. Windows certificate store is secure, I can't figure out a situation where certificate authentication and https are not enough. Yes, it is automatic, thus client don't need to povide any key, but you still can add username-password authentication on top of it.

这篇关于什么是付费和开源的顶级密钥管理系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！