RSA密钥密钥静态生成 [英] RSA keys keys static generation
问题描述
我正在此处,它说明了如何同时使用AES和RSA.
I'm guiding myself with this answer over here, which explains how to use both AES and RSA.
我设法通过一个util类成功实现了AES部分,在其中我使用了密码短语来生成密钥.该密码短语不会更改,其目的是在对密码进行编码之前先对其进行加密,然后将其保存到数据库中.然后,每当我需要解密该密码时,都可以使用相同的密码来完成,密码应该生成相同的密钥.我已经做好了.
I managed to successfully implement the AES part with an util class in which I use a passphrase to generate keys. This passphrase will not change, the purpose of this is to encrypt a password before encoding it and saving it to a database. Then whenever I need to decrypt this password I can do it with the same passphrase, which should generate the same key. I've got this working.
现在我的问题从RSA开始.我必须通过Java JAX-RS Web服务通过JSON发送信息以注册用户.由于技术"原因,HTTPS/SSL成为不可能.因此,我至少尝试发送使用公共密钥加密的密码.并使用服务器上的私钥对其进行解密.
Now my question begins with RSA. I have to send via JSON through a Java JAX-RS web service the info to register an user. HTTPS/SSL is out of the question for... "tech" reasons. So instead I'm trying to at the very least, send the password encrypted with a public key. and decrypt it with the private key on the server.
然后我用AES加密并将其存储在数据库中.
I then encrypt it with AES and store it in the database.
如果我每次必须生成不同的密钥,我的客户端(android)在这一切发生之前怎么知道公钥?
How would my client (android) know the public key before any of this even happens if I have to generate different keys every time?
推荐答案
您不必每次都生成新的RSA密钥.您可以每次简单地使用公共密钥进行加密.如果数据太大,则应尝试使用混合加密(即,每次生成一个随机AES密钥,使用该消息加密消息,然后使用RSA密钥对的公共密钥加密AES密钥).
You don't have to generate new RSA keys every time. You can simply encrypt with the public key each time. If the data is too large then you should try and use hybrid encryption (i.e. generate a random AES key each time, encrypt the message with it and then encrypt the AES key with the public key of the RSA key pair).
您可以简单地在您的Android应用程序中分发公钥.
You can simply distribute the public key within your Android app.
最好不要在服务器上使用对称加密,如果要存储用于身份验证的密码,请在服务器上生成盐,然后对密码执行PBKDF2.然后存储盐和PBKDF2的结果.然后,每当进行身份验证尝试时,检索盐,再次执行PBKDF2功能,并将结果与数据库中的值进行比较.
It's probably best not to use symmetric encryption at the server, if you want to store passwords for authentication, generate a salt on the server and perform PBKDF2 on the password. Then store the salt and the result of PBKDF2. Then whenever an authentication attempt is made, retrieve the salt, perform the PBKDF2 function again and compare the result with the value in the database.
这篇关于RSA密钥密钥静态生成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
