加密/解密字符串的最佳算法密钥存储方式 [英] Best algorithm to Encrypting / Decrypting a string & Key storage method
问题描述
不建议将电子邮件地址以纯文本形式存储在数据库中,因此我想找出执行此操作的最佳算法.选项是:
It is not advisable to store email addresses in databases in plain text, so I would like to find out the best algorithm to do this. Options are:
(来自文档)
CFMX_COMPAT:ColdFusion MX 和之前版本中使用的算法.此算法是最不安全的选项(默认).
CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).
AES:美国国家标准与技术研究院 (NIST) FIPS-197 指定的高级加密标准.
AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197.
BLOWFISH:由 Bruce Schneier 定义的 Blowfish 算法.
BLOWFISH: the Blowfish algorithm defined by Bruce Schneier.
DES:由 NIST FIPS-46-3 定义的数据加密标准算法.
DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3.
DESEDE:由 NIST FIPS-46-3 定义的三重 DES"算法.
DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3.
另一个问题是密钥应该存储在哪里?在数据库中还是在源代码中?会加密还是不加密?如果它会被加密,那么问题是如何存储将加密密钥的密钥.
Another questions is where should the key be stored? In the database or in the source code? Will it be encrypted or not? If it will be encrypted, then the question raises of how the key that will encrypt the key be stored.
是否应该存储在源代码中,无源分发好不好?
Should it be stored in the source code, will sourceless distribution be good?
推荐答案
我会使用 AES.它是列出的最快和最强的.
I would use AES. it's the fastest of those listed and the strongest.
至于在哪里存储密钥,那就是 64,000 美元的问题.你不应该把它放在数据库中(至少不要放在与它用于加密的数据相同的数据库中)或你的源代码中.
As for where to store the key, that is the $64,000 question. You should not put it in the DB (At least not in the same DB as the data it is being used to encipher) or in your source code.
密钥管理是一个主题的野兽.NIST 有数百页关于如何做到这一点的文档.
Key management is a beast of a topic. NIST has hundreds of pages of documentation on ways to do it.
http://csrc.nist.gov/groups/ST/toolkit/key_management.html
密钥管理涉及密钥的正确生成、交换、存储、轮换和销毁.您不应该永远使用同一个密钥(一个非常常见的错误),也不应该不正确地存储它.
Key Management involves proper generaton, exchange, storage, rotation, and destruction of keys. You should not use the same key forever (a very common mistake) nor store it improperly.
您应该查看 NIST 指南并确定适合您的策略,并根据数据的敏感性充分保护您的数据.
You should take a look at the NIST guidelines and determine a strategy that works for you and adequately protects your data based on its sensitivity.
这篇关于加密/解密字符串的最佳算法密钥存储方式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
