在JavaScript中生成RSA关键字 [英] Generating an RSA keypair in JavaScript
问题描述
我最近发现了这个RSA JavaScript库: http://www.ohdave.com/rsa/。但是,它需要预先生成密钥。这是我的问题/问题:
I recently found this RSA JavaScript library: http://www.ohdave.com/rsa/. However, it requires that the key be pre-generated. Here are my questions/issues:
-
我想在JavaScript中生成一个RSA关键字(所以我不会'当我想要一个新的密钥对时,不得不更改代码。)
I'd like to generate an RSA keypair in the JavaScript (so that I don't have to change the code every time I want a new keypair.)
虽然我明白如何使用这个方法来发送安全数据,没有错误,这个库不能用于客户端从服务器接收安全数据(因为公共和私有指数以及模数都是从服务器传输的纯文本)。我错了吗?
While I understand how this can be used to send secure data, if I'm not mistaken this library cannot be used for the client to receive secure data from the server (because the public and private exponents, and the modulus, are transmitted plain-text from the server). Am I mistaken?
我喜欢一些关于这个的讨论。我不是安全专家,但是我非常坚定地对非对称加密。
I'd love some discussion about this. I'm no security expert, but I have a pretty firm grasp on asymmetric encryption.
推荐答案
生成密钥对需要一个强大的随机数生成器(我不认为你在JavaScript中有一个),而且相当计算位(用于原语测试)。一旦你有对,当你将公共钥匙传输到另一边时,就有一个中间人攻击的机会,因为公钥传输没有完整性检查。
Generating the keypair requires a strong random number generator (I don't think you have one in JavaScript), and quite a bit of computation (for primality testing). Then once you have your pair, when you transmit your public key up to the other side, there's an opportunity for man-in-the-middle attack since there is no integrity check on the public key transmission.
您将获得具有私钥的任何人的安全传输。从您的问题不清楚是否是客户端或服务器。您可以通过让只有公共密钥生成共享密钥的人员来初始化共享密钥,将其加密并发送给拥有公钥的人。
You will get secure transmission to whoever has the private key. It's not clear from your question whether that is the client or the server. You can initialize a shared secret by having whoever has only the public key generate a shared secret, encrypt it and send it to whoever has the public key.
您可以获得相似的功能集(依赖随机数生成器,MITM的脆弱性,创建共享秘密的能力用作会话密钥),但是通过执行Diffie-Hellman密钥交换来减少计算量。
You can get a similar feature set (dependence on random number generator, vulnerability to MITM, ability to create shared secret for use as session key) but with much less computation by performing a Diffie-Hellman key exchange instead.
您可能更好地了解如何在服务器上配置SSL。
You are probably better off figuring out how to configure SSL on your server.
这篇关于在JavaScript中生成RSA关键字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
