Remot聊天中的加密 [英] Encryption in Remot chat

问题描述

我已经开发了一个使用WCF(带有TCP通讯)的聊天应用程序.在该应用程序中，我使用C#.net密码学，通过在客户端窗体上发送和接收消息时在所有消息中添加我的密钥来提供加密和解密.
问题，
网络管理员可以找到所有聊天消息吗?或
他/她可以阅读该聊天消息吗?或
聊天消息/网络通信可以登录到服务器吗?

如果是，如何查看该日志?

Hi,

I have developed one Chat application using WCF (with TCP communication). In that application I am using C# .net Cryptography provided encryption and decryption with adding my key in all message while sending and receiving message on client form.
Questions,
Is it possible for network administrator to find all chat messages ? OR
Can he / she be able to read that chat message ? OR
Can chat messages / network communications logged on server ?

If yes how to view that log ?

推荐答案

答案取决于您的操作方式.如果您使用公钥加密( http://en.wikipedia.org/wiki/Public -key_cryptography [^ ])(例如RSA)并正确执行，在客户端读取并丢弃该消息后，没有人可以阅读该消息；在这里是否管理员无关紧要.

如果您使用任何单键系统并通过Internet发送系统，那么它如何安全?

如果接收方同时生成两个密钥并作为公共发送加密密钥，则通信是完全安全的.服务器或其他客户端部分都只能获取公用密钥，并且可以加密消息，但是只能由生成密钥的一方解密，因为不应将私钥发送到任何地方.换句话说，使用密钥对消息进行加密的一方无法解密自己的消息-这是基于公共密钥的整个安全思想.

那么，如何归档未加密的消息以供以后搜索等?如果只有两个参与方，而没有服务器(或者服务器只是透明地传输加密消息)，那将不是问题.各方交换两对密钥(共四个).每个发送方都在发送之前对消息进行存档(因为它将永远无法获得解密自己的消息的密钥；它只能解密对方的消息)，并且每个接收方都将其解密后解密并存档解密的消息.一切都是对称的.这样，每一方都可以存档在一对一对话中传递的所有消息，而不能读取其他方的任何消息；此外，中间没有人可以监视消息，无法解密任何消息.甚至是服务器.

这就是我们为什么可以信任此类服务器的原因！想象一下，服务器的行为是完全隐藏的，但是客户端软件是开放源代码的(这是您可以使用第三方服务并信任它的唯一方法，无论它做什么).通过分析此源代码，可以确保仅发送公钥和加密消息.从这个事实，您可以确保您的消息不会在中间被解密.当然，您可以在另一端信任您的同伴，因为此方可以将您的公钥透露给可以冒充您的对手的人；但这是一个不同的问题-您可以使用数据的数字签名来解决它，这与加密相反，请参阅http://en.wikipedia.org/wiki/Digital_signature [ ^ ].

—SA

The answer depends on the way you do it. If you use public-key cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography[^]) (such as RSA) and do it right, nobody can read the message after is read and discarded by a client; being administrator or not is irrelevant here.

If you use any single-key system and send a system over internet… how can it be secure?

A communication is totally secure it a receiving party generates both keys and sends an encrypting key as public. Both server or other client part get only the public key and can encrypt a message, but it can only be decrypted by the party who generated the key, as a private key should not be sent anywhere. In other words, the party which uses a key to encrypt message cannot decrypt its own message — this is the whole idea of the security based on a public key.

So, how to archive unencrypted messages for later search, etc.? It won''t be a problem if you have only two parties, without a server (or if a server just transmit encrypted messages transparently). The parties exchange two pairs of keys (four altogether). Each sending party archives the message before sending (as it will never get a key to decrypt its own message; it can only decrypt the counterpart''s message), and each receiving party decrypts and archive decrypted message after it decrypts it. Everything is symmetric. This way, each party can archive all messages passed on one-to-one conversation and cannot read any messages from other parties; moreover, nobody in the middle who could spy on messages could not decrypt any of them. Even the server.

Here is why we can trust such servers! Imagine that the server''s behavior is totally hidden, but the client software is Open Source (this is the only way when you can use 3rd-party service and trust it no matter what it does). Analyzing this source code, one can make sure that only public keys and encrypted messages are sent. From this fact, you can be sure that your messages are not decrypted in the middle. Of course you can trust your companion on the other end, as this party could disclose your public key to someone who could impersonate your counter-part; but this is a different problem — you could solve it using digital signature of the data, which is the opposite to encryption, please see http://en.wikipedia.org/wiki/Digital_signature[^].

—SA

这篇关于Remot聊天中的加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！