AES加密和密钥存储？ [英] AES Encryption and key storage?

问题描述

几年前，当第一次被介绍给ASP.net和.NET Framework，我建立了一个非常简单的在线文件存储系统。
该系统采用Rijndael加密存储在服务器的硬盘上加密的文件，一个HttpHandler解密并把这些文件发送给客户端。

A few years ago, when first being introduced to ASP.net and the .NET Framework, I built a very simple online file storage system. This system used Rijndael encryption for storing the files encrypted on the server's hard drive, and an HttpHandler to decrypt and send those files to the client.

是我与ASP.net和数据库的第一个项目之一，不理解很多关于整个事情是如何工作的（以及坠落到的）描述/001267.html\">same陷阱，我决定与数据库中的每个文件条目存储新生成的密钥和工具变量在一起。

Being one of my first project with ASP.net and databases, not understanding much about how the whole thing works (as well as falling to the same trap described by Jeff Atwood on this subject), I decided to store freshly generated keys and IVs together with each file entry in the database.

为了让事情更清楚一点，加密只是为了保护文件从直接访问服务器，而不是由用户输入的密码生成的密钥。

To make things a bit clearer, encryption was only to protect files from direct access to the server, and keys were not generated by user-entered passwords.

我的问题是，假设我不想让一个键的所有文件，如何 应的我存储最佳的安全加密密钥？什么是最好的做法？ （即：在不同的服务器上，一个纯文本文件，加密）。

My question is, assuming I don't want to keep one key for all files, how should I store encryption keys for best security? What is considered best practice? (i.e: On a different server, on a plain-text file, encrypted).

此外，什么是在这种类型的加密算法用于初始化向量？应该在一个系统是恒定

Also, what is the initialization vector used for in this type of encryption algorithm? Should it be constant in a system?

推荐答案

键应该得到保护和保密，就这么简单。执行不了。密钥管理系统获得可靠提供商出售大量的金钱，因为解决问题的硬盘

Keys should be protected and kept secret, simple as that. The implementation is not. Key Management Systems get sold for large amounts of money by trusted vendors because solving the problem is hard.

您肯定不希望使用相同的密钥为每一个用户，一个关键的更多的是采用的是容易谈到打破它，或者至少有一些信息泄露。 AES是块密码，其将数据分成块和最后的块加密的结果馈送到下一个块。初始化矢量是初始进料进入该算法，因为在起点没有要开始。利用随机IV型具有相同的关键降低信息泄露的风险 - 它应该是为每一个单件的加密数据的不同。

You certainly don't want to use the same key for each user, the more a key is used the "easier" it comes to break it, or at least have some information leaks. AES is a block cipher, it splits the data into blocks and feeds the results of the last block encryption into the next block. An initialization vector is the initial feed into the algorithm, because at the starting point there is nothing to start with. Using random IVs with the same key lowers the risk of information leaks - it should be different for every single piece of data encrypted.

您如何存储密钥取决于您的系统架构。我刚刚完成一个KMS密钥是保持从主系统和功能远加密和解密通过WCF暴露。你在纯文本发送和到达一个密钥和加密文本后面的参考 - 这样在KMS负责系统中的所有加密。这可能是矫枉过正你的情况。如果用户输入一个密码进入你的系统，那么你可以用它来生成密钥对。然后，该密钥对可用于加密该用户的密钥存储 - XML，SQL，不管，并用于解密其用于保护数据的每个键

How you store the keys depends on how your system is architected. I've just finished a KMS where the keys are kept away from the main system and functions to encrypt and decrypt are exposed via WCF. You send in plain text and get a reference to a key and the ciphered text back - that way the KMS is responsible for all cryptography in the system. This may be overkill in your case. If the user enters a password into your system then you could use that to generate a key pair. This keypair could then be used to encrypt a key store for that user - XML, SQL, whatever, and used to decrypt each key which is used to protect data.

不知道更多关于你的系统的配置，或者它的目的就很难推荐以外的任何钥匙必须受到保护，钥匙和工具变量不能重复使用。

Without knowing more about how your system is configured, or it's purpose it's hard to recommend anything other than "Keys must be protected, keys and IVs must not be reused."

这篇关于AES加密和密钥存储？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！