AES算法(通过密钥长度) - AES通键+ addtional PIN码 [英] AES algorithm (pass key length) - AES pass key + addtional PIN code
问题描述
在我的业务场景(基本上是一个云文件共享应用程序),我有以下情况:
In my business scenario (basically a cloud file sharing application) I have the following case:
-
用户上传文件( S)到文件夹
user uploads file(s) to the folder
它正在如果该文件夹的PIN保护检查
it's being checked if the folder is PIN protected
1)如果它的的没有PIN保护的下,使用存储在存储在
数据库的应用程序+四键预定义的通行钥加密的文件。
1) If it's not PIN protected, encrypt the file using the predefined pass key stored in the application + IV key stored in the database.
2)如果它的的 PIN码保护的,加密使用存储在数据库中的预定义通键+ PIN值+ IV密钥的文件
2) If it's PIN protected, encrypt the file using the predefined pass key + PIN value + IV key stored in the database
的问题是,AES,具有有限的传球密钥长度变得无效密钥长度时,最大密钥长度(16, 24,32字节)的上限。我的主要问题是如何实现这样的事情,同时保持安全性。
The problem is that AES, having limited pass key length gets invalid key length when the max key size (16, 24, 32 bytes) is exceeded. My main question is how to achieve something like that while maintaining the security.
目前文件夹密码长度没有限制,但似乎我应该把它限制在至少AES密钥传递的最大长度。略有好转,可以使用RijndaelManaged的我哪里有关于通密钥长度多一点灵活性。
At the moment folder PIN length isn't limited but it seems that I should limit it to at least the max length of the AES key pass. Slight improvement could be using RijndaelManaged where I have a bit more flexibility regarding the pass key length.
任何建议,将不胜感激。
Any suggestion would be appreciated.
注意:我不认为代码将增加任何价值的问题,但如果有人不同意,让我知道,我会添加
Note: I don't think code would add any value to the question but if anyone doesn't agree, let me know and I'd add it.
推荐答案
一个密钥导出函数将创建一个受控长度的密钥,如果导出密钥的长度超过需要的只是截断它。
A key derivation function will create a key with a controlled length, if the derived key is longer than needed just truncate it.
此外加密IV不被视为秘密,通常只是预置到加密的数据。许多尖齿的密钥导出的盐以及迭代次数还预先考虑加密的数据。为了获得良好的安全性,最好使用以及审核的方法。
Additionally the encryption IV is not considered secret and usually just prepended to the encrypted data. Many tines the key derivation salt as well as the iteration count is also prepended to the encrypted data. For good security is is best to use well vetted methods.
这篇关于AES算法(通过密钥长度) - AES通键+ addtional PIN码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
