是否可以用私钥加密/用公钥解密? [英] Can one encrypt with a private key/decrypt with a public key?
问题描述
[免责声明:我知道,如果你知道加密的一切,你可能要告诉我为什么我做错了 - 我已经做了足够的谷歌,以便知道这似乎是典型的反应。]
[Disclaimer: I know, if you know anything about crypto you're probably about to tell me why I'm doing it wrong - I've done enough Googling to know this seems to be the typical response.]
假设以下情况:您有一个中央授权机构想要为给定域发出登录Cookie。在这个域上,你不一定相信每个人,但你有几个关键的端点,他们应该能够读取cookie。我说几个,但在实践中,这个数量的信任合作伙伴可能很大。 Cookie不包含太多信息 - 用户名,时间戳,到期日,随机数。它应该保持小的,当然,出于性能的原因,即使加密后(在原因)。现在,有两个安全问题:
Suppose the following: you have a central authority that wants to issue login cookies for a given domain. On this domain, you don't necessarily trust everyone, but you have a few key end-points who should be able to read the cookie. I say a few, but in practice this number of "trusted" partners may be large. The cookie doesn't contain much information - a username, a timestamp, an expiry, a random number. It should remain small of course, for performance reasons, even after encryption (within reason). Now, there are two security issues:
1)我们不信任用户数据在此域上的每个网络服务器。因此,读取Cookie的能力应限于这些受信任的合作伙伴。
2)虽然我们相信这些合作伙伴可以保护我们的用户数据,但我们仍然希望中央权威机构不可阻挡(再次,在原因之内)。
1) We don't trust every webserver on this domain with user data. For this reason, the ability to read the cookie should be restricted to these trusted partners. 2) While we trust these partners to protect our user's data, we'd still like the central point of authority to be unforgeable (again, within reason).
现在,如果我们为权威机构生成私有RSA密钥并保密,并将公钥仅分发给可信任的合作伙伴,那么我们应该能够使用私钥进行加密,并且任何人都可以使用它公钥。我不清楚的是,是否还需要签名的消息,或者解密的行为是证据,它是用私钥生成的?这是什么方式,这种方案会比所有相关方传播一个对称密钥和使用它来加密,而使用私钥只是签名?当然,请随时告诉我所有的方式这是一个愚蠢的想法,但要记住,实际的论据可能会更有说服力,而不是重新淘汰爱丽丝和鲍勃。
Now, if we generate a private RSA key for the authority and keep it secret, and distribute the public key only to the "trusted partners", we should be able to encrypt with the private key and have it readable by anyone with the public key. What I'm unclear on is, would it still be necessary to sign the message, or would the act of decrypting be evidence that it was generated with the private key? Is this any way in which this scheme would be better or worse than disseminating a symmetric key to all parties involved and using that to encrypt, while using the private key merely to sign? And of course feel free to tell me all the ways this is a stupid idea, but bear in mind that practical arguments will probably be more convincing than rehashing Alice and Bob.
哦,和欢迎实现指针,虽然可以找到谷歌的基础,如果有任何陷阱涉及,将是有用的!
Oh, and implementation pointers would be welcome, though one can find the basics on Google, if there are any "gotchas" involved that would be useful!
推荐答案
您应该使用某种数字信号方案,或其他旨在解决场景完整性问题的机制。
You should use a digital sigantures scheme of some sort, or some other mechanism that is aimed to solve the integrity problem of your scenario.
加密本身是不够的。
你怎么知道解密的messege是什么应该是什么?
解密用正确的密钥加密的cookie肯定会提供一个有效的cookie,但是当你解密用错误的密钥加密的cookie时会发生什么?或只是一些无意义的数据?好吧,你可能只是得到一个看起来有效的cookie! (时间戳在您认为有效的范围内,用户名是合法的,随机数是... uh ...一个数字等)。
The encryption itself isn't enough. How would you know that the decrypted messege is what it should be? Decrypting a cookie encrypted with the right key will surely provide a "valid" cookie, but what happens when you decrypt a cookie encrypted with the wrong key? or just some meaningless data? well, you might just get a cookie that looks valid! (the timestamps are in the range you consider valid, the username is legal, the random number is... uh... a number, etc.).
最不对称的加密算法我知道,没有内置的验证。这意味着使用错误的密钥解密消息不会失败 - 它只会给你一个错误的明文,你必须区分有效的明文。这是完整性发挥的地方,最常见的是使用数字签名。
In most asymmetric encryption algorithms I know off, there is no built-in validation. That means that decrypting a message with the wrong key will not "fail" - it will only give you a wrong plaintext, which you must distinguish from a valid plaintext. This is where integrity comes to play, most commonly - using digital signatures.
BTW,RSA长期研究并有几个陷阱,所以如果你计划实现从头开始,您最好先阅读一下如何避免创建相对容易破解的键。
BTW, RSA is long studied and has several "gotchas", so if you plan to implement it from scratch you better read ahead on how to avoid creating "relatively easy to break" keys.
这篇关于是否可以用私钥加密/用公钥解密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
