RSA加密AES密钥的强度 [英] Strength of RSA Encrypting an AES Key
问题描述
我目前正在开发一个系统,在客户端和服务器之间传输数据,我想知道我计划使用的加密的强度是什么。
I'm currently developing a system to transmit data between client and server, and was wondering what the strength of the encryption I planned to use was.
我的想法是要有一个私有/公共RSA密钥对,并将公钥交给每个客户端(将私钥留在服务器上)。每个客户端然后将生成自己的AES密钥和RSA加密它。然后,他们将AES加密其数据,并将加密的数据和加密的AES密钥发送到服务器。然后服务器将使用私钥解密AES密钥,然后使用AES密钥解密数据。
My thought was to have a private/public RSA key pair and hand out the public key to each client (leaving the private key solely on the server). Each client would then generate their own AES key and RSA encrypt it. They would then AES encrypt their data and send the encrypted data and encrypted AES key to the server. The server would then decrypt the AES key using the private key, and then decrypt the data using the AES key.
我缺少任何安全漏洞和/或有更好的方法吗?
Are there any security flaws I am missing and/or is there a better way to do this?
推荐答案
这几乎是怎样 SSL / TLS 工作原理(请查看握手部分)。唯一使它更强的是为每个连接生成AES密钥,而不是每次使用相同的密钥。您可能还需要对来回发送的邮件进行数字签名,以避免中间人和其他欺骗攻击。
This is almost exactly how SSL/TLS works (check out the handshake section). The only thing to make it stronger is to generate the AES key for each connection, rather than using the same key each time. You might also want to digitally sign messages that go back and forth to avoid man-in-the-middle and other spoofing attacks.
一般来说,创建好的密码系统是非常困难。如果可能,您应该总是倾向于现有的(受信任的)应用程序来帮助。在这种情况下,您可以考虑使用HTTPS发送邮件,而不是创建自己的系统。
Generally speaking, creating a good cryptosystem is very difficult. When possible, you should always favor an existing (trusted) application to help out. In this case, you might consider sending your messages using HTTPS, rather than creating your own system.
这篇关于RSA加密AES密钥的强度的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
