如何加密用户数据,只有他们可以解密? [英] How could you encrypt user data so only they can decrypt it?
问题描述
我正在考虑创建一个Web应用程序,让人们输入文本(使用SSL连接),并在保存到数据库之前对其进行加密。目标是让用户只能对其进行解密。
I was thinking about creating a Web app that would let people enter text (using SSL connection) and it would be encrypted before saving to the DB. The goal would be to have it so that only users could decrypt it.
您可以让用户输入密钥及其数据,并在需要时输入密钥查看数据,而不存储密钥。
You could have the users enter the key along with their data, and enter it again when they want to see the data, and not store the key. That would be kind of painful for the user, though.
但是,如果你将密钥存储在服务器上,你可以访问它,并可能解密他们的数据。
However, if you stored the key on the server you'd have access to it and could potentially decrypt their data.
我不认为这可能没有让用户每次输入密钥或存储密钥,但有一些方法,我不在想?像可能从信息生成密钥只有用户知道吗?
I don't think it's possible to do it without either having the user enter the key every time or storing the key, but is there some way that I'm not thinking of? Like maybe generating a key from information only the user knows? Something involving cookies?
推荐答案
从信息安全角度来看,这只有在用户计算机上完成加密/解密时才有意义,而不是你的服务器(因为不能保证你不存储密钥和/或明文)。 JavaScript是没有问题的,所以你需要一个客户端应用程序*。
From an information security perspective, this only makes sense if the encryption/decryption is done on the user's computer, and not your server (since there's no guarantee that you're not storing the key and/or the plaintext). JavaScript is out of the question, so you need a client application*.
此外,公钥密码术是计算昂贵的。如果您有很多用户并决定在服务器上进行加密/解密,您可能需要记住这一点。
Also, public-key cryptography is computationally expensive. You might want to keep that in mind if you have a lot of users and decide to do encryption/decryption on the server.
*或Java小程序,但是这样90年代。 Silverlight或Flash也可能工作。
* or a Java applet, but that's so 90's. Silverlight or Flash could potentially work, too.
这篇关于如何加密用户数据,只有他们可以解密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
