如何将AES初始化向量传递给混合密码系统的客户端 [英] How to communicate AES initialization Vector to client for hybrid cryptosystem

问题描述

我需要实现客户端 - 服务器通信的安全性。我已经实施了以下混合密码系统

I need to implemented security for client-server communication. I have implemented the following hybrid cryptosystem

要加密在混合密码系统中发送给Alice的消息，Bob执行以下操作：

To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:

1. 获取Alice的公钥。


2. 为数据封装方案生成一个新的对称密钥。


3. 使用刚刚生成的对称密钥，在数据封装方案下加密消息。


4. 使用Alice的公钥加密密钥封装方案下的对称密钥。


5. 将这两个加密发送给Alice。

1. Obtains Alice's public key.
2. Generates a fresh symmetric key for the data encapsulation scheme.
3. Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.
4. Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
5. Send both of these encryptions to Alice.

为了解密这个混合密文，爱丽丝执行以下操作：

To decrypt this hybrid ciphertext, Alice does the following:

1. 使用她的私钥解密密钥封装段中包含的对称密钥。


2. 使用此对称密钥解密数据封装段中包含的消息。

我正在使用RSA用于公钥密码系统，AES用于对称密钥密码系统。每件事情都可以正常工作，但我不知道如何处理AES初始化向量。目前，我将AES密钥和初始化向量连接到公钥，并将其发送到服务器。

I am using RSA For a public-key cryptosystem, and AES for symmetric-key cryptosystem. Every thing works fine, but I am not sure how to handle AES initialization vector. Currently, I am concatenating the AES key and initialization vector encrypting it with the public key and sending that to server.

我只是想对这种方法有一些看法。

I just wanted to get some opinions about this approach. How this problem is solved by other communication protocols SSL etc.

谢谢。

推荐答案

你不加密IV。使用加密的密钥将其捆绑并发送（清除）到收件人。

You don't encrypt the IV. Bundle it with the encrypted key and send it (in the clear) to the recipient.

这样做的标准确实存在。该方案在CMS中被称为KeyTransRecipientInfo（基于S / MIME），PGP提供了类似的模式。 TLS还包括初始化向量作为密钥加密算法标识符中的参数，使用与CMS相同的ASN.1语法。一个强大的开源库可以用于许多平台。

Standards for this do exist. This scheme is called "KeyTransRecipientInfo" in CMS (upon which S/MIME is based), and PGP offers a similar mode. TLS also includes the initialization vector as a parameter in the key encryption algorithm identifier, using the same ASN.1 syntax as CMS. A robust, open-source library to perform this operation is available for many, many platforms.

至少，研究CMS规范可能有助于避免一些很多家庭酿造实施中的陷阱。请参阅§ 6.1和§ RFC 3369的6.2.1。

At the very least, studying the CMS specification might help avoid some of the many pitfalls in a home-brew implementation. See §6.1 and §6.2.1 of RFC 3369.

这篇关于如何将AES初始化向量传递给混合密码系统的客户端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！