AES加密和密钥存储? [英] AES Encryption and key storage?
问题描述
该系统使用Rijndael加密来存储加密在服务器硬盘上的文件,以及一个HttpHandler来解密并将这些文件发送给客户端。
作为一个我的第一个项目与ASP.net和数据库,不了解很多关于整个事情的工作原理(以及落在由Jeff Atwood在此主题中描述的相同的陷阱),我决定将新生成的密钥和IV与每个文件条目一起存储在数据库中。
为了使事情变得更清楚,加密只是为了保护文件不受直接访问服务器的影响,密钥不是由用户输入的密码生成的。
我的问题是,假设我不想为所有文件保留一个密钥,应该如何 存储加密密钥以获得最佳的安全性?什么是最佳实践? (即:在不同的服务器上,在纯文本文件上加密)。
此外,这种类型的加密算法中使用的初始化向量是什么?应该在系统中不变吗?
密钥应该保护并保密,简单。实施不是。密钥管理系统由受信任的供应商出售大量资金,因为解决问题是硬。
您当然不想使用每个用户的密钥相同,使用的密钥越多,它会更容易地破坏它,或至少有一些信息泄漏。 AES是块密码,它将数据分割成块,并将最后一个块加密的结果馈送到下一个块。初始化向量是算法的初始馈入,因为在起始点没有什么可以开始的。使用具有相同密钥的随机IV可降低信息泄露的风险 - 加密的每一个数据片应该是不同的。
如何存储密钥取决于您的系统架构。我刚刚完成了一个KMS,其中的密钥远离主系统,加密和解密的功能通过WCF公开。您以纯文本形式发送一个密钥和加密文本的引用 - 这样KMS负责系统中的所有加密。在你的情况下这可能是过度的。如果用户在您的系统中输入密码,则可以使用该密码来生成密钥对。然后,这个密钥对可以用于加密该用户的密钥存储 - XML,SQL,无论什么,并用于解密用于保护数据的每个密钥。
没有了解更多关于您的系统配置,或者目的是很难推荐除密钥必须被保护,钥匙和IV不能重复使用的任何东西。
A few years ago, when first being introduced to ASP.net and the .NET Framework, I built a very simple online file storage system. This system used Rijndael encryption for storing the files encrypted on the server's hard drive, and an HttpHandler to decrypt and send those files to the client.
Being one of my first project with ASP.net and databases, not understanding much about how the whole thing works (as well as falling to the same trap described by Jeff Atwood on this subject), I decided to store freshly generated keys and IVs together with each file entry in the database.
To make things a bit clearer, encryption was only to protect files from direct access to the server, and keys were not generated by user-entered passwords.
My question is, assuming I don't want to keep one key for all files, how should I store encryption keys for best security? What is considered best practice? (i.e: On a different server, on a plain-text file, encrypted).
Also, what is the initialization vector used for in this type of encryption algorithm? Should it be constant in a system?
Keys should be protected and kept secret, simple as that. The implementation is not. Key Management Systems get sold for large amounts of money by trusted vendors because solving the problem is hard.
You certainly don't want to use the same key for each user, the more a key is used the "easier" it comes to break it, or at least have some information leaks. AES is a block cipher, it splits the data into blocks and feeds the results of the last block encryption into the next block. An initialization vector is the initial feed into the algorithm, because at the starting point there is nothing to start with. Using random IVs with the same key lowers the risk of information leaks - it should be different for every single piece of data encrypted.
How you store the keys depends on how your system is architected. I've just finished a KMS where the keys are kept away from the main system and functions to encrypt and decrypt are exposed via WCF. You send in plain text and get a reference to a key and the ciphered text back - that way the KMS is responsible for all cryptography in the system. This may be overkill in your case. If the user enters a password into your system then you could use that to generate a key pair. This keypair could then be used to encrypt a key store for that user - XML, SQL, whatever, and used to decrypt each key which is used to protect data.
Without knowing more about how your system is configured, or it's purpose it's hard to recommend anything other than "Keys must be protected, keys and IVs must not be reused."
这篇关于AES加密和密钥存储?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
