把密码或密码用于加密的最佳位置? [英] Best place to put key or password used for encryption?
问题描述
我正在制作激活服务器,客户端必须向发送加密许可证文件的激活服务器发送信息。但是,为了解密该文件,客户端需要密钥或密码。
将密钥或密码用于加密的最佳位置是什么?或者更好的是传递密钥或密码的最佳方式是什么?
谢谢!
客户端应用程序具有将连接到的服务器地址,发送任何需要的信息(我认为您正在发送客户端的配置文件)。它还可以提前知道配置文件中的服务器的公钥。
服务器使用其私钥对配置文件的哈希进行签名(其中包括公钥,它可以验证,因为它被发送到服务器)。这个签名的数字哈希值被发送回客户端。
在启动时,哈希验证有两种方式:
<
我现在没有任何VB.Net代码,但所有的C#代码都可以在C#3.0中找到一个Nutshell的例子。
I am making an activation server and the client will have to send infos to the activation server which send back the encrypted license file. However, in order to decrypt that file.. the client need the key or password.
What would be the best place to to put key or password used for encryption ? or else even better what would be the best way to transfer that key or password ?
Thanks!
The client application has a server address which it will connect to, sending whatever information is needed (I assume here you are sending the client's config file). It can also know in advance the public key of the server in the config file.
The server uses its private key to sign a hash of the configuration file (which includes its public key that it can verify since it's being sent to the server). This signed digital hash is sent back to the client.
At startup, the hash is verified in two ways:
- That the signature is correct.
- That the hash corresponds to the config file.
I don't have any VB.Net code available now, but all the C# code can be found in C#3.0 in a Nutshell examples online.
Example code in C# Available under section The RSA class and followings
这篇关于把密码或密码用于加密的最佳位置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
