在Python中加密数据 - [英] Encrypting data in Python -

问题描述

我正在编写客户端 - 服务器模型（客户端是服务器上收集数据并通过REST将其发送到服务器的脚本），并希望加密发送的数据。

目前我有一个功能可以生成一个随机密钥，从一个特定的时区增加时间 - IP-HOSTNAME-YEAR-MONTH-DAY-HOUR-（ MINUTE / 2）

密钥的每个部分通过SHA256从3,000到10,000次运行，最后生成128位密钥。脚本全部需要〜0.8 - 1秒完成。

数据通过AES加密，使用128位密钥的部分键，iv。

服务器脚本侦听任何连接，验证IP地址是否列出，然后继续解密数据（使用相同的方法生成密钥，iv）

我的问题是：
- 我是否重新发明了轮？
- 是否有更好的做法来生成数据加密的动态，时间有限的密钥？

我的目标是将一个密钥限制为60- 120秒，然后丢弃它，使用多个周期生成密钥（感谢阅读Truecrypt的python方式），所以如果任何数据被捕获，它将不会轻松解密。
此外，服务器型号将具有用于加密加密的SSL证书。

我正在考虑为每个客户端脚本（RSA生成）提供静态密钥，这将用于AES加密。

感谢您的诚实答复和任何新的想法来改善这一点。

解决方案

使用最简单的SSL / TLS（无PKI）作为REST的传输保护可能是获取轮的最有效方法第一次。

除此之外，您应该澄清一些话题。例如：

1. 客户端不会被可能冒充服务器的攻击者所欺骗， em>如果是，则必须正确设置PKI，以便客户端可以使用证书对服务器进行身份验证。或者您可以使用TLS-SRP。


2. 服务器不会被可能冒充真实用户的攻击者欺骗很重要？如果是，那么您必须设置一个身份验证方案：例如HTTP摘要，SSL客户端证书，TLS-SRP等。


3. 在客户端或服务器上妥协很重要不会损害以前会话中交换的数据？如果是，则必须将密码套件限制为提供完美的前向保密（DHE）的密码。

只有在设置SSL时遇到麻烦，您应该考虑自己的协议。

I'm writing a client - server model ( client is a script on a server that gathers data and sends it via REST to the server ) and want to encrypt the data that is sent.

At the moment I have a function that generates the a random key, which adds time from a specific timezone - IP-HOSTNAME-YEAR-MONTH-DAY-HOUR-(MINUTE/2)

Each part of the key is ran from 3,000 - 10,000 times trough a SHA256 and finally the 128 bit key is generated. Script all in all takes ~0.8 - 1 second to complete.

Data is encrypted via AES , using parts of the 128 bit key for the key and iv.

The server script, listens for any connections, verifies if the IP address is listed and then proceeds to decrypt the data (using the same method to generate the key and iv )

My question is: - Am I reinventing the wheel ? - Is there a better practice to generate a dynamic, time limited key for data encryption ?

My goal was to have a key that is limited to 60-120 seconds and then discard it, use multiple cycles to generate the keys (thanks to reading the python way for Truecrypt ), so if any data is caught it wouldn't be decrypted "easily" . Also, the server model will have a SSL cert that it will use to encrypt the encrypted.

I was thinking of giving a static key for each client script (RSA generated), that would be used to for AES encryption.

Thank you on your honest answers and any new ideas to improve this.

解决方案

Using the simplest SSL/TLS (without PKI) as transport protection for REST is probably the most effective way to get the wheel right the first time.

Beside that, you should clarify a few topics. For instance:

1. Is it important that the client does not get deceived by an attacker which may be impersonating the server? If it is, then you have to properly setup PKI so that the client can authenticate the server with a certificate. Alternatively you can use TLS-SRP.
2. Is it important that the server does not get deceived by an attacker which may be impersonating a real user? If it is, then you have to setup an authentication scheme: for instance HTTP Digest, SSL client certificates, TLS-SRP, etc.
3. Is it important that a compromise at the client or server does not jeopardize data exchanged in previous sessions? If it is, then you have to restrict the cipher suite to cipher that offer perfect forward secrecy (DHE).

Only if you have troubles in setting up SSL you should consider rolling up your own protocol.

这篇关于在Python中加密数据 - 的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！