使用java中的共享密钥加密/解密? [英] Encryption/decryption using shared key in java?
问题描述
,并在app2处使用在app1和app2共享的密钥进行解密。我没有得到如何开始这个?如果有人可以使用共享密钥指出一些示例代码或一些tutotrial,那么对网络来说太多加密/解密的东西(如对称密钥,公私钥)真的让我感到困惑,这将是非常有帮助的。另一个限制是我有很短的时间来详细说明。感谢提前。
编辑: - 我正在寻找简单的程序,如在 http://sanjaal.com/java/186/java-encryption/tutorial-java-des加密和解密/ 但是使用AES?不能在使用共享密钥的AES中找到这样的例子?
我会建议:
将您的每个应用程序分配给公共/私人密钥对,并将密码安全地保护的密钥存储在密钥中。确保这是非常安全的。不用说公开证书(包含公开密钥)也将公开。
每个应用都将具有所有其他应用的公钥证书。现在有一个应用程序想要与其他应用程序通信;
首先使用发送应用程序的私钥对令牌进行加密(基本上是加密)。
然后使用要发送数据的应用程序的公钥对结果值进行加密。
这样,接收这个值的应用程序可以放心,中间的任何人都不能弄清你发送的内容,还要验证令牌来自可信实体。
但是如果使用共享密钥(对称密钥),那么如果对称密钥被泄密,那么所有的应用都将被泄露。
I have customer token which i am sending from one webapplication say app1 to another webapplication say app2. I want to encrypt the customer token at app1 and decrypt it at app2 using key which is shared at both app1 and app2. i am not getting how to start with this? It would be very helpful if somebody can point me some sample code or some tutotrial using shared key as there are too much encryption/decryption stuff(like symmetric key, public-private key) on net which has really confused me. Another limitation is that i have really short time for this to go in details. Thanks in advance.
EDIT:- I am looking for simple programme something like given at http://sanjaal.com/java/186/java-encryption/tutorial-java-des-encryption-and-decryption/ but using AES? Not able to find this kind of example in AES using shared key?
I would suggest this :
Have each app of yours assigned a public/private keypair and store the private key securely protected with a password in a secret key. Make sure that this is very secure. Needless to say the public certificate(which contains the public key as well) will be public.
Each app will have the public key certificates of all the other app. Now when ever an app wants to communicate with other app ;
First sign(basically encrypting) the token with the sending app's private key.
Then encrypt the resulting value with the public key of the app you want to send the data to.
This way the app that receives this value can be assured that no man in the middle will be able to make out what you have sent and also verify that the token has come from a trusted entity.
But if you use a shared key(symmetric key), then if the symmetric key is compromised, then all the apps will be compromised.
这篇关于使用java中的共享密钥加密/解密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
