使用JavaScript加密模块代替SSL / HTTPS [英] Use JavaScript encryption module instead of SSL/HTTPS

问题描述

这是否值得使用一些JS加密库来进行安全通信而不是SSL？我问这是因为我想确保我的应用程序构建在Google App Engine上，并且不允许您使用自己的域来处理SSL请求。什么是与GAE安全沟通的好方法？谢谢。

解决方案

[见下面的更正]

以自定义域名与Google应用引擎上的已验证服务器进行安全通信，但这很麻烦。正如其他一些答案指出的那样，您必须非常小心如何实施加密以防止中间人攻击。

以下是python的基本说明，但您可以修改为java。预计至少花费一两天时间来完成此类运行。

先决条件：

• 服务器的Python RSA和AES库。 pyCrypto 适用于GAE。


• A JavaScript RSA和AES库在客户端上运行。我使用了 stanford的RSA库和 crypto-js 。我不记得为什么我不使用一个库。
>





• 步骤1：离线创建一个RSA公钥和私钥对。以下是 pyCrypto 说明。




• 步骤2：保存生成的RSA public&私钥在python文件中，请确保私钥不公开。第3步：在服务器上，创建一个生成javascript文件的请求。 JavaScript文件应该只传输公钥给客户端。例如，它只会返回一个文件：

  
  
  

  var public_key =[您的公共rsa密钥] app.yaml 文件中，确保生成的javascript文件仅通过SSL提供（即设置 secure：始终）。请参阅此处的说明。




• 步骤5：在客户端上，使用ssl加载JavaScript文件。但是，不要使用自定义域，请使用appspot域。例如，将其添加到您的html文件中：

  
  
  

  < script src =https://example.appspot.com/publicKey.js >< / script>

  
  
  

  客户端现在将拥有经过身份验证的RSA公钥，防止中间人攻击。注意：浏览器通常禁止访问其他域以阻止 XSS ，但在那里是一个漏洞，它允许您加载JavaScript文件。第6步：在客户端上，生成一个随机私钥。使用 JavaScript RSA库和我们在步骤4中获得的公钥加密随机私钥。步骤7：在服务器上，使用RSA私钥解密在客户端生成的随机密钥。

p>



此时，服务器和客户端都拥有相同的私钥。更妙的是，因为原来的公钥是通过SSL传输的，所以我们可以验证服务器是否真的是我们相信的（即没有中间人）。 步骤8：现在服务器和客户端可以使用随机生成的私钥和它们各自的AES库来加密和解密他们想要的任何数据。






- 编辑：更正 -


下面的Bruno的评论是100％正确的，上述步骤是不安全的。虽然上述步骤确实可以在客户端和服务器之间建立经过验证的会话，但用户真正知道它的唯一方法是验证身份，即验证代码是否确保使用https加载公钥。中间人可以为初始html页面提供服务，修改< script src =https：// ... 代码以指向其他内容。 / p>



请改为 wwwizer.com 。


Is that worth it to use some JS encryption library to make safe communication instead of SSL? I ask this because I want to secure my application built on Google App Engine and it doesn't let you to use your own domain for SSL requests. What are good ways to communicate securely with GAE? Thanks.

解决方案

[See correction below]

It is possible to securely communicate with an authenticated server on google app engine with a custom domain, but it is a hassle. As some of the other answers indicate, you must be very careful how you implement the encryption to prevent man-in-the-middle attacks.

Here are the basic instructions for python, but you could could modify for java. Expect to spend at least a day or two getting something like this up and running.

Prerequisites:

• A python RSA and AES library for the server. pyCrypto works well on GAE.
• A javascript RSA and AES library to be run on the client. I used stanford's RSA library and crypto-js for AES. I can't remember why I didn't just use one library.

Instructions:

• Step 1: Offline, create a RSA public and private key pair. Here are pyCrypto instructions.

• Step 2: Save the generated RSA public & private keys in a python file, be sure the private key is not publicly accessible.

• Step 3: On the server, create a request that generates a javascript file. The javascript file should only transmits the public key to the client. For example, it would only return a file with this:

  var public_key="[your public rsa key here]"

• Step 4: In your app.yaml file, make sure that the generated javascript file is only served over SSL (i.e. set secure: always). See instructions here.

• Step 5: On the client, load the javascript file using ssl. However, instead of using your custom domain, use the appspot domain. For example, add this to your html file:

  <script src="https://example.appspot.com/publicKey.js"></script>

  The client will now have an authenticated RSA public key preventing man-in-the-middle attacks. Note: accessing other domains is normally prohibited by browsers to prevent XSS, but there is a loophole which allows you to load javascript files.

• Step 6: On the client, generate a random private key. Use a javascript RSA library and the public key we got in step 4 to encrypt the random private key. Send the encrypted private key to the server.

• Step 7: On the server, decrypt the random key generated on the client using the RSA private key.

  At this point, both the server and the client have the same private key. Even better, because the original public key was transmitted over SSL, we can authenticate that the server is really who we believe it is (i.e. no man-in-the-middle).

• Step 8: Now the server and client can encrypt and decrypt any data they want using the randomly generated private key and their respective AES libraries.

-- EDIT: CORRECTION --

Bruno's comment below is 100% correct, the above steps are insecure. Although the steps above do work to setup an authenticated session between client and server, the only way that the user would really know it was authenticated is if they checked the code to ensure that the public key was being loaded using https. A man-in-the-middle could serve the initial html page modify the <script src="https://... code to point to something else.

Instead, take a look at wwwizer.com.

这篇关于使用JavaScript加密模块代替SSL / HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！