将私钥传递到一个网站到另一个网站的最佳方法是什么。网站A将具有带有加密URL的链接。单击链接后,它将转到网站B,该网站的加密文本需要解密。通过RSA加密。 我可以看到两种方法可以在这里。 创建一次性私钥并与解密域共享。在这里,无需每次请求都传递密钥。 另一个是每个请求都有两个create key。在这种情况下,如何将密钥安全地传递到其他域。 关于安全性,哪种方法是最好的或我应该做的其他事情。 或其他最佳解决方案。
wujianlin1984 回答:在两个网络域上传输私钥的最佳解决方案
您可以使用公共密钥加密技术将数据(在您的情况下为私钥)从一侧安全地发送到另一侧。双方都可以访问公钥,而只有一侧可以访问私钥。使用公钥加密数据时,使用私钥解密数据。可以通过这种方式加密的数据大小是有限的(通常只有128-256字节)。因此,通常该技术用于加密/解密另一个加密/解密实际数据的加密密钥(AES ...)。
class Program
{
static void Main(string[] args)
{
// your data you want to securely send from B to A without revealing the content
byte[] data = new byte[] { 1,2,3,4,5,6 };
// side A
System.Security.Cryptography.RSACryptoServiceProvider full_rsa = new System.Security.Cryptography.RSACryptoServiceProvider(1024);
byte[] publickey = full_rsa.ExportCspBlob(false);
// send the public key to B
// send(publickey)...
// side B
//send encrypted data back to side A
byte[] encrypteddata = EncryptData(publickey,data);
// side A
// decrypt the data encryped by side B
byte[] decrypteddata = DecryptData(full_rsa,encrypteddata);
// decrypteddata = 1,6
}
public static byte[] DecryptData(System.Security.Cryptography.RSACryptoServiceProvider full_rsa,byte[] data)
{
System.IO.BinaryReader br = new System.IO.BinaryReader(new System.IO.MemoryStream(data));
int encryptedkeylength = br.ReadInt32();
int aeskeylength = br.ReadInt32();
int aesivlength = br.ReadInt32();
byte[] encryptedaeskey = br.ReadBytes(encryptedkeylength);
byte[] encrypteddata = br.ReadBytes( (int)(data.Length - br.BaseStream.Position));
br.Close();
byte[] decryptedkey = full_rsa.Decrypt(encryptedaeskey,false);
br = new System.IO.BinaryReader(new System.IO.MemoryStream(decryptedkey));
using (System.Security.Cryptography.Aes myAes = System.Security.Cryptography.Aes.Create())
{
byte[] aeskey = br.ReadBytes(aeskeylength);
byte[] aesiv = br.ReadBytes(aesivlength);
System.Security.Cryptography.ICryptoTransform decryptor = myAes.CreateDecryptor(aeskey,aesiv);
using (System.IO.MemoryStream msDecrypt = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream csEncrypt = new System.Security.Cryptography.CryptoStream(msDecrypt,decryptor,System.Security.Cryptography.CryptoStreamMode.Write))
{
using (System.IO.BinaryWriter bw = new System.IO.BinaryWriter(csEncrypt))
{
bw.Write(encrypteddata);
}
return msDecrypt.ToArray();
}
}
}
}
public static byte[] EncryptData(byte[] publickey,byte[] data)
{
using (System.Security.Cryptography.Aes myAes = System.Security.Cryptography.Aes.Create())
{
System.Security.Cryptography.ICryptoTransform encryptor = myAes.CreateEncryptor(myAes.Key,myAes.IV);
using (System.IO.MemoryStream msEncrypt = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream csEncrypt = new System.Security.Cryptography.CryptoStream(msEncrypt,encryptor,System.Security.Cryptography.CryptoStreamMode.Write))
{
System.IO.MemoryStream headerms = new System.IO.MemoryStream();
System.IO.BinaryWriter headerbw = new System.IO.BinaryWriter(headerms);
using (System.IO.BinaryWriter bw = new System.IO.BinaryWriter(csEncrypt))
{
System.Security.Cryptography.RSACryptoServiceProvider public_key = new System.Security.Cryptography.RSACryptoServiceProvider(1024);
public_key.ImportCspBlob(publickey);
byte[] encryptedkey = public_key.Encrypt(Combine(myAes.Key,myAes.IV),false);
headerbw.Write(encryptedkey.Length);
headerbw.Write(myAes.Key.Length);
headerbw.Write(myAes.IV.Length);
headerbw.Write(encryptedkey);
headerbw.Flush();
bw.Write(data);
}
byte[] result = Combine(headerms.ToArray(),msEncrypt.ToArray());
headerbw.Close();
return result;
}
}
}
}
static byte[] Combine(byte[] first,byte[] second)
{
byte[] ret = new byte[first.Length + second.Length];
Buffer.BlockCopy(first,ret,first.Length);
Buffer.BlockCopy(second,first.Length,second.Length);
return ret;
}
}