doujiao9426 2014-08-23 08:55
浏览 321
已采纳

使用RSA进行AES密钥交换的AES加密通信

I'm trying to set up a secure communication between a Ruby Sinatra based web-backend and a Google Go application. The Go application contains the public key and initially opens the connection. It then encrypts the random generated AES with its public key and sends it to the web-backend. All upcoming (large-size) data will be encrypted using the AES key. Is this a usable approach in general?

The Go code looks like this

aesRand := make([]byte, 32)
rand.Read(aesRand)
AESBlock, _ = aes.NewCipher(aesRand)

// Encrypt AES key with RSA
data, err := rsa.EncryptPKCS1v15(rand.Reader, PubKey, aesRand)

Now the question is, is it right to encrypt and send the random bytes over the line or should I encrypt and send the AESBlock?

Thanks in advance!

  • 写回答

1条回答 默认 最新

  • dqwh0108 2014-08-23 09:19
    关注

    You should encrypt and send the aesRand otherwise known as the key using RSA.

    You'll also need to pass an IV depending on which crypto mode you are using.

    len(KEY) + len(IV) must be less than len(PubKey) assuming you are going to encrypt them both toghether in the initial RSA transaction.

    Read the docs for the rsa module carefully to note the weaknesses of each mode. You should use the DecryptPKCS1v15SessionKey to decrypt the above. Note the comment about using RSA-OAEP in new protocols.

    If you are doing this as a learning experience then fine, but if this is code is to protect information which will cost real money if compromised then I'd use TLS which will do all of the above and more in a well tested framework.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 fluent的在模拟压强时使用希望得到一些建议
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services
  • ¥15 关于#c语言#的问题:我现在在做一个墨水屏设计,2.9英寸的小屏怎么换4.2英寸大屏
  • ¥15 模糊pid与pid仿真结果几乎一样
  • ¥15 java的GUI的运用
  • ¥15 Web.config连不上数据库
  • ¥15 我想付费需要AKM公司DSP开发资料及相关开发。
  • ¥15 怎么配置广告联盟瀑布流
  • ¥15 Rstudio 保存代码闪退