doujiao9426 2014-08-23 08:55
浏览 321
已采纳

使用RSA进行AES密钥交换的AES加密通信

I'm trying to set up a secure communication between a Ruby Sinatra based web-backend and a Google Go application. The Go application contains the public key and initially opens the connection. It then encrypts the random generated AES with its public key and sends it to the web-backend. All upcoming (large-size) data will be encrypted using the AES key. Is this a usable approach in general?

The Go code looks like this

aesRand := make([]byte, 32)
rand.Read(aesRand)
AESBlock, _ = aes.NewCipher(aesRand)

// Encrypt AES key with RSA
data, err := rsa.EncryptPKCS1v15(rand.Reader, PubKey, aesRand)

Now the question is, is it right to encrypt and send the random bytes over the line or should I encrypt and send the AESBlock?

Thanks in advance!

  • 写回答

1条回答 默认 最新

  • dqwh0108 2014-08-23 09:19
    关注

    You should encrypt and send the aesRand otherwise known as the key using RSA.

    You'll also need to pass an IV depending on which crypto mode you are using.

    len(KEY) + len(IV) must be less than len(PubKey) assuming you are going to encrypt them both toghether in the initial RSA transaction.

    Read the docs for the rsa module carefully to note the weaknesses of each mode. You should use the DecryptPKCS1v15SessionKey to decrypt the above. Note the comment about using RSA-OAEP in new protocols.

    If you are doing this as a learning experience then fine, but if this is code is to protect information which will cost real money if compromised then I'd use TLS which will do all of the above and more in a well tested framework.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘