dreamer2014520 2018-08-20 08:57 采纳率: 0%
浏览 133
已采纳

基于cookie的会话管理中的身份验证和加密密钥

My query comes from trying to use session store for eg. RedisStore in Golang where the store takes a vararg as last argument which as per document are pairs of authentication and encryption keys.

Most of the examples I see just use a single argument here (for eg. "secret", "mysecret" etc.) and I couldn't get any information about what is achieved by sending multiple pairs of authentication and encryption keys.

Could someone please explain more or direct me to some information about the purpose of the authentication and encryption keys in session management using cookies.

  • 写回答

1条回答 默认 最新

  • du958642589 2018-08-20 10:27
    关注

    From the docs:

    Keys are defined in pairs to allow key rotation, but the common case is to set a single authentication key and optionally an encryption key.

    The first pair is used for authentication, encryption and decryption, all other pairs are only used for authentication and decryption (but not encryption).

    This is a very common strategy for key rotation. A new key pair is generated regularly and becomes the new key for encryption. Some or all other keys are kept around so that existing data can still be decrypted for some time. The oldest key can be discarded eventually. This limits the impact of a disclosed key because it becomes useless after some time.

    Other software that uses this method:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler