如何安全地保存和检索密钥/IV 对?
我使用 VB.Net 的 RijndaelManaged
(RM) 来加密文件,使用 RM.GenerateKey
和 RM.GenerateIV
方法生成密钥IV 并使用 CryptoStream
类加密文件。我计划将此密钥和 IV 保存到文件中,并希望确保我以正确的方式进行操作。我将 IV+Key 组合起来,并使用 RSA 公钥对其进行加密,然后将其写入文件。然后,为了解密,我使用此文件上的 RSA 私钥来获取 IV+Key,将它们分开并将 RM.Key 和 RM.IV 设置为这些值并运行解密器。
这是实现此目的的最佳方法吗?或者是否有保存 IV & 的首选方法?钥匙?
I'm using VB.Net's RijndaelManaged
(RM) to encrypt files, using the RM.GenerateKey
and RM.GenerateIV
methods to generate the Key and IV and encrypting the file using the CryptoStream
class. I'm planning on saving this Key and IV to a file and want to make sure I'm doing it the right way. I am combining the IV+Key, and encrypting that with my RSA Public key and writing it out to a file. Then, to decrypt I use the RSA Private key on this file to get the IV+Key, split them up and set RM.Key and RM.IV to these values and run the decryptor.
Is this the best method to accomplish this, or is there a preferred method for saving the IV & Key?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这就是总体思路。然而,IV 不需要保密。只有“秘密密钥”是秘密的。
您可以考虑为您的文件格式使用 S/MIME(或其底层加密消息语法)等标准。我不确定 Bouncycastle 是否已将其 S/MIME(或 PGP)库移植到 .NET,或者 .NET 是否内置了 S/MIME 支持,但可能有一个适用于您的平台的免费库。像这样广泛使用的开源库可能已经过比您自己更仔细的测试和审查,并且它们实现了由密码学专家设计的协议,因此您不必想知道您忽略了哪些陷阱。
您描述的模型类似于 S/MIME 的“KeyTransRecipientInfo”密钥交换方法。生成对称密钥来加密数据,然后使用每个预期接收者的公钥对该密钥进行加密。加密密钥和 IV(在本标准中未加密)与有关 CMS 结构中使用的算法的信息捆绑在一起。加密数据可以包含在同一个包中,也可以包含在单独的文件中。
PGP 具有本质上等效的模式。
That's the general idea. The IV does not need to be kept secret, however. Only the "secret key" is secret.
You might consider using a standard like S/MIME (or its underlying Cryptographic Message Syntax) for your file format. I'm not sure if Bouncycastle has ported their S/MIME (or PGP) libraries to .NET, or if .NET has S/MIME support built-in, but there is likely to be a free library available for your platform. A widely used open source library like this has probably been tested and scrutinized more closely than you'll be able to do yourself, and they implement protocols designed by experts in cryptography so your don't have to wonder what pitfalls you've overlooked.
The model you've described is similar to S/MIME's "KeyTransRecipientInfo" method for key exchange. A symmetric key is generated to encrypt the data, then that key is encrypted with the public key of each intended recipient. The encrypted key and the IV (which is not encrypted in this standard) are bundled with information about the algorithms used in a CMS structure. The encrypted data can be included in the same bundle, or be in an separate file.
PGP has mode that is an essentially equivalent.