在哪里存储私钥?
我正在构建一个我想拥有E2EE的应用程序。我的斗争是用私钥。我读过的大多数内容他们都说您不将其存储在AWS服务器中,因为它将不再是E2EE,并且是后门。我不想创建后门,我只希望用户只保留密钥。但是,与此同时,如果用户从另一个设备登录,他们将无法检索其数据,因为原始设备上的私钥。
因此,哪些方法可以让用户能够从另一个设备登录而不会遇到麻烦地检索数据而不将其私有钥匙带来风险!
请考虑我是这个主题的新手,我正在使用苹果的Cryptokit :) 谢谢!
I'm building an app that I want to have E2EE. My struggle is with the private keys. Most of what I read they say you don't store it in AWS servers because it will not be an E2EE anymore and it's a backdoor. I don't want to create a backdoor, I want the user ONLY to hold the key. However, at the same time if the user logged in from another device, they cannot retrieve their data coz the private key on the original device.
So what are some ways to let the user be able to login from another device without having a trouble retrieving the data and not putting their private key on risk!
Please consider that I'm new to this subject and I'm using cryptoKit from Apple :)
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用用户的ID和密码哈希(例如)加密私钥,并将其加密版本存储在服务器上。
时,当用户从另一个设备登录,可以在本地检索并使用该键在本地检索并使用该键进行解密用户的ID和密码。
因此,如果没有用户的凭据,就不可能解密和使用加密密钥。但是,这也意味着,如果用户更改密码,则需要将加密密钥与旧密码解密并重新加密新密码。
这是您需求的通常方法。
You can use the user’s id and password hash (for example) to encrypt the private key and store the encrypted version of it on the server.
Now when the user logs in from another device, the encrypted key can be retrieved and decrypted locally using the user's id and password.
Thus, it won’t be possible to decrypt and use the encrypted key without the user’s credentials. However, this also means that if the user changes their password, the encrypted key also needs to be decrypted with the old and re-encrypted with the new password.
That’s the usual approach for your requirement.