我正在开发一个需要交换一些数据的应用程序来创建加密通道,以便通过互联网进行通信。我将允许用户使用不同的方法建立密钥,但我认为使用简单的方法来交换密钥将是一个“整洁”的功能。
从我所看到的你可以设置通过蓝牙与反射连接时使用的PIN,但这对我来说似乎非常黑客和不可靠。
答案 0 :(得分:0)
安全地交换密钥非常困难。您可能希望了解它如何使用SSL ... SSL设置一个安全的加密通道,而无需用户指定任何键。下面给出了这种通信如何工作的伪代码:
Device A:
generate public, private key pair A
connect to proxy server over SSL connection
obtain connection ID from proxy server as connection ID A
send connection ID A, public key A to device B
wait for connection ID B, public key B from device B
tell proxy server to connect current session to connection ID B
encrypt session setup messages using public key B
send encrypted session setup message over proxy connection
wait for encrypted session setup message from B
decrypt encrypted session setup message using private key A
upgrade encryption mechanism to stronger, symmetric algorithm
Device B:
generate public, private key pair B
connect to proxy server over SSL connection
obtain connection ID from proxy server as connection ID B
send connection ID B, public key B to device A
wait for connection ID A, public key A from device A
tell proxy server to connect current session to connection ID A
encrypt session setup messages using public key A
send encrypted session setup message over proxy connection
wait for encrypted session setup message from A
decrypt encrypted session setup message using private key B
upgrade encryption mechanism to stronger, symmetric algorithm
然而,加密很难做到正确。我强烈建议在开放用户之前,先将安全专家审核的代码打开,然后获取安全专家审核的代码。