javascript中的RSA加密和Java中的解密

时间:2022-01-23 18:30:35

I have an application that has frontend as HTML, Javascript, and backend as Java, I need to use RSA to send passwords and sensitive stuff. I'm using JSEncrpt in javascript and Bouncy castle in java. I need to know how can I manage keys. If I create keys dynamically in javascript how can I send private key to my backend or vice-versa. My javascript code is visible to user storing private key in javascript is not an option.

我有一个应用程序,前端为HTML,Javascript和后端作为Java,我需要使用RSA发送密码和敏感的东西。我在javascript中使用JSEncrpt,在java中使用Bouncy castle。我需要知道如何管理密钥。如果我在javascript中动态创建密钥,我如何将私钥发送到我的后端,反之亦然。我的javascript代码是可见的,用户在javascript中存储私钥不是一个选项。

Javascript code:

Javascript代码:

var text = "Hello World";
var privkey="MIICdQIB..........";
var pubkey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvFZQtGLPQKV0h....";

var encrypt = new JSEncrypt();
encrypt.setPublicKey(pubkey);
var ciphertext = encrypt.encrypt(text);
console.log("ciphertext  : " + base64ToHex(ciphertext));

var decrypt = new JSEncrypt();
decrypt.setPrivateKey(privkey);
var plaintext = decrypt.decrypt(hexToBase64(cipher));
console.log("plaintext  : " + plaintext);

and for java code see example on : http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html

对于java代码,请参阅示例:http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html

1 个解决方案

#1


0  

and for java code see example on : http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html

对于java代码,请参阅示例:http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html

Please note this example is wrong from usability perspective. RSA itself is inteded to encrypt small piece of information (such as keys for symmetric encryption), not any longer/larger data. Have a look at hybrid cryptosystem. And when using older PKCS1.5 padding the encrypted data need to have high entropy. So - do not use RSA with data themselves, rather use hybrid cryptosystem (most of the high level libraries will do that).

从可用性的角度来看,请注意这个例子是错误的。 RSA本身打算加密小块信息(例如用于对称加密的密钥),而不是任何更长/更大的数据。看看混合密码系统。当使用较旧的PKCS1.5填充时,加密数据需要具有高熵。所以 - 不要将RSA与数据本身一起使用,而是使用混合密码系统(大多数高级库都会这样做)。

I need double encryption

我需要双重加密

It adds up complexity, but not necessary security.

它增加了复杂性,但没有必要的安全性。

You'd need encrypt data outside TLS (https) only when you intend to store or resend the data encrypted. Maybe you do, just we don't see any justification.

仅当您打算存储或重新发送加密的数据时,才需要在TLS(https)之外加密数据。也许你这样做,只是我们没有看到任何理由。

The issue is - RSA is intended ensure integrity and confidentiality of data. TLS (based on RSA or eliptic curves) as well protects against the MIM (man in the middle) attack. If you randomly generate the keys without checking possibility to validate the identity (using certificate authority), the MIM (behind TLS) is feasible.

问题是 - RSA旨在确保数据的完整性和机密性。 TLS(基于RSA或eliptic曲线)也可以防御MIM(中间人)攻击。如果您随机生成密钥而不检查验证身份的可能性(使用证书颁发机构),则MIM(在TLS之后)是可行的。

I need to know how can I manage keys. If I create keys dynamically in javascript how can I send private key to my backend or vice-versa.

我需要知道如何管理密钥。如果我在javascript中动态创建密钥,我如何将私钥发送到我的后端,反之亦然。

In asymmetric encryption (RSA) the sender needs only target's public key to encrypt data. And to have security complete, the target needs sender's public key to validate signature (if the message is signed)

在非对称加密(RSA)中,发送方只需要目标的公钥来加密数据。为了使安全性完整,目标需要发送者的公钥来验证签名(如果消息已签名)

Basically you can generate a random (symmetric) encryption key and encrypt the key with RSA. Then the client could send the IV (salt, used with symmetric encryption), RSA encrypted symmetric key, encrypted data (with the symmetric encryption key) and MAC (message authentication code - hash and signature) to other side.

基本上,您可以生成随机(对称)加密密钥并使用RSA加密密钥。然后,客户端可以将IV(盐,用于对称加密),RSA加密对称密钥,加密数据(带有对称加密密钥)和MAC(消息认证码 - 散列和签名)发送到另一侧。

#1


0  

and for java code see example on : http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html

对于java代码,请参阅示例:http://www.mysamplecode.com/2011/08/java-rsa-encrypt-string-using-bouncy.html

Please note this example is wrong from usability perspective. RSA itself is inteded to encrypt small piece of information (such as keys for symmetric encryption), not any longer/larger data. Have a look at hybrid cryptosystem. And when using older PKCS1.5 padding the encrypted data need to have high entropy. So - do not use RSA with data themselves, rather use hybrid cryptosystem (most of the high level libraries will do that).

从可用性的角度来看,请注意这个例子是错误的。 RSA本身打算加密小块信息(例如用于对称加密的密钥),而不是任何更长/更大的数据。看看混合密码系统。当使用较旧的PKCS1.5填充时,加密数据需要具有高熵。所以 - 不要将RSA与数据本身一起使用,而是使用混合密码系统(大多数高级库都会这样做)。

I need double encryption

我需要双重加密

It adds up complexity, but not necessary security.

它增加了复杂性,但没有必要的安全性。

You'd need encrypt data outside TLS (https) only when you intend to store or resend the data encrypted. Maybe you do, just we don't see any justification.

仅当您打算存储或重新发送加密的数据时,才需要在TLS(https)之外加密数据。也许你这样做,只是我们没有看到任何理由。

The issue is - RSA is intended ensure integrity and confidentiality of data. TLS (based on RSA or eliptic curves) as well protects against the MIM (man in the middle) attack. If you randomly generate the keys without checking possibility to validate the identity (using certificate authority), the MIM (behind TLS) is feasible.

问题是 - RSA旨在确保数据的完整性和机密性。 TLS(基于RSA或eliptic曲线)也可以防御MIM(中间人)攻击。如果您随机生成密钥而不检查验证身份的可能性(使用证书颁发机构),则MIM(在TLS之后)是可行的。

I need to know how can I manage keys. If I create keys dynamically in javascript how can I send private key to my backend or vice-versa.

我需要知道如何管理密钥。如果我在javascript中动态创建密钥,我如何将私钥发送到我的后端,反之亦然。

In asymmetric encryption (RSA) the sender needs only target's public key to encrypt data. And to have security complete, the target needs sender's public key to validate signature (if the message is signed)

在非对称加密(RSA)中,发送方只需要目标的公钥来加密数据。为了使安全性完整,目标需要发送者的公钥来验证签名(如果消息已签名)

Basically you can generate a random (symmetric) encryption key and encrypt the key with RSA. Then the client could send the IV (salt, used with symmetric encryption), RSA encrypted symmetric key, encrypted data (with the symmetric encryption key) and MAC (message authentication code - hash and signature) to other side.

基本上,您可以生成随机(对称)加密密钥并使用RSA加密密钥。然后,客户端可以将IV(盐,用于对称加密),RSA加密对称密钥,加密数据(带有对称加密密钥)和MAC(消息认证码 - 散列和签名)发送到另一侧。