使用RSA进行密钥交换的Go语言中的AES加密通信

huangapple go评论81阅读模式
英文:

AES encrypted communication using RSA for key exchange in Go

问题

我正在尝试在基于Ruby Sinatra的Web后端和Google Go应用程序之间建立安全通信。Go应用程序包含公钥并最初打开连接。然后,它使用公钥加密随机生成的AES,并将其发送到Web后端。所有即将到来的(大型)数据将使用AES密钥进行加密。总的来说,这种方法可行吗?

Go代码如下所示:

aesRand := make([]byte, 32)
rand.Read(aesRand)
AESBlock, _ = aes.NewCipher(aesRand)

// 使用RSA加密AES密钥
data, err := rsa.EncryptPKCS1v15(rand.Reader, PubKey, aesRand)

现在的问题是,是正确地加密和发送随机字节还是应该加密和发送AESBlock?

提前感谢!

英文:

I'm trying to set up a secure communication between a Ruby Sinatra based web-backend and a Google Go application.
The Go application contains the public key and initially opens the connection. It then encrypts the random generated AES with its public key and sends it to the web-backend. All upcoming (large-size) data will be encrypted using the AES key.
Is this a usable approach in general?

The Go code looks like this

aesRand := make([]byte, 32)
rand.Read(aesRand)
AESBlock, _ = aes.NewCipher(aesRand)

// Encrypt AES key with RSA
data, err := rsa.EncryptPKCS1v15(rand.Reader, PubKey, aesRand)

Now the question is, is it right to encrypt and send the random bytes over the line or should I encrypt and send the AESBlock?

Thanks in advance!

答案1

得分: 2

你应该使用RSA加密并发送aesRand,也就是密钥。

根据你使用的加密模式,你还需要传递一个IV。

假设你打算在初始的RSA事务中将KEY和IV一起加密,那么len(KEY) + len(IV)必须小于len(PubKey)。

仔细阅读RSA模块的文档,了解每种模式的弱点。你应该使用DecryptPKCS1v15SessionKey来解密上述内容。注意关于在新协议中使用RSA-OAEP的注释。

如果你是为了学习而这样做,那么没问题。但如果这段代码是用来保护可能会因泄露而造成真实损失的信息,我建议使用TLS。TLS会在一个经过充分测试的框架中完成上述所有操作以及更多功能。

英文:

You should encrypt and send the aesRand otherwise known as the key using RSA.

You'll also need to pass an IV depending on which crypto mode you are using.

len(KEY) + len(IV) must be less than len(PubKey) assuming you are going to encrypt them both toghether in the initial RSA transaction.

Read the docs for the rsa module carefully to note the weaknesses of each mode. You should use the DecryptPKCS1v15SessionKey to decrypt the above. Note the comment about using RSA-OAEP in new protocols.

If you are doing this as a learning experience then fine, but if this is code is to protect information which will cost real money if compromised then I'd use TLS which will do all of the above and more in a well tested framework.

huangapple
  • 本文由 发表于 2014年8月23日 16:55:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/25460231.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定