问题描述
亲爱的朋友:
我有一个wpf应用程序,我想将数据存储在SQL文件中. SQL文件包含一些敏感内容,为了保护其内容,我决定使用Rijndael算法对它们进行加密(因为在我阅读此算法时,它是最佳的(快速且安全)).该算法需要KEY和IV,并且您知道拥有这两个参数的每个人都可以解密我们的数据.因此,问题是:
1.如何保护KEY和IV?我应该在哪里存储Key和IV?如果我要将密钥和IV存储在SQL文件中,则每个人都可以获取它们并解密我的数据.如果要在软件中对其进行硬编码,我会犯一个严重的错误.
2.我读到我们可以结合使用对称(Rijndaehl)和非对称(RSA)算法(似乎它的功能在Web应用程序中.对吗?).但是,我不知道如何实现它(任何解决方案都适用).
3.现在,考虑我使用对称对称算法.但是,问题尚未解决.因为当我使用不对称算法来保护对称算法的密钥和IV时,我应该将公共密钥和私有密钥保存在某个位置(例如,在sql文件或代码中).并且问题将再次出现.任何人都可以使用此保存的私钥并解密密钥和Iv,最后找到sql内容.那我该怎么办?
Your.
Dear Friends:
I have a wpf application and I want to store my data in a SQL file. The SQL file has some sensitive content and in order to protect its content I have decided to enctypt them by Rijndael algorithm (because as I read this algorithm is the optimum one (fast and secure)). The algorithm needs KEY and IV and as you know everybody that has these two parameters can decrypt our data. So, the questions are:
1. How could I protect the KEY and IV? Where should I store Key and IV? If I want to store key and IV in SQL file, everybody can get them and decrypt my data. If I want to hard-code it in the software I will make a bad mistake.
2. I read that we can use combination of symetric (Rijndaehl) and asymetric(RSA) algorithm (and it seems that its function is in the web applications. Am I right?). However, I don''t have any idea how to implement it (any solution will be appriciated).
3. Now, consider that I use combination of symetric asymmertic algorithms. But, the problem has not finnished yet. because when I use asymetric algorithm to protect the key and IV of symetric algorithm, I should save public and private key in a location (forexample in sql file or in code). and the problem will be arised again. Anyone can use this saved private key and decrypt the key and Iv and at last find sql content. So, what should I do?
Your.
推荐答案
这篇关于WPF应用中Rijndael算法中的保护密钥和IV的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!