我正在构建我的网站,在该网站中我面临着实施加密的问题。我正在使用 Java 中的 RESTful Web 服务开发它。
我发现 GibberishAES API 用于从 javascript 进行加密。加密的消息现在进入网络服务,但我不知道如何在(java)网络服务中解密它。我知道 GibberishAES 在 java 中不可用,但是有什么迂回的方法吗?
或者,是否有任何同时支持 Java 和 Javascript 的加密 API?
我也有网站的(对称)密钥分配问题。它将有 100 个客户端(机器,在公共网络中),我不知道如何将特定机器的唯一密钥传达给它。
请在这方面帮助我。
GibberishAES implements AES encryption. AES is a symmetric cipher, that means that both parties must know a shared key. The problem of distributing the key is not trivial, and there exist well-known algorithms for doing so.
As it was mentioned in some comments, SSL already solves that problem, because it negotiates the generation of a distributed secret key, that is later used for encryption. If for any reason you cannot use SSL, you should adopt some mechanism for secure generation or transport of the secret key. For instance, you could generate a ephimeral RSA key pair in the client, send the public key to the server, and have the server return the secret (AES) key in wrapped form.