I have two windows phone applications. First app sends data to server and second app(main) reads data from server. Datas are encrypted with Rijndael. Both applications have saved encrypted key in applications settings. But I'm thinking about storing encrypted key in DB. Is is good place for saving it in DB?
问问题
269 次
1 回答
1
If you random generate your key you can't share it between two Apps, since two Apps can't access the same Storage on a Windows Phone. Meaning you would have to store the Key in an online Database, but then i don't understand why you even encript it, since the key can be accessed really easily.
If you always use the same Key you can hardcode it in your app and try to obfuscate it. Even though i don't think that really works.
If you generate your Keys based on the Phones Hardware, like it's mac adress you are rather save, but then it won't work with two different Phones.
I would generate your key based on a Username/Password that your Users choose, that way it's save and works on different Phones.
So, i would not save the Key in a DB.
If you by any chance talk about an Encryption Key only and use something like RSA that needs a different decription Key... just store both in the App, then you have less Sevr-Client traffic.
于 2013-03-30T10:27:52.857 回答