zoukankan      html  css  js  c++  java
  • Session key

    经常在不同的场合, 如Keyladder , RSA, DRM 等等文章中看到session key,但是一直没有一个清晰的理解. 很迷惑什么时候的key可以称之为session key. 后面在一处看到关于session key的描述中, 觉得描述的非常好, 能够很好的解决我的很疑惑.

    A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. Session keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption. A session key may be derived from a hash value, using the CryptDeriveKey function (this method is called a session-key derivation scheme). Throughout each session, the key is transmitted along with each message and is encrypted with the recipient's public key. Because much of their security relies upon the brevity of their use, session keys are changed frequently. A different session key may be used for each message.

    我们知道对称加密的速度非常快,但是会有key交换的问题。 而使用非对称加密,不存在交换key的问题, 但是加密又很慢。所以一般都是结合这两种加密方式的优点进行安全传输。
    基本步骤可以描述为 :
    Bob : Confidential.bin --> AES Encrypt --> Generate HASH --> RAS public key Encrypt AESKey&HASH
    Tim : RAS private key Decrypt AESKey&HASH --> Verify AES encrypted data --> Decrypt Confidential.bin

    这个过程中AES Encrypt key就可以称之为session key. 因为这把key可以每次都换也没关系, 这次跟下次不一样也是可以的。其本质就是对称加密的key, 只是叫法不一样。

  • 相关阅读:
    Vi编辑器常用命令
    Notepad++常用命令——大大提升编码效率
    得到python某个模块的路径
    常用软件生命周期模型
    最常用的python实现
    Vi编辑器常用命令
    季羡林谈人生——意义和价值
    工业标准的品质也已成为开源世界中的范例之一
    《葵花宝典:WPF自学手册》三大网点书评集萃
    博文视点大讲堂37期 ——It's Android Time:程序员创富有道!
  • 原文地址:https://www.cnblogs.com/linuxcat/p/14508882.html
Copyright © 2011-2022 走看看