zoukankan      html  css  js  c++  java
  • Session key

    经常在不同的场合, 如Keyladder , RSA, DRM 等等文章中看到session key,但是一直没有一个清晰的理解. 很迷惑什么时候的key可以称之为session key. 后面在一处看到关于session key的描述中, 觉得描述的非常好, 能够很好的解决我的很疑惑.

    A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. Session keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption. A session key may be derived from a hash value, using the CryptDeriveKey function (this method is called a session-key derivation scheme). Throughout each session, the key is transmitted along with each message and is encrypted with the recipient's public key. Because much of their security relies upon the brevity of their use, session keys are changed frequently. A different session key may be used for each message.

    我们知道对称加密的速度非常快,但是会有key交换的问题。 而使用非对称加密,不存在交换key的问题, 但是加密又很慢。所以一般都是结合这两种加密方式的优点进行安全传输。
    基本步骤可以描述为 :
    Bob : Confidential.bin --> AES Encrypt --> Generate HASH --> RAS public key Encrypt AESKey&HASH
    Tim : RAS private key Decrypt AESKey&HASH --> Verify AES encrypted data --> Decrypt Confidential.bin

    这个过程中AES Encrypt key就可以称之为session key. 因为这把key可以每次都换也没关系, 这次跟下次不一样也是可以的。其本质就是对称加密的key, 只是叫法不一样。

  • 相关阅读:
    poj 3122 (二分查找)
    poj 1064 (二分+控制精度) && hdu 1551
    hdu 2199 (二分)
    hdu 2141 (二分)
    poj 2954 Triangle(Pick定理)
    poj 1265 Area (Pick定理+求面积)
    hdu 4946 Just a Joke(数学+物理)
    zoj 1199 几何公式推导
    MMORGP大型游戏设计与开发(客户端架构 part13 of vegine)
    MMORPG大型游戏设计与开发(客户端架构 part12 of vegine)
  • 原文地址:https://www.cnblogs.com/linuxcat/p/14508882.html
Copyright © 2011-2022 走看看