http & Restfulapi encryption,如何确保获取的数据没有被篡改。

由于部署和性能如果不能采用 https, 可以使用 hybrid encryption 保证数据不被串改(不能防中间人攻击,也不能防止数据的泄漏——除非采用白名单)。
hybrid encryption:

  1. client—> send RSA 非对称的公钥给 server
  2. server 随机生成 AES 对称密钥用于加密数据,并用 client 的公钥加密 AES 对称密钥
  3. server 将 AES加密过的数据和 用非对称加密的 AES 密钥一起发送给 client.

Https:

  1. The ‘client hello’ message: The client initiates the handshake by sending a “hello” message to the server. The message will include which TLS version the client supports, the cipher suites supported, and a string of random bytes known as the “client random.”
  2. The ‘server hello’ message: In reply to the client hello message, the server sends a message containing the server’s SSL certificate, the server’s chosen cipher suite, and the “server random,” another random string of bytes that’s generated by the server.
  3. Authentication: The client verifies the server’s SSL certificate with the certificate authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.
  4. The premaster secret: The client sends one more random string of bytes, the “premaster secret.” The premaster secret is encrypted with the public key and can only be decrypted with the private key by the server. (The client gets the public key from the server’s SSL certificate.)
  5. Private key used: The server decrypts the premaster secret.
  6. Session keys created: Both client and server generate session keys from the client random, the server random, and the premaster secret. They should arrive at the same results.
  7. Client is ready: The client sends a “finished” message that is encrypted with a session key.
  8. Server is ready: The server sends a “finished” message encrypted with a session key.
  9. Secure symmetric encryption achieved: The handshake is completed, and communication continues using the session keys.

你可能感兴趣的:(c/c++,数据库)