Android 使用 NFC 临时配对设备
Android Use NFC To Temporary Pair Devices
我正在开发一个应用程序,该应用程序需要交换一些数据以创建用于通过 Internet 进行通信的加密通道。我将允许用户使用不同的方法建立密钥,但我认为如果有一种简单的方法来交换密钥将是一个 "neat" 功能。
据我所知,您可以设置 PIN 以在通过反射蓝牙连接时使用,但这对我来说似乎非常 hacky 和不可靠。
安全地交换密钥非常困难。您可能想看看它是如何与 SSL 一起运行的……SSL 建立了一个安全的加密通道,而无需用户指定任何密钥。下面给出了这种通信如何工作的伪代码:
Device A:
generate public, private key pair A
connect to proxy server over SSL connection
obtain connection ID from proxy server as connection ID A
send connection ID A, public key A to device B
wait for connection ID B, public key B from device B
tell proxy server to connect current session to connection ID B
encrypt session setup messages using public key B
send encrypted session setup message over proxy connection
wait for encrypted session setup message from B
decrypt encrypted session setup message using private key A
upgrade encryption mechanism to stronger, symmetric algorithm
Device B:
generate public, private key pair B
connect to proxy server over SSL connection
obtain connection ID from proxy server as connection ID B
send connection ID B, public key B to device A
wait for connection ID A, public key A from device A
tell proxy server to connect current session to connection ID A
encrypt session setup messages using public key A
send encrypted session setup message over proxy connection
wait for encrypted session setup message from A
decrypt encrypted session setup message using private key B
upgrade encryption mechanism to stronger, symmetric algorithm
但是,加密很难做到正确。我强烈建议将执行此操作的部分开源并让安全专家审查代码,然后再向用户发布。
我正在开发一个应用程序,该应用程序需要交换一些数据以创建用于通过 Internet 进行通信的加密通道。我将允许用户使用不同的方法建立密钥,但我认为如果有一种简单的方法来交换密钥将是一个 "neat" 功能。
据我所知,您可以设置 PIN 以在通过反射蓝牙连接时使用,但这对我来说似乎非常 hacky 和不可靠。
安全地交换密钥非常困难。您可能想看看它是如何与 SSL 一起运行的……SSL 建立了一个安全的加密通道,而无需用户指定任何密钥。下面给出了这种通信如何工作的伪代码:
Device A:
generate public, private key pair A
connect to proxy server over SSL connection
obtain connection ID from proxy server as connection ID A
send connection ID A, public key A to device B
wait for connection ID B, public key B from device B
tell proxy server to connect current session to connection ID B
encrypt session setup messages using public key B
send encrypted session setup message over proxy connection
wait for encrypted session setup message from B
decrypt encrypted session setup message using private key A
upgrade encryption mechanism to stronger, symmetric algorithm
Device B:
generate public, private key pair B
connect to proxy server over SSL connection
obtain connection ID from proxy server as connection ID B
send connection ID B, public key B to device A
wait for connection ID A, public key A from device A
tell proxy server to connect current session to connection ID A
encrypt session setup messages using public key A
send encrypted session setup message over proxy connection
wait for encrypted session setup message from A
decrypt encrypted session setup message using private key B
upgrade encryption mechanism to stronger, symmetric algorithm
但是,加密很难做到正确。我强烈建议将执行此操作的部分开源并让安全专家审查代码,然后再向用户发布。