Key Management - Classic ASP - encrypt/decrypt

2019-09-07 13:58发布

问题:

Here is my scenario:

I have file called gen.asp, when ever someone requests this file It needs to generate a encrypted-random-key and pass it back. (Gen.asp can not store the key it generated, anywhere no session, no database)

I have a different file called GenValid.asp, in this file I need to verify weather the encrypted-random-key is generated by Gen.asp or not. (validation can be if the encrypted-random-key can be decrypted then it's a valid key, if not it's not a valid key)

How can I do this? in Classic ASP.

回答1:

Let GenValid.asp have a RSA1024 Private-Public key pair. Have the public key associated with GenValid.asp at gen.asp end.

When gen.asp generates the session key, let this session key be wrapped/blob-ed by GenValid.asp's public key.

When this wrapped session key reaches GenValid.asp, it alone can unwrap the session key (using its RSA1024 Private key) for further usage of this key.