问题
Here is my scenario:
I have file called gen.asp, when ever someone requests this file It needs to generate a encrypted-random-key and pass it back. (Gen.asp can not store the key it generated, anywhere no session, no database)
I have a different file called GenValid.asp, in this file I need to verify weather the encrypted-random-key is generated by Gen.asp or not. (validation can be if the encrypted-random-key can be decrypted then it's a valid key, if not it's not a valid key)
How can I do this? in Classic ASP.
回答1:
Let GenValid.asp have a RSA1024 Private-Public key pair. Have the public key associated with GenValid.asp at gen.asp end.
When gen.asp generates the session key, let this session key be wrapped/blob-ed by GenValid.asp's public key.
When this wrapped session key reaches GenValid.asp, it alone can unwrap the session key (using its RSA1024 Private key) for further usage of this key.
来源:https://stackoverflow.com/questions/3453908/key-management-classic-asp-encrypt-decrypt