Utilizzo della crittografia a chiave simmetrica per evitare di indovinare gli identificatori?

0

Sto provando a risolvere il seguente problema usando Symmetric Key Crypto ma non sono sicuro se sto pensando troppo alla soluzione.

I need to generate email addresses which contain a numeric identifier (like 12345) and a customer identifier (like foobarbaz). External parties can receive email from addresses containing these identifiers and reply to these emails. From the replies, I use these identifiers embedded in the email message to correlate back to the source that they are responding to.

The plan is to encrypt the concatenated string 12345foobarbaz using Symmetric Key Crypto and then use that string as the email address identifier. When an external user replies to the email, I check that the To: email address can be decrypted successfully before accepting the response. That user cannot (without my key) construct an email address for say, 12346foobarbaz, and send email with those identifiers, so I think it should work.

Sto usando Crypto correttamente?

PS I could use Message-Id for this but an implementation using them would require another lookup table from all Message-Ids to the identifiers above which I am trying to avoid.

    
posta proteus 16.06.2017 - 20:39
fonte

0 risposte

Leggi altre domande sui tag