PKI基础概念(一)
介绍一下PKI以及加密解密、SSL、数字认证等一些基本概念。
一、PKI:首先看看国际上两大著名证书颁发机构对PKI的定义。
1. Entrust
The comprehensive system required to provide public-key encryption and digital signature services is known as a public-key infrastructure.
The purpose of a public-key infrastructure is to manage keys and certificates. By managing keys and certificates through a PKI, an organization establishes and maintains a trustworthy networking environment. A PKI enables the use of encryption and digital signature services across a wide variety of applications.
2. VeriSign
Public Key Infrastructure is the network security architecture of an organization. It includes software, encryption technologies, and services the enable secure transactions on the Internet, intranets, and extranets.
其他一些国外网站的定义:
Public Key Infrastructure (PKI) is a combination of software, encryptiontechnologies, and services that enables an enterprise to protect the security of its communications and business transactions on networks.
A Public Key Infrastructure (PKI) is a system/method providing a solution for securing eCommerce and network access services. It is comprised of protocols, services and standards, which support various applications for a public key infrastructure.
PKI is the acronym for Public Key Infrastructure. The technology is called Public Key because, unlike earlier forms of cryptography, it works with a pair of keys(Not only one key). One of the two keys can be used to encrypt information that can only be decrypted with the other key. One key is made public and the other is kept secret. The secret key is usually called the private key. Since anyone can obtain the public key, users can initiate secure communications without having to previously share a secret through some other medium with their correspondent. The Infrastructure is the underlying system needed to issue keys and certificates and to publish the public information.
国内的翻译定义:
PKI(Public Key Infrastructure)公钥基础设施是提供公钥加密和数字签名服务的系统或平台,目的是为了管理密钥和证书。
PKI(Public Key Infrastructure )即"公开密钥体系",是一种遵循既定标准的密钥管理平台,它能够为所有网络应用提供加密和数字签名等密码服务及所必需的密钥和证书管理体系,简单来说,PKI就是利用公钥理论和技术建立的提供安全服务的基础设施。PKI技术是信息安全技术的核心,也是电子商务的关键和基础技术。
PKI(Public Key Infrastructure )是一种遵循标准的利用公钥加密技术为电子商务的开展提供一套安全基础平台的技术和规范。它能够为所有网络应用提供加密和数字签名等密码服务及所必需的密钥和证书管理体系,简单来说,PKI就是利用公钥理论和技术建立的提供安全服务的基础设施。用户可利用PKI平台提供的服务进行安全的电子交易,通信和互联网上的各种活动。
二、SSL
还是先看一下国际的标准:
1. VeriSign
The Secure Sockets Layer protects data transferred over http using encryption enabled by a server’s SSL Certificate. An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When a browser points to a secured domain, an SSL handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that guarantees message privacy and message integrity
Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works.
1.A browser requests a secure page (usually https://).
2.The web server sends its public key with its certificate.
3.The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4.The browser then uses the public key, to encrypt a random symmetric(对称) encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5.The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6.The web server sends back the requested html document and http data encrypted with the symmetric key.
7.The browser decrypts the http data and html document using the symmetric key and displays the information.
国内的一些定义:
SSL(Secure Sockets Layer)是由Netscape公司开发的一套Internet数据安全协议,当前版本为3.0。它已被广泛地用于Web浏览器与服务器之间的身份认证和加密数据传输。SSL协议位于TCP/IP协议与各种应用层协议之间,为数据通讯提供安全支持。SSL协议可分为两层: SSL记录协议(SSL Record Protocol):它建立在可靠的传输协议(如TCP)之上,为高层协议提供数据封装、压缩、加密等基本功能的支持。 SSL握手协议(SSL Handshake Protocol):它建立在SSL记录协议之上,用于在实际的数据传输开始前,通讯双方进行身份认证、协商加密算法、交换加密密钥等。
SSL 的英文全称是 “Secure Sockets Layer” ,中文名为 “ 安全套接层协议层 ” ,它是网景( Netscape )公司提出的基于 WEB 应用的安全协议。 SSL 协议指定了一种在应用程序协议(如 HTTP 、 Telenet 、 NMTP 和 FTP 等)和 TCP/IP 协议之间提供数据安全性分层的机制,它为 TCP/IP 连接提供数据加密、服务器认证、消息完整性以及可选的客户机认证。
需要澄清的一些容易混淆的内容:
1 SSL(Secure Socket Layer)是netscape公司设计的主要用于web的安全传输协议。这种协议在WEB上获得了广泛的应用。
2 IETF(www.ietf.org)将SSL作了标准化,即RFC2246,并将其称为TLS(Transport Layer Security),从技术上讲,TLS1.0与SSL3.0的差别非常微小。由于本文中没有涉及两者间的细小差别,本文中这两个名字等价。
2 IETF(www.ietf.org)将SSL作了标准化,即RFC2246,并将其称为TLS(Transport Layer Security),从技术上讲,TLS1.0与SSL3.0的差别非常微小。由于本文中没有涉及两者间的细小差别,本文中这两个名字等价。
3 在WAP的环境下,由于手机及手持设备的处理和存储能力有限,wap论坛(www.wapforum.org)在TLS的基础上做了简化,提出了WTLS协议(Wireless Transport Layer Security),以适应无线的特殊环境。
SSL是一个介于HTTP协议与TCP之间的一个可选层,其位置大致如下: 位于TCP之上,HTTP之下。
SSL握手协议简介:
1. 用户浏览器将其SSL版本号、加密设置参数、与session有关的数据以及其它一些必要信息发送到服务器。
2. 服务器将其SSL版本号、加密设置参数、与session有关的数据以及其它一些必要信息发送给浏览器,同时发给浏览器的还有服务器的证书。如果配置服务器的SSL需要验证用户身份,还要发出请求要求浏览器提供用户证书。
3. 客户端检查服务器证书,如果检查失败,提示不能建立SSL连接。如果成功,那么继续。
4. 客户端浏览器为本次会话生成pre-master secret,并将其用服务器公钥加密后发送给服务器。
5. 如果服务器要求鉴别客户身份,客户端还要再对另外一些数据签名后并将其与客户端证书一起发送给服务器。
6. 如果服务器要求鉴别客户身份,则检查签署客户证书的CA是否可信。如果不在信任列表中,结束本次会话。如果检查通过,服务器用自己的私钥解密收到的pre-master secret,并用它通过某些算法生成本次会话的master secret。
7. 客户端与服务器均使用此master secret生成本次会话的会话密钥(对称密钥)。在双方SSL握手结束后传递任何消息均使用此会话密钥。这样做的主要原因是对称加密比非对称加密的运算量低一个数量级以上,能够显著提高双方会话时的运算速度。
8. 客户端通知服务器此后发送的消息都使用这个会话密钥进行加密。并通知服务器客户端已经完成本次SSL握手。
9. 服务器通知客户端此后发送的消息都使用这个会话密钥进行加密。并通知客户端服务器已经完成本次SSL握手。
10. 本次握手过程结束,会话已经建立。双方使用同一个会话密钥分别对发送以及接受的信息进行加、解密。
示意图如下所示:
1 SSL通讯示意图
SSL通讯示意图如图1所示:
2 SSL通讯说明
在该部分,将对图1所示的示意图进行说明。为了说明的方便,在本文中称客户端为B,服务器端为S。
STEP 1: B——〉S(发起对话,协商传送加密算法)
你好,S!我想和你进行安全对话,我的对称加密算法有DES,RC5,我的密钥交换算法有RSA和DH,摘要算法有MD5和SHA。
STEP2: S——〉B(发送服务器数字证书)
你好,B!那我们就使用DES-RSA-SHA这对组合进行通讯,为了证明我确实是S,现在发送我的数字证书给你,你可以验证我的身份。
STEP 3: B——〉S(传送本次对话的密钥)
(检查S的数字证书是否正确,通过CA机构颁发的证书验证了S证书的真实有效性后。生成了利用S的公钥加密的本次对话的密钥发送给S)
S, 我已经确认了你的身份,现在将我们本次通讯中使用的对称加密算法的密钥发送给你。
STEP4: S——〉B(获取密钥)
(S用自己的私钥解密获取本次通讯的密钥)。
B, 我已经获取了密钥。我们可以开始通信了。
STEP5: S<——>B(进行通讯)
说明:一般情况下,当B是保密信息的传递者时,B不需要数字证书验证自己身份的真实性,如电子银行的应用,客户需要将自己的账号和密码发送给银行,因此银行的服务器需要安装数字证书来表明自己身份的有效性。在某些B2B应用,服务器端也需要对客户端的身份进行验证,这时客户端也需要安装数字证书以保证通讯时服务器可以辨别出客户端的身份,验证过程类似于服务器身份的验证过程。
此外需要说明的是,在一些电子商务的应用中,可能还会使用到电子签名,或者为了信息交换的更加安全,会增加电子签名和消息校验码(MAC)。
为了便于了解SSL,下面在简要介绍一下信息加密相关知识。使用密钥类型加密信息的加密算法可以分为以下几类:HASH 编码、对称加密和非对称加密三类。
HASH 编码是使用HASH算法从任意长度的消息中计算HASH值的一个过程,HASH值可以说是消息的指纹,因为对于任何不同的消息,几乎总有不同的HASH值。因此在SSL通讯过程中,可以对消息的HASH值进行加密,确保传递的消息在传输过程中没有被修改。
非对称加密或称之为公钥加密使用数学上相关的两个数值来对信息进行编码(加密),其中一个数字称为公钥,另一个称为私钥。公钥加密的信息可以用私钥解密,私钥加密的信息可以用公钥解密。由于公钥可以大面积发放,因此公钥加密在SSL加密通信中应用于对密钥的加密或者进行数字签名。
对称加密和非对称加密相比的区别在于对称加密中,加密信息和解密信息使用同样的密钥,因此该密钥无法公开。但是其具有加密、解密快速的特点。
在SSL通讯中,首先采用非对称加密交换信息,使得服务器获得浏览器端提供的对称加密的密钥,然后利用该密钥进行通讯过程中信息的加密和解密。为了保证消息在传递过程中没有被篡改,可以加密HASH编码来确保信息的完整性。
三、证书(数字证书)
国外的一些定义:
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
An SSL certificate, or secure certificate, is a file installed on a secure Web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable. In order to verify that these sites are legitimate (they are who they say they are), the companies and their websites are verified by a third party, such as Verisign or Thawte.
An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.
The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.
国内的一些定义说明:
数字证书就是标志网络用户身份信息的一系列数据,用来在网络通讯中识别通讯各方的身份,即要在Internet上解决"我是谁"的问题,就如同现实中我们每一个人都要拥有一张证明个人身份的身份证或驾驶执照一样,以表明我们的身份或某种资格。
数字证书是由权威公正的第三方机构即CA中心签发的,以数字证书为核心的加密技术可以对网络上传输的信息进行加密和解密、数字签名和签名验证,确保网上传递信息的机密性、完整性,以及交易实体身份的真实性,签名信息的不可否认性,从而保障网络应用的安全性。
数字证书采用公钥密码体制,即利用一对互相匹配的密钥进行加密、解密。每个用户拥有一把仅为本人所掌握的私有密钥(私钥),用它进行解密和签名;同时拥有一把公共密钥(公钥)并可以对外公开,用于加密和验证签名。当发送一份保密文件时,发送方使用接收方的公钥对数据加密,而接收方则使用自己的私钥解密,这样,信息就可以安全无误地到达目的地了,即使被第三方截获,由于没有相应的私钥,也无法进行解密。通过数字的手段保证加密过程是一个不可逆过程,即只有用私有密钥才能解密。在公开密钥密码体制中,常用的一种是RSA体制。
用户也可以采用自己的私钥对信息加以处理,由于密钥仅为本人所有,这样就产生了别人无法生成的文件,也就形成了数字签名。采用数字签名,能够确认以下两点:
(1)保证信息是由签名者自己签名发送的,签名者不能否认或难以否认;
(2)保证信息自签发后到收到为止未曾作过任何修改,签发的文件是真实文件。
数字证书可用于:发送安全电子邮件、访问安全站点、网上证券、网上招标采购、网上签约、网上办公、网上缴费、网上税务等网上安全电子事务处理和安全电子交易活动。
数字证书的格式一般采用X.509国际标准。目前,数字证书主要分为安全电子邮件证书、个人和企业身份证书、服务器证书以及代码签名证书等几种类型证书。
数字证书是由权威公正的第三方机构即CA中心签发的,以数字证书为核心的加密技术可以对网络上传输的信息进行加密和解密、数字签名和签名验证,确保网上传递信息的机密性、完整性,以及交易实体身份的真实性,签名信息的不可否认性,从而保障网络应用的安全性。
数字证书采用公钥密码体制,即利用一对互相匹配的密钥进行加密、解密。每个用户拥有一把仅为本人所掌握的私有密钥(私钥),用它进行解密和签名;同时拥有一把公共密钥(公钥)并可以对外公开,用于加密和验证签名。当发送一份保密文件时,发送方使用接收方的公钥对数据加密,而接收方则使用自己的私钥解密,这样,信息就可以安全无误地到达目的地了,即使被第三方截获,由于没有相应的私钥,也无法进行解密。通过数字的手段保证加密过程是一个不可逆过程,即只有用私有密钥才能解密。在公开密钥密码体制中,常用的一种是RSA体制。
用户也可以采用自己的私钥对信息加以处理,由于密钥仅为本人所有,这样就产生了别人无法生成的文件,也就形成了数字签名。采用数字签名,能够确认以下两点:
(1)保证信息是由签名者自己签名发送的,签名者不能否认或难以否认;
(2)保证信息自签发后到收到为止未曾作过任何修改,签发的文件是真实文件。
数字证书可用于:发送安全电子邮件、访问安全站点、网上证券、网上招标采购、网上签约、网上办公、网上缴费、网上税务等网上安全电子事务处理和安全电子交易活动。
数字证书的格式一般采用X.509国际标准。目前,数字证书主要分为安全电子邮件证书、个人和企业身份证书、服务器证书以及代码签名证书等几种类型证书。
数字证书就是网络通讯中标志通讯各方身份信息的一系列数据,其作用类似于现实生活中的身份证。它是由一个权威机构发行的,人们可以在交往中用它来识别对方的身份。
最简单的证书包含一个公开密钥、名称以及证书授权中心的数字签名。一般情况下证书中还包括密钥的有效时间,发证机关(证书授权中心)的名称,该证书的序列号等信息,证书的格式遵循ITUT X.509国际标准。
一个标准的X.509数字证书包含以下一些内容:
证书的版本信息
证书的序列号,每个证书都有一个唯一的证书序列号
证书所使用的签名算法
证书的发行机构名称,命名规则一般采用X.500格式
证书的有效期,现在通用的证书一般采用UTC时间格式,它的计时范围为1950-2049
证书所有人的名称,命名规则一般采用X.500格式
证书所有人的公开密钥
证书发行者对证书的签名
以及一些证书扩展项。
使用数字证书,通过运用对称和非对称密码体制等密码技术建立起一套严密的身份认证系统,从而保证:信息除发送方和接收方外不被其它人窃取;信息在传输过程中不被篡改;发送方能够通过数字证书来确认接收方的身份;发送方对于自己的信息不能抵赖。
四、CA
国外对其解释:
Entrust:
For public-key cryptography to be valuable, users must be assured that the other parties with whom they communicate are "safe"?that is, their identities and keys are valid and trustworthy. To provide this assurance, all users of a PKI must have a registered identity. These identities are stored in a digital format known as a public key certificate. Certification Authorities (CAs) represent the people, processes, and tools to create digital certificates that securely bind the names of users to their public keys.
In creating certificates, CAs act as agents of trust in a PKI. As long as users trust a CA and its business policies for issuing and managing certificates, they can trust certificates issued by the CA. This is known as third-party trust.
CAs create certificates for users by digitally signing a set of data that includes the following information (and additional items):
- the user’s name in the format of a distinguished name (DN). The DN specifies the user’s name and any additional attributes required to uniquely identify the user (for example, the DN could contain the user’s employee number).
- a public key of the user. The public key is required so that others can encrypt for the user or verify the user’s digital signature.
- the validity period (or lifetime) of the certificate (a start date and an end date).
- the specific operations for which the public key is to be used (whether for encrypting data, verifying digital signatures, or both).
The CA’s signature on a certificate allows any tampering with the contents of the certificate to be easily detected. (The CA’s signature on a certificate is like a tamper-detection seal on a bottle of pills?any tampering with the contents of a certificate is easily detected) As long as the CA?s signature on a certificate can be verified, the certificate has integrity. Since the integrity of a certificate can be determined by verifying the CA’s signature, certificates are inherently secure and can be distributed in a completely public manner (for example, through publicly-accessible directory systems).
Users retrieving a public key from a certificate can be assured that the public key is valid. That is, users can trust that the certificate and its associated public key belong to the entity specified by the distinguished name. Users also trust that the public key is still within its defined validity period. In addition, users are assured that the public key may be used safely in the manner for which it was certified by the CA.
Openssl:
How do you know that you are dealing with the right person or rather the right web site. Well, someone has taken great length (if they are serious) to ensure that the web site owners are who they claim to be. This someone, you have to implicitly trust: you have his/her certificate loaded in your browser (a root Certificate). A certificate, contains information about the owner of the certificate, like e-mail address, owner's name, certificate usage, duration of validity, resource location or Distinguished Name (DN) which includes the Common Name (CN) (web site address or e-mail address depending of the usage) and the certificate ID of the person who certifies (signs) this information. It contains also the public key and finally a hash to ensure that the certificate has not been tampered with. As you made the choice to trust the person who signs this certificate, therefore you also trust this certificate. This is a certificate trust tree or certificate path. Usually your browser or application has already loaded the root certificate of well known Certification Authorities (CA) or root CA Certificates. The CA maintains a list of all signed certificates as well as a list of revoked certificates. A certificate is insecure until it is signed, as only a signed certificate cannot be modified. You can sign a certificate using itself, it is called a self signed certificate. All root CA certificates are self signed.
VeriSign:
When VeriSign issues an SSL Certificate, we act as a Certificate Authority (CA). VeriSign digitally signs each certificate we issue. Each browser contains a list of CAs to be trusted. When the SSL handshake occurs, the browser verifies that the server certificate was issued by a trusted CA. If the CA is not trusted, a warning will appear. When high-security browsers recognize an Extended Validation SSL Certificate, they display the name of the CA next to the browser bar. VeriSign is one of the most trusted CAs on the Internet.
国内的解释:
所谓CA(Certificate Authority)认证中心,它是采用PKI(Public Key Infrastructure)公开密钥基础架构技术,专门提供网络身份认证服务,负责签发和管理数字证书,且具有权威性和公正性的第三方信任机构,它的作用就像我们现实生活中颁发证件的公司,如护照办理机构。
CA是认证中心的英文Certification Authority的缩写。 CA中心,又称为数字证书认证中心。CA中心作为电子交易中受信任的第三方,负责为电子商务环境中各个实体颁发数字证书,以证明各实体身份的真实性,并负责在交易中检验和管理证书;数字证书的用户拥有自己的公钥/私钥对。证书中包含有证书主体的身份信息、其公钥数据、发证机构名称等,发证机构验证证书主体为合法注册实体后,就对上述信息进行数字签名,形成证书。 在公钥证书体系中,如果某公钥用户需要任何其它已向CA注册的用户的公钥,可直接向该用户索取证书,而后用CA的公钥解密解密即可得到认证的公钥;由于证书中已有CA的签名来实现认证,攻击者不具有CA的签名密钥,很难伪造出合法的证书,从而实现了公钥的认证性。 数字证书认证中心是整个网上电子交易安全的关键环节,是电子交易中信赖的基础。他必须是所有合法注册用户所信赖的具有权威性、信赖性及公正性的第三方机构。
CA的核心功能就是发放和管理数字证书。概括地说,CA认证中心的功能主要有:证书发放、证书更新、证书撤销和证书验证。具体描述如下:
CA的核心功能就是发放和管理数字证书。概括地说,CA认证中心的功能主要有:证书发放、证书更新、证书撤销和证书验证。具体描述如下:
(1)接收验证用户数字证书的申请。
(2)确定是否接受用户数字证书的申请,即证书的审批。
(3)向申请者颁发(或拒绝颁发)数字证书。
(4)接收、处理用户的数字证书更新请求。
(5)接收用户数字证书的查询、撤销。
(6)产生和发布证书的有效期。
(7)数字证书的归档。
(8)密钥归档。
(9)历史数据归档。
(2)确定是否接受用户数字证书的申请,即证书的审批。
(3)向申请者颁发(或拒绝颁发)数字证书。
(4)接收、处理用户的数字证书更新请求。
(5)接收用户数字证书的查询、撤销。
(6)产生和发布证书的有效期。
(7)数字证书的归档。
(8)密钥归档。
(9)历史数据归档。
数字证书认证中心(Certficate Authority,CA)是整个网上电子交易安全的关键环节。它主要负责产生、分配并管理所有参与网上交易的实体所需的身份认证数字证书。每一份数字证书都与上一级的数字签名证书相关联,最终通过安全链追溯到一个已知的并被广泛认为是安全、权威、足以信赖的机构-根认证中心(根CA)。
CA (Certificate Authority) 认证中心:负责产生,分配并且管理数字证书的可信赖的第三方权威机构。采用分级机构,上级认证中心负责签发和管理下级认证中心的证书,最下一级直接面向最终用户
五、联系证书与CA
证书就是数字化的文件,里面有一个实体(网站,个人等)的公共密钥和其他的属性,如名称等。该公共密钥只属于某一个特定的实体,它的作用是防止一个实体假装成另外一个实体。
证书用来保证不对称加密算法的合理性。想想吧,如果没有证书记录,那么假设某俩人A与B的通话过程如下:
这里假设A的publickey是K1,privatekey是K2,B的publickey是K3,privatekey是K4
xxxxxx(kn)表示用kn加密过的一段文字xxxxxx
A---àhello(plaintext)---------àB
A<----hello(plaintext)<----------B
A<----B’s publickey<------------B
A--àA’s publickey(K1)------àB
......
如果C想假装成B,那么步骤就和上面一样。
证书用来保证不对称加密算法的合理性。想想吧,如果没有证书记录,那么假设某俩人A与B的通话过程如下:
这里假设A的publickey是K1,privatekey是K2,B的publickey是K3,privatekey是K4
xxxxxx(kn)表示用kn加密过的一段文字xxxxxx
A---àhello(plaintext)---------àB
A<----hello(plaintext)<----------B
A<----B’s publickey<------------B
A--àA’s publickey(K1)------àB
......
如果C想假装成B,那么步骤就和上面一样。
A---àhello(plaintext)---------àC
A<----hello(plaintext)<----------C
注意下一步,因为A没有怀疑C的身份,所以他理所当然的接受了C的publickey,并且使用这个key来继续下面的通信。
A<----C’s publickey<------------C
A---àA’s publickey(K1)-----àC
......
这样的情况下A是没有办法发觉C是假的。如果A在通话过程中要求取得B的证书,并且验证证书里面记录的名字,如果名字和B的名字不符合,就可以发现对方不是B。验证B的名字通过再从证书里面提取B的公用密钥,继续通信过程。
那么,如果证书是假的怎么办?或者证书被修改过了怎么办?慢慢看下来吧。
证书最简单的形式就是只包含有证书拥有者的名字和公用密钥。当然现在用的证书没这么简单,里面至少还有证书过期的deadline,颁发证书的机构名称,证书系列号,和一些其他可选的信息。最重要的是,它包含了证书颁发机构(certificationauthority简称CA)的签名信息。
我们现在常用的证书是采用X.509结构的,这是一个国际标准证书结构。任何遵循该标准的应用程序都可以读、写X509结构的证书。
通过检查证书里面的CA的名字,和CA的签名,就知道这个证书的确是由该CA签发的然后,你就可以简单证书里面的接收证书者的名字,然后提取公共密钥。这样做建立的基础是,你信任该CA,认为该CA没有颁发错误的证书。
CA是第三方机构,被你信任,由它保证证书的确发给了应该得到该证书的人。CA自己有一个庞大的publickey数据库,用来颁发给不同的实体。
这里有必要解释一下,CA也是一个实体,它也有自己的公共密钥和私有密钥,否则怎么做数字签名?它也有自己的证书,你可以去它的站点down它的证书得到它的公共密钥。
一般CA的证书都内嵌在应用程序中间。不信你打开你的IE,在internet选项里面选中"内容",点击"证书",看看那个"中间证书发行机构"和"委托根目录发行机构",是不是有一大堆CA的名称?也有时CA的证书放在安全的数据库里面。
当你接受到对方的证书的时候,你首先会去看该证书的CA,然后去查找自己的CA证书数据库,看看是否找的到,找不到就表示自己不信任该CA,那么就告吹本次连接。找到了的话就用该CA的证书里面的公用密钥去检查CA在证书上的签名。
这里又有个连环的问题,我怎么知道那个CA的证书是属于那个CA的?人家不能造假吗?
解释一下吧。CA也是分级别的。最高级别的CA叫RootCAs,其他cheap一点的CA的证书由他们来颁发和签名。这样的话,最后的保证就是:我们信任RootCAs.那些有RootCAs签名过的证书的CA就可以来颁发证书给实体或者其他CA了。你不信任RootCAs?人民币由中国人民银行发行,运到各个大银行,再运到地方银行,你从地方银行取人民币的时候不信任发行它的中国人民银行吗?RootCAs都是很权威的机构,没有必要担心他们的信用。那RootCAs谁给签名?他们自己给自己签名,叫自签名。
A<----hello(plaintext)<----------C
注意下一步,因为A没有怀疑C的身份,所以他理所当然的接受了C的publickey,并且使用这个key来继续下面的通信。
A<----C’s publickey<------------C
A---àA’s publickey(K1)-----àC
......
这样的情况下A是没有办法发觉C是假的。如果A在通话过程中要求取得B的证书,并且验证证书里面记录的名字,如果名字和B的名字不符合,就可以发现对方不是B。验证B的名字通过再从证书里面提取B的公用密钥,继续通信过程。
那么,如果证书是假的怎么办?或者证书被修改过了怎么办?慢慢看下来吧。
证书最简单的形式就是只包含有证书拥有者的名字和公用密钥。当然现在用的证书没这么简单,里面至少还有证书过期的deadline,颁发证书的机构名称,证书系列号,和一些其他可选的信息。最重要的是,它包含了证书颁发机构(certificationauthority简称CA)的签名信息。
我们现在常用的证书是采用X.509结构的,这是一个国际标准证书结构。任何遵循该标准的应用程序都可以读、写X509结构的证书。
通过检查证书里面的CA的名字,和CA的签名,就知道这个证书的确是由该CA签发的然后,你就可以简单证书里面的接收证书者的名字,然后提取公共密钥。这样做建立的基础是,你信任该CA,认为该CA没有颁发错误的证书。
CA是第三方机构,被你信任,由它保证证书的确发给了应该得到该证书的人。CA自己有一个庞大的publickey数据库,用来颁发给不同的实体。
这里有必要解释一下,CA也是一个实体,它也有自己的公共密钥和私有密钥,否则怎么做数字签名?它也有自己的证书,你可以去它的站点down它的证书得到它的公共密钥。
一般CA的证书都内嵌在应用程序中间。不信你打开你的IE,在internet选项里面选中"内容",点击"证书",看看那个"中间证书发行机构"和"委托根目录发行机构",是不是有一大堆CA的名称?也有时CA的证书放在安全的数据库里面。
当你接受到对方的证书的时候,你首先会去看该证书的CA,然后去查找自己的CA证书数据库,看看是否找的到,找不到就表示自己不信任该CA,那么就告吹本次连接。找到了的话就用该CA的证书里面的公用密钥去检查CA在证书上的签名。
这里又有个连环的问题,我怎么知道那个CA的证书是属于那个CA的?人家不能造假吗?
解释一下吧。CA也是分级别的。最高级别的CA叫RootCAs,其他cheap一点的CA的证书由他们来颁发和签名。这样的话,最后的保证就是:我们信任RootCAs.那些有RootCAs签名过的证书的CA就可以来颁发证书给实体或者其他CA了。你不信任RootCAs?人民币由中国人民银行发行,运到各个大银行,再运到地方银行,你从地方银行取人民币的时候不信任发行它的中国人民银行吗?RootCAs都是很权威的机构,没有必要担心他们的信用。那RootCAs谁给签名?他们自己给自己签名,叫自签名。
五、CSR
国外的一些定义:
VeriSign:
The CSR is a string of text generated by your server software. You provide this string of text to VeriSign during the enrollment process. To generate a CSR, you will need to know what kind of server software is running on your Web server.
Entrust:
A Certificate Signing Request (CSR) is a PKCS10 request which is an unsigned copy of your certificate. Entrust Certificate Services will use the Certificate Signing Request (CSR) to generate your signed digital x509 V3 SSL server certificate. Your CSR contains the following:
- Information about your organization (organization name, country, etc...)
- Your Web or WAP Server's public key
- A unique mathematical match to your server's private key .
国内一些定义:
什么是CSR?
答:CSR是一个证书签名请求,在您申请证书之前,首先要在您的WEB服务器上生成CSR并将其提交给CA认证中心,CA才能给您签发SSL服务器证书。可以这样认为,CSR就是一个在您的服务器上生成的证书。CSR包括以下内容:
答:CSR是一个证书签名请求,在您申请证书之前,首先要在您的WEB服务器上生成CSR并将其提交给CA认证中心,CA才能给您签发SSL服务器证书。可以这样认为,CSR就是一个在您的服务器上生成的证书。CSR包括以下内容:
a) 您的组织信息(组织名称、国家等等)
b) 您的Web服务器的域名
b) 您的Web服务器的域名
CSR是一个加密文件,它含有你的组织公钥、名称、所在地和URL。要生成CSR,如果您的主机托管或租用在主机服务提供商或IDC中,您可以直接与您的系统管理员联系,让他帮助您生成CSR. 如果您自己管理您的主机,请参考服务器软件的手册或联系服务器厂商以便生成CSR. 生成CSR过程中,服务器生成两个文件:私钥和CSR。
注意事项:将你的私钥和CSR复制到软盘上,并将软盘保存在一个安全的地方。如果软盘被丢失或破坏,你将无法使用你的服务器数字证书。
注意事项:将你的私钥和CSR复制到软盘上,并将软盘保存在一个安全的地方。如果软盘被丢失或破坏,你将无法使用你的服务器数字证书。
CSR是服务器生成的一个文本文件,它包含了一下信息:
确认申请者的信息
申请者的公钥
将安装服务证书的服务器类型
服务器中一般都自带有生成CSR的功能,CSR生成后将以不可阅读的方式显示以保证安全。
确认申请者的信息
申请者的公钥
将安装服务证书的服务器类型
服务器中一般都自带有生成CSR的功能,CSR生成后将以不可阅读的方式显示以保证安全。
CSR是什么样的?
您生成的CSR应该与下面的CSR格式相似:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIByDCCATECAQAwgYgxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTEQMA4GA1UEBxMHUm9hbm9rZTEmMCQGA1UEChMdTmV3IENlbnR1cnkgVGVjaG5vbG9naWVzIEluYy4xDzANBgNVBAsTBk5DVGluYzEbMBkGA1UEAxQSd3d3Lm5ld2NlbnRlY2guY29tMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFHdQ2up+9Z06F8pVfC9R0oj0A8fX6mLdc66JhUv6QGleJ37lLciLpgvDwvg+Tyi5uThrua+B2zmgMnpr0AkpN2nqIe0inHTR29vcbjUNiMSkaxZHN/NQlSSKwQbCB9d6TJBUeRzGGfULpSF8dhlTfcI4krbEE9TY/r1/kCGmnSBAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAgOn0at410ohHnKEzVgElu0a1w10AL37qxgJIBflnLD+7C0h8UKOUFPyrC2DBwP3kJkzGRFDLJiwshV3yPuGMOaqYcTLB8/DK553TyuLR2FIftr4oxKZ6wT8D8v38a1s1D+1owU20CbzA7Ur0YBqrnQdD2PnTv/XpHtAAr+M4oez==
-----END NEW CERTIFICATE REQUEST-----
六、X509
国外的定义:
A widely used standard for defining digital certificates. X.509 (Version 1) was first issued in 1988 as a part of the ITU X.500 Directory Services standard. When X.509 was revised in 1993, two more fields were added resulting in the Version 2 format. These two additional fields support directory access control. X.509 Version 3 defines the format for certificate extensions used to store additional information regarding the certificate holder and to define certificate usage. Collectively, the term X.509 refers to the latest published version, unless the version number is stated.
X.509 is published as ITU recommendation ITU-T X.509 (formerly CCITT X.509) and ISO/IEC/ITU 9594-8 which defines a standard certificate format for public key certificates and certification validation. With minor differences in dates and titles, these publications provide identical text in the defining of public-key and attribute certificates.
In One Sentence: What is a Certificate?
A public-key certificate is a digitally signed statement from one entity, saying that the public key (and some other information) of another entity has some specific value.
Let us expand on some of the key terms used in this sentence:
Public Keys
These are numbers associated with a particular entity, and are intended to be known to everyone who needs to have trusted interactions with that entity. Public keys are used to verify signatures.
Digitally Signed
If some data is digitally signed it has been stored with the "identity" of an entity, and a signature that proves that entity knows about the data. The data is rendered unforgeable by signing with the entitys' private key.
Identity
A known way of addressing an entity. In some systems the identity is the public key, in others it can be anything from a Unix UID to an Email address to an X.509 Distinguished Name.
Signature
A signature is computed over some data using the private key of an entity (the signer).
Private Keys
These are numbers, each of which is supposed to be known only to the particular entity whose private key it is (that is, it's supposed to be kept secret). Private and public keys exist in pairs in all public key cryptography systems (also referred to as "public key crypto systems"). In a typical public key crypto system, such as DSA, a private key corresponds to exactly one public key. Private keys are used to compute signatures.
Entity
An entity is a person, organization, program, computer, business, bank, or something else you are trusting to some degree.
Basically, public key cryptography requires access to users' public keys. In a large-scale networked environment it is impossible to guarantee that prior relationships between communicating entities have been established or that a trusted repository exists with all used public keys. Certificates were invented as a solution to this public key distribution problem. Now a Certification Authority (CA) can act as a Trusted Third Party. CAs are entities (e.g., businesses) that are trusted to sign (issue) certificates for other entities. It is assumed that CAs will only create valid and reliable certificates as they are bound by legal agreements. There are many public Certification Authorities, such as VeriSign, Thawte, Entrust, and so on. You can also run your own Certification Authority using products such as the Netscape/Microsoft Certificate Servers or the Entrust CA product for your organization.
What's Inside an X.509 Certificate?
The X.509 standard defines what information can go into a certificate, and describes how to write it down (the data format). All X.509 certificates have the following data, in addition to the signature:
Version
This identifies which version of the X.509 standard applies to this certificate, which affects what information can be specified in it. Thus far, three versions are defined.
Serial Number
The entity that created the certificate is responsible for assigning it a serial number to distinguish it from other certificates it issues. This information is used in numerous ways, for example when a certificate is revoked its serial number is placed in a Certificate Revocation List (CRL).
Signature Algorithm Identifier
This identifies the algorithm used by the CA to sign the certificate.
Issuer Name
The X.500 name of the entity that signed the certificate. This is normally a CA. Using this certificate implies trusting the entity that signed this certificate. (Note that in some cases, such as root or top-level CA certificates, the issuer signs its own certificate.)
Validity Period
Each certificate is valid only for a limited amount of time. This period is described by a start date and time and an end date and time, and can be as short as a few seconds or almost as long as a century. The validity period chosen depends on a number of factors, such as the strength of the private key used to sign the certificate or the amount one is willing to pay for a certificate. This is the expected period that entities can rely on the public value, if the associated private key has not been compromised.
Subject Name
The name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet. This is the Distinguished Name (DN) of the entity, for example,
CN=Java Duke, OU=Java Software Division, O=Sun Microsystems Inc, C=US
(These refer to the subject's Common Name, Organizational Unit, Organization, and Country.)
Subject Public Key Information
This is the public key of the entity being named, together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.
X.509 Version 1 has been available since 1988, is widely deployed, and is the most generic.
X.509 Version 2 introduced the concept of subject and issuer unique identifiers to handle the possibility of reuse of subject and/or issuer names over time. Most certificate profile documents strongly recommend that names not be reused, and that certificates should not make use of unique identifiers. Version 2 certificates are not widely used.
X.509 Version 3 is the most recent (1996) and supports the notion of extensions, whereby anyone can define an extension and include it in the certificate. Some common extensions in use today are: KeyUsage (limits the use of the keys to particular purposes such as "signing-only") and AlternativeNames (allows other identities to also be associated with this public key, e.g. DNS names, Email addresses, IP addresses). Extensions can be marked critical to indicate that the extension should be checked and enforced/used. For example, if a certificate has the KeyUsage extension marked critical and set to "keyCertSign" then if this certificate is presented during SSL communication, it should be rejected, as the certificate extension indicates that the associated private key should only be used for signing certificates and not for SSL use.
All the data in a certificate is encoded using two related standards called ASN.1/DER. Abstract Syntax Notation 1 describes data. The Definite Encoding Rules describe a single way to store and transfer that data. People have been known to describe this combination simultaneously as "powerful and flexible" and as "cryptic and awkward".
The IETF PKIX working group is in the process of defining standards for the Internet Public Key Infrastructure. We are closely following their work, and are supporting its X.509 Certificate and CRL Profile, which is being specified.
X.509标准
在和CA进行一些接触时,我们常常会听到一个名词: X.509。它是一种行业标准或者行业解决方案,在X.509方案中,默认的加密体制是公钥密码体制。为进行身份认证,X.509标准及公共密钥加密系统提供了数字签名的方案。用户可生成一段信息及其摘要(亦称作信息"指纹")。用户用专用密钥对摘要加密以形成签名,接收者用发送者的公共密钥对签名解密,并将之与收到的信息"指纹"进行比较,以确定其真实性。
此问题的解决方案即X.509标准与公共密钥证书。本质上,证书由公共密钥加密钥拥有者的用户标识组成,整个字块有可信赖的第三方签名。典型的第三方即大型用户群体(如政府机关或金融机构)所信赖的CA。
此外,X.509标准还提供了一种标准格式CRL,下面我们就来看一看 X.509标准下的证书格式极其扩展。
目前X.509有不同的版本,例如 X.509 V2和x.509 v3都是目前比较新的版本,但是都在原有版本(X.509 V1)的基础上进行功能的扩充,其中每一版本必须包含下列信息:
(1) 版本号
(2) 序列号;
(3) 签名算法标识符
(4) 认证机构
(5) 有效期限
(6) 主题信息
(7) 认证机构的数字签名
(8) 公钥信息
1、版本号:
用来区分X.509的不同版本号
2、序列号;
由CA给予每一个证书的分配唯一的数字型编号,当证书被取消时,实际上是将此证书的序列号放入由CA签发的CRL中;这也是序列号唯一的原因。
3、签名算法标识符:
用来指定用CA签发证书时所使用的签名算法。算法标识符用来指定CA签发证书时所使用的公开密钥算法和HASH算法,须向国际指明标准组织(如ISO)注册。
4、认证机构:
即发出该证书的机构唯一的CA的
此问题的解决方案即X.509标准与公共密钥证书。本质上,证书由公共密钥加密钥拥有者的用户标识组成,整个字块有可信赖的第三方签名。典型的第三方即大型用户群体(如政府机关或金融机构)所信赖的CA。
此外,X.509标准还提供了一种标准格式CRL,下面我们就来看一看 X.509标准下的证书格式极其扩展。
目前X.509有不同的版本,例如 X.509 V2和x.509 v3都是目前比较新的版本,但是都在原有版本(X.509 V1)的基础上进行功能的扩充,其中每一版本必须包含下列信息:
(1) 版本号
(2) 序列号;
(3) 签名算法标识符
(4) 认证机构
(5) 有效期限
(6) 主题信息
(7) 认证机构的数字签名
(8) 公钥信息
1、版本号:
用来区分X.509的不同版本号
2、序列号;
由CA给予每一个证书的分配唯一的数字型编号,当证书被取消时,实际上是将此证书的序列号放入由CA签发的CRL中;这也是序列号唯一的原因。
3、签名算法标识符:
用来指定用CA签发证书时所使用的签名算法。算法标识符用来指定CA签发证书时所使用的公开密钥算法和HASH算法,须向国际指明标准组织(如ISO)注册。
4、认证机构:
即发出该证书的机构唯一的CA的