Cryptographic Authentication Notes

最新推荐文章于 2021-02-12 22:05:18 发布
最新推荐文章于 2021-02-12 22:05:18 发布
阅读量777 收藏
点赞数 1
分类专栏: 网络安全 文章标签: security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/scythe666/article/details/53403841
版权

一、文章来由

老师在期末的时候给出自愿 presentation 的任务,想接触一下这块,所以果断报名了。

Textbook 下载:
https://www.homeworkmarket.com/sites/default/files/corporate_computer_security_0.pdf

第5.6章

二、Textbook notes

1. Public Key Infrastructures

Using public key authentication with digital certificates requires the organization to establish a public key infrastructure (PKI) to create and manage public key–private key pairs and digital certificates. Figure 5-18 illustrates the functions of a PKI.

THE FIRM AS A CERTIFICATE AUTHORITY

As Chapter 3 noted, certificate authorities (CAs) manage digital certificates. The chapter also noted that CAs are not regulated, and this creates questions of trust. However, if firms act as their own CAs, they have control of trust in their entire public key infrastructure. On the negative side, being a certificate authority is quite expensive because of the labor involved.

这里写图片描述

这里写图片描述

2. CREATING PUBLIC KEY–PRIVATE KEY PAIRS

First, a PKI needs a way to generate public key–private key pairs for non-PKI servers and clients. This is typically done by the client or non-PKI server rather than by the PKI server. The client or server generates a private key–public key pair, and then sends the
public key to the CA. This transmission can be done in the clear because public keys are not secret. The private key, which is secret, is not transmitted at all.

3. ACCEPTING DIGITAL CERTIFICATES

The figure also shows that a supplicant can send the true party’s digital certificate to the verifier. This might seem suspicious, but recall that digital certificates have their own digital signatures signed (encrypted) by the private key of the PKI server. Digital signa-tures give message integrity as well as authentication. Consequently, an impostor cannot change the true party’s name and replace it with his or her own name.

It is safe to accept a digital certificate from a supplicant, even if the supplicant is an impostor. The digital certificate has its own digital signature, which gives integrity. This means that the sender cannot change it.

This is bill
关注
专栏目录
NT Domain Authentication
09-09 3345
 NT Domain Authentication------------------------Authors: - Luke Kenneth Casson Leighton (lkcl@switchboard.net)-------- - Paul Ashton (paul@argo.demon.co.uk) - Duncan Stans
服务里没有Cryptographic Services怎么办?
kepa520的博客
07-25 2335
从正常的电脑里面导出以下键项,然后导入自己的注册表:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CRYPTSVC  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CRYPTSVC  HKEY_LOCAL_MACHINE\SYSTEM\Con
让你告别盗版软件的清单
yalke
06-03 2119
3D Graphics: 3Delight Free - http://www.3delight.com/index.htm Anim8or - http://www.anim8or.com/ Aqsis - http://www.aqsis.com/ Blender - http://www.blender3d.org/ Houdini (Free Edition) - http://www.s...
android openssl curl 交叉编译
女程序猿香香的博客
12-18 1215
依次执行命令: uname -m NDK=/home/dev/android-ndk-r11c SYSROOT=$NDK/platforms/android-23/arch-arm export CC="$NDK/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gcc --...
authentication java_Http Authentication Java
weixin_30082413的博客
02-12 260
http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.htmlHttp AuthenticationOverviewThe HTTP protocol handler implements a number of authentication schemes. Sun's implementation of Java...
Custom JWT Authentication
BLOG域名:programb.blog.csdn.net
04-25 182
MongoDB Logo ServerDriversCloudToolsGuides Get MongoDB Close × MongoDB Stitch Introduction Tutorials Users & Authentication Overview User Management Stitch Users Configure ...
Http Authentication Java
weixin_30904593的博客
04-05 196
http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html Http Authentication Overview The HTTP protocol handler implements a number of authentication schemes. Sun's implement...
SIP TLS Notes
亲密数
09-08 3168
This article first introduces some general informations about authentication, encryption and cryptography concepts. Then TLS and GnuTLS are
The NTLM Authentication Protocol
吾将上下而求索
02-12 3010
The NTLM Authentication Protocol and Security Support ProviderAbstractThis article seeks to describe the NTLM authentication protocol and related security support provider functionality at an inte
Network Security: Private Communication in a Public World, Second Edition
03-22
Cryptographic Authentication Protocols Section 9.4. Who Is Being Authenticated? Section 9.5. Passwords as Cryptographic Keys Section 9.6. Eavesdropping and Server Database Reading Section 9.7...
OSCP Learning Notes - Privilege Escalation
weixin_30642561的博客
07-29 4123
Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https://www.vulnhub.com/entry/basic-pentesting-1,216/ 1.Scan the target server using nmap. nmap...
HMAC算法
zhu4674548的专栏
10-03 1281
RFC 2104 - HMAC: Keyed-Hashing for Message Authentication 前言: 【1】“message authentication codes” (MAC) 【2】“hash-based message authentication codes” (HMAC) HMAC: Keyed-Hashing for Message Authentication...
PDF目录标签自动生成示范 《Handbook.of.Applied.Cryptography》(Alfred.J..Menezes).pdf
08-07 1728
利用JavaScript自动生PDF书签目录  使用软件版本 Acrobat XI 大多数的扫描版PDF电子图书都可以在官网或者各大网上书店找到目录,很多都是带有页码的。 通过脚本可以将目录自动转化为书签,添加到PDF中。 把目录数据复制粘贴到一个文本文件中,确保每一行都是一条书签,然后合并成一行内容,并将所有换行符用 "\n" 字符替换作为 JavaScript 的
Kerberos 认证原理笔记
热门推荐
This is bill的专属博客
12-02 1万+
一、文章来由为了 computer security 课的展示准备素材。二、什么是 KerberosKerberos这一名词来源于希腊神话“三个头的狗——地狱之门守护者摘自百度百科 Kerberos 是一种网络认证协议,其设计目标是通过密钥系统为客户机 / 服务器应用程序提供强大的认证服务。该认证过程的实现不依赖于主机操作系统的认证,无需基于主机地址的信任,不要求网络上所有主机的物理安全,并假定
常见DoS攻击
This is bill的专属博客
11-01 3489
1、Figure 4-1 SYN Flood DoS AttackSYN Flood DoS Attack is that the attacker will send TCP SYN packets in an attempt to make many half-open TCP connections. Memory is allocated for each false connection
非对称加密---RSA算法
This is bill的专属博客
09-27 2445
一、文章来由上一篇提到了网络加密算法中,非对称加密算法是现代网络安全的基石,而RSA算法是公钥加密算法中应用最广的算法之一。二、RSA算法的基础1、互斥关系大家都知道,一个很大很大的数很难进行因式分解。如果两个正整数,除了1以外,没有其他公因子,我们就称这两个数是互质关系(coprime)。比如,15和32没有公因子,所以它们是互质关系。这说明,不是质数也可以构成互质关系。同时有以下结论: (1
Wireshark Lab 2
This is bill的专属博客
11-09 2152
第二次wireshark作业,讲了一些较为实用的技巧,记录一下What to do: A. Run your wireshark for a few seconds and save the capture files on your desktop (test.pcapng) B. Restart your Wireshark and open test.pcapng C. Take a s
公私钥加解密问题汇总
This is bill的专属博客
10-09 1429
A is sending a message to B (using public key infrastructure). What kind of key is used for encryption (for the purpose of confidentiality)? B’s public key. 加密用接收方公钥 A is sending a message to B (usi
RESTful IoT Authentication protocol COAP
最新发布
05-20
COAP allows devices and clients to communicate securely over the internet by using lightweight cryptographic techniques. It uses DTLS (Datagram Transport Layer Security) to provide confidentiality, ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值