b2科目四模拟试题多少题驾考考爆了怎么补救
b2科目四模拟试题多少题 驾考考爆了怎么补救

CA证书跟TLS介绍

电脑杂谈  发布时间:2019-12-29 14:02:10  来源:网络整理

tls_tls_tls协议

用自己的公钥给数据加密就叫数字签名

在A跟B的通讯中,C可以把自己的私钥发给A,让A把C的私钥当作B的私钥,这样的话.B领到加密数据反倒难以揭秘,而C竟可以揭秘出数据.从而实现C查获AB之间的数据

所以在二者的通讯中应当要对私钥的来源进行确认

A跟B假如想安全交换私钥,就应当通过CA(证书颁授机构) 证书的通讯过程 A跟B首先都外置了CA的私钥

根CA的证书是自己给自己签名的(自签名)

PKI: Public Key Infrastructure

签证机构:CA(Certificate Authority)

注册机构:RA

证书注销列表:CRL

证书存取库: X.509:定义了证书的结构以及认证合同标准

版本号 序列号 签名算法 颁发者 有效期限 主体名称 主体私钥 CRL分发点 扩充信息 发行者签名

SSL(Secure Socket Layer)和TLS(Transport Layer Security )本身是一个东西

实现功能: 机密性 认证 完整性 重放保护(正确同样的数据不能重复发送)

两阶段合同,分为握手阶段跟应用阶段

握手阶段(协商阶段):

tls_tls协议_tls

客户端跟服务器端认证对方身分(依赖于PKI机制tlstls,利用数字证书进行 身份认证),并协商通讯中使用的安全参数、密码套件以及主秘钥.

后续通讯使用的所有秘钥都是 通过MasterSecret生成。

应用阶段:

在握手阶段完成后踏入,在应用阶段通讯双方使用握手阶段协商好的秘钥进行安全通讯

taobao 证书 https的通讯过程

taobao 证书内容包含 SCA(Ptaobao) CA秘钥加密签名过的taobao私钥 + CA证书描述+过期时间+证书其它信息 taobao网站把证书发给客户端

客户端因为信任CA甚至领到了CA的私钥,就可以揭秘SCA(Ptaobao) 获得taobao的私钥 Ptaobao

客户端(浏览器)会在本地生成一个对称密钥(key)用taobao的公钥加密发送给taobao Ptaobao(key) sendto taobao

taobao通过自己的公钥揭秘得到客户端发送进来的key Staobao(Ptaobao(key)) = key 这样在客户端跟服务端都存在相似的对称密钥key

客户端跟服务端就可以通过key(data)对大量的网页数据进行对称加密,实现通讯双方的安全通讯

base64编码 是6bit编码 包含字符a-z,A-Z,/,+ 总共64个符号

生成公钥

openssl genrsa -out /PATH/TO/PRIVATEKEY.FILE NUM_BITS (umask 077; openssl genrsa –out test.key –des 2048) -des表示对秘钥对称称加密

openssl rsa -in test.key –out test2.key 将加密key揭秘

从公钥中提取出私钥

openssl rsa -in PRIVATEKEYFILE –pubout –out PUBLICKEYFILE openssl rsa –in test.key –pubout –out test.key.pub

1. 创建CA重要的配置文件openssl的配置文件:/etc/pki/tls/openssl.cnf

tls协议_tls_tls

2. 默认CA的工作目录在 /etc/pki/CA

  1 [root@centos7 ~]# cd /etc/pki/CA
  2 #创建CA服务器的私钥
  3 [root@centos7 CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
  4 Generating RSA private key, 4096 bit long modulus
  5 ...................................................++
  6 ..............................................................................................................................................................................................................................................................................................++
  7 e is 65537 (0x10001)
  8 [root@centos7 CA]# ls private
  9 cakey.pem
 10 
 11 #根CA给自己的私钥签名证书
 12 [root@centos7 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
 13 You are about to be asked to enter information that will be incorporated
 14 into your certificate request.
 15 What you are about to enter is what is called a Distinguished Name or a DN.
 16 There are quite a few fields but you can leave some blank
 17 For some fields there will be a default value,
 18 If you enter '.', the field will be left blank.
 19 -----
 20 Country Name (2 letter code) [XX]:CN
 21 State or Province Name (full name) []:beijing
 22 Locality Name (eg, city) [Default City]:beijing
 23 Organization Name (eg, company) [Default Company Ltd]:mage
 24 Organizational Unit Name (eg, section) []:M30
 25 Common Name (eg, your name or your server's hostname) []:www.yxh.com
 26 Email Address []:
 27 #以可读的文本格式显示证书内容
 28 [root@centos7 CA]# openssl x509 -in cacert.pem -noout -text
 29 Certificate:
 30     Data:
 31         Version: 3 (0x2)
 32         Serial Number:
 33             f9:72:0f:e1:6c:80:e3:aa
 34     Signature Algorithm: sha256WithRSAEncryption
 35         Issuer: C=CN, ST=beijing, L=beijing, O=mage, OU=M30, CN=www.yxh.com
 36         Validity
 37             Not Before: May 19 08:58:14 2018 GMT
 38             Not After : May 16 08:58:14 2028 GMT
 39         Subject: C=CN, ST=beijing, L=beijing, O=mage, OU=M30, CN=www.yxh.com
 40         Subject Public Key Info:
 41             Public Key Algorithm: rsaEncryption
 42                 Public-Key: (4096 bit)
 43                 Modulus:
 44                     00:e4:70:ef:fe:9a:43:87:41:ca:05:3d:a6:98:df:
 45                     89:19:64:ac:fb:24:04:42:be:bc:87:7a:e9:b5:be:
 46                     9d:21:40:cf:c7:08:a1:ab:8e:03:92:29:e9:50:ed:
 47                     dd:8d:06:3c:5f:fa:23:9f:96:04:76:b9:be:56:43:
 48                     58:f8:43:db:24:cf:79:87:be:cc:bd:c0:af:41:04:
 49                     d4:e1:6b:78:fb:b1:74:8e:25:93:22:9e:f1:22:98:
 50                     97:7e:dd:dc:af:45:97:93:16:93:8a:89:5c:b0:00:
 51                     62:a5:2f:72:ec:54:aa:3a:ec:0b:24:72:34:4a:c0:
 52                     70:ab:02:d8:36:53:93:d1:cc:98:43:a9:a8:f2:3b:
 53                     b7:fb:be:44:64:9d:c6:bb:7d:16:b5:39:d1:1f:6d:
 54                     e2:89:c7:9f:b7:e6:10:87:37:01:41:25:af:61:b5:
 55                     7c:93:3c:bd:75:cb:46:ff:0e:e2:58:92:aa:25:2b:
 56                     06:b1:25:27:e5:7d:76:02:d8:c5:63:db:d0:e6:ab:
 57                     ef:ce:69:37:7e:eb:b1:f3:59:05:e1:bf:47:b7:d1:
 58                     4c:59:45:c9:d6:f0:35:dd:95:b0:c2:69:5b:7e:83:
 59                     3e:64:8e:66:28:ba:06:f4:99:30:00:4d:76:72:a3:
 60                     16:d7:7e:f1:9e:9d:fe:15:88:d0:b8:e4:8f:cd:56:
 61                     c3:89:5c:cf:40:a5:2b:9d:38:56:e2:30:09:85:22:
 62                     b2:f6:58:20:c2:c0:65:b9:0e:61:f0:b3:a2:94:ea:
 63                     57:72:77:90:26:7d:90:11:98:18:52:ab:dc:a1:78:
 64                     68:0d:f0:d8:6b:01:c5:5d:e5:ca:a5:36:68:81:ba:
 65                     ca:4c:b9:98:fd:f4:54:e3:eb:7f:3d:30:50:34:a6:
 66                     5e:38:1c:82:93:9b:91:76:34:ab:df:e8:95:dd:2e:
 67                     d0:c6:98:c5:77:a6:67:13:aa:96:3f:7c:70:7e:54:
 68                     50:77:cc:5c:d0:70:34:93:90:4a:83:25:d8:1e:1d:
 69                     6c:17:3c:84:20:df:ee:78:28:e7:63:7f:d5:44:9c:
 70                     c3:cb:ec:78:a7:2f:05:dc:e7:e9:20:32:34:38:66:
 71                     fc:1f:54:79:64:bc:92:e9:59:c5:bf:35:4c:aa:1f:
 72                     93:7a:e7:8c:29:b2:58:03:bf:4f:19:36:da:2f:bd:
 73                     00:e0:0e:cd:32:09:0b:c7:1d:6c:12:19:b4:fa:4c:
 74                     a2:b0:24:be:d3:1e:47:55:17:c3:14:ce:cd:af:01:
 75                     ca:d8:48:44:12:40:99:f2:9f:87:1e:ea:2f:cb:0f:
 76                     a7:0d:b7:99:d5:e1:3b:68:50:00:80:6f:59:7c:19:
 77                     96:72:51:bb:9d:6b:02:01:c1:7b:88:d9:20:57:64:
 78                     1f:86:95
 79                 Exponent: 65537 (0x10001)
 80         X509v3 extensions:
 81             X509v3 Subject Key Identifier: 
 82                 C6:80:BB:D0:7D:12:F4:EF:1A:69:CD:92:D3:F7:E1:3D:8A:27:CD:76
 83             X509v3 Authority Key Identifier: 
 84                 keyid:C6:80:BB:D0:7D:12:F4:EF:1A:69:CD:92:D3:F7:E1:3D:8A:27:CD:76
 85 
 86             X509v3 Basic Constraints: 
 87                 CA:TRUE
 88     Signature Algorithm: sha256WithRSAEncryption
 89          a0:df:1a:b4:22:69:a7:8f:92:8b:c0:67:91:66:df:5f:0f:47:
 90          2d:2e:6a:fd:d7:21:48:29:46:e7:7e:9b:6a:46:32:04:39:c2:
 91          fb:06:2e:eb:d2:f5:25:16:f7:03:f9:d1:e5:d1:d8:1d:96:8e:
 92          22:fc:37:d7:22:97:36:4c:2c:f2:8f:09:24:5b:61:a2:29:13:
 93          48:21:c9:db:1e:1e:24:18:d0:02:2f:ff:35:fd:21:4c:b6:af:
 94          36:33:8a:d0:2f:22:75:f4:89:8b:99:4f:32:69:55:35:13:35:
 95          00:d4:f3:82:44:5f:25:a8:82:1c:51:01:31:e2:7b:c0:72:0a:
 96          5d:a8:a8:37:30:a7:64:e5:2b:86:e4:92:57:59:ae:0b:a9:7b:
 97          fa:be:64:be:7a:d4:f1:6a:1d:9e:07:d4:79:7d:9c:d9:c5:98:
 98          ec:fc:d0:0d:55:45:41:81:c9:5a:d1:0e:ba:f1:14:c1:43:ea:
 99          26:62:a3:c2:8f:fe:54:fe:03:9d:8c:ca:96:48:66:9f:83:88:
100          c3:e7:d8:6b:e9:43:34:3c:77:b6:2f:97:54:65:39:74:09:a5:
101          a3:c6:d1:aa:52:7b:d3:91:44:32:ee:1a:45:40:ff:1e:46:b9:
102          47:06:68:6e:91:a6:88:77:4a:df:07:bd:81:ae:6e:a0:2d:67:
103          39:15:b6:9b:28:e3:0a:34:bf:0d:f0:01:af:8a:f2:2b:8b:3f:
104          12:a7:8b:cf::eb:c5:bc:58:58:10:6a:84:85:26:01:39:9a:
105          fa:aa:1a:dc:83:46:61:1b:12:90:ad:5a:d7:67:78:68:a9:8c:
106          72:71:f0:64:b7:bf:08:85:9b:71:4a:3f:00:94:43:a7:73:3b:
107          c3:95:da:07:1f:8b:ca:f4:d7:a4:af:34:95:42:a5:e0:46:e8:
108          18:22:29::b7:b0:a0:9a:7b:e8:e5:b1:11:67:07:f3:7d:bd:
109          f7:2f:5f:65:5e:32:5d:0c:65:a1:70:ad:50:6c:02:5c:a5:e6:
110          0c:41:c9:26:9d:95::1b:df:26:a2:43:4f:b6:e0:98:6f:ba:
111          cb:83:e6:1c:00:ba:d6:48:cc:a4:2e:8d:cc:6c:f4:9d:5a:ee:
112          62:0e:57:e2:2e:1f:8c:6c:cd:a3:2d:63:4b:0f:6b:11:bd:18:
113          47:23:0b:b7:7c:fc:d5:45:01:6e:72:a0:7c:43:29:6b:ef:dd:
114          33:d1:39:2a:14:cd:c3:2e:91:4f:78:3d:e2:08:a5:dd:bd:00:
115          aa:18:19:48:03:3a:a1:9d:1c:e7:c3:87:51:a4:42:7a:fd:7f:
116          90:40:c6:bb:ba:8e:22:be:63:5a:10:bb:a4:fd:ef:21:4f:d1:
117          84:a9:fb:2e:61:cc:b0:76
118 
119 [root@centos7 CA]# openssl x509 -in cacert.pem -noout -issuer
120 issuer= /C=CN/ST=beijing/L=beijing/O=mage/OU=M30/CN=www.yxh.com


本文来自电脑杂谈,转载请注明本文网址:
http://www.pc-fly.com/a/jisuanjixue/article-135087-1.html

相关阅读
    发表评论  请自觉遵守互联网相关的政策法规,严禁发布、暴力、反动的言论

    热点图片
    拼命载入中...