堆栈内存溢出
  简体   繁体   English

SSL握手中的客户端证书身份验证

[英]Client Certificate Authentication in SSL Handshake

 原文  2015-12-30 15:31:44       authentication/ ssl/ ssl-certificate

问题描述

I was going through SSL Protocol and trying to understand the steps that are involved in SSL Handshake. 我正在通过SSL协议,试图理解SSL握手中涉及的步骤。

Now for authenticating the client to the server "Client Certificate 现在用于向服务器验证客户端的“客户端证书”
Authentication" is done. I want to know what actually happens in "Client 身份验证”完成。我想知道“客户端”中实际发生了什么
Certificate Authentication" in detail. 证书认证”。

1 个解决方案

解决方案1
 3  2015-12-30 16:24:18

SSL Handshake steps: SSL握手步骤:

  1. The client sends the server the client's SSL version number, cipher settings, randomly generated data, and other information the server needs to communicate with the client using SSL. 客户端向服务器发送客户端的SSL版本号,密码设置,随机生成的数据以及服务器使用SSL与客户端进行通信所需的其他信息。
  2. The server sends the client the server's SSL version number, cipher settings, randomly generated data, and other information the client needs to communicate with the server over SSL. 服务器向客户端发送服务器的SSL版本号,密码设置,随机生成的数据以及客户端通过SSL与服务器通信所需的其他信息。 The server also sends its own digital certificate and, if the client is requesting a server resource that requires client authentication, requests the client's digital certificate. 服务器还会发送自己的数字证书,如果客户端请求的服务器资源需要客户端身份验证,则服务器也会请求客户端的数字证书。
  3. The client uses the information sent by the server to authenticate the server. 客户端使用服务器发送的信息对服务器进行身份验证。 If the server cannot be authenticated, the user is warned of the problem that an encrypted and authenticated connection cannot be established. 如果无法对服务器进行身份验证,则会警告用户无法建立加密和身份验证的连接的问题。 If the server can be successfully authenticated, the client proceeds. 如果服务器可以成功通过身份验证,则客户端继续。
  4. Using all data generated in the handshake so far, the client creates the premaster secret for the session, encrypts it with the server's public key (obtained from the server's digital certificate), and sends the encrypted premaster secret to the server. 客户端使用到目前为止握手中生成的所有数据,创建会话的premaster机密,使用服务器的公共密钥(从服务器的数字证书中获得)对它进行加密,然后将加密的premaster机密发送到服务器。
  5. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. 如果服务器已请求客户端身份验证(握手过程中的可选步骤),则客户端还将对另一次握手唯一且由客户端和服务器双方都知道的数据进行签名。 In this case the client sends both the signed data and the client's own digital certificate to the server along with the encrypted premaster secret. 在这种情况下,客户端会将签名的数据和客户端自己的数字证书以及加密的premaster机密一起发送到服务器。
  6. If the server has requested client authentication, the server attempts to authenticate the client. 如果服务器已请求客户端身份验证,则服务器将尝试对客户端进行身份验证。 If the client cannot be authenticated, the session is terminated. 如果客户端无法通过身份验证,则会话将终止。 If the client can be successfully authenticated, the server uses its private key to decrypt the premaster secret, then performs a series of steps which the client also performs, starting from the same premaster secret to generate the master secret. 如果可以成功验证客户端,则服务器将使用其私钥解密premaster机密,然后执行客户端也执行的一系列步骤,从相同的premaster机密开始以生成master机密。
  7. Both the client and the server use the master secret to generate session keys which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity. 客户端和服务器都使用主密钥生成会话密钥,该密钥是对称密钥,用于加密和解密在SSL会话期间交换的信息并验证其完整性。
  8. The client informs the server that future messages from the client will be encrypted with the session key. 客户端通知服务器,来自客户端的未来消息将使用会话密钥进行加密。 It then sends a separate encrypted message indicating that the client portion of the handshake is finished. 然后,它发送一条单独的加密消息,指示握手的客户端部分已完成。
  9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. 服务器向客户端发送一条消息,通知客户端以后来自服务器的消息将使用会话密钥进行加密。 It then sends a separate encrypted message indicating that the server portion of the handshake is finished. 然后,它发送一条单独的加密消息,指示握手的服务器部分已完成。
  10. The SSL handshake is now complete, and the SSL session has begun. SSL握手现已完成,并且SSL会话已开始。 The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity. 客户端和服务器使用会话密钥对彼此发送的数据进行加密和解密,并验证其完整性。

From: http://www.pierobon.org/ssl/ch2/diagram.htm 来自: http : //www.pierobon.org/ssl/ch2/diagram.htm

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在没有证书的SSL握手中添加客户端身份验证 - Adding client authentication in SSL handshake without certificate 是在 ssl 握手期间加密的客户端证书 - Is a client certificate encrypted during the ssl handshake .NET Mutual SSL握手'客户端身份验证' - .NET Mutual SSL handshake 'Client Authentication' Openshift中具有自定义SSL证书的SSL客户端身份验证 - SSL Client Authentication in Openshift with Custom SSL Certificate 使用 c# 使用证书进行 SSL 客户端身份验证 - SSL Client Authentication with certificate using c# 使用Chrome应用中的证书进行SSL客户端身份验 - SSL Client Authentication with Certificate in Chrome App Python Selenium - 如何指定在客户端SSL身份验证中使用的客户端证书 - Python Selenium - How to specify a client certificate to use in client SSL authentication Azure Web App SSL 使用客户端证书进行身份验证 - 如何诊断 - Azure Web App SSL authentication with client certificate - how to diagnose 使用自签名 ssl 证书对 nginx 进行客户端身份验证 - Client authentication using self signed ssl certificate for nginx 在 SSL 握手中,如果服务器发送带有空“证书颁发机构”列表的 CertificateRequest,我们可以让客户端发送证书 - In SSL handshake can we make the client send a certificate if the server sends CertificateRequest with empty 'Cert Authorities' list
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM