Cassandra节点到节点和客户端到节点加密实际上如何工作?
[英]How does Cassandra node-to-node and client-to-node encryption actually work?
问题描述
I have successfully setup node-to-node and client-to-node encryption with Cassandra 3.3, including the cqlsh configuration. 
我已经使用Cassandra 3.3成功设置了节点到节点和客户端到节点的加密,包括cqlsh配置。 My questions are about how it all actually works. 我的问题是它是如何实际运作的。
In both cases I need to provide a key-certificate for each actor (node and client). 在这两种情况下,我都需要为每个参与者(节点和客户端)提供密钥证书。 Is this used for encryption or authentication? 这用于加密或身份验证吗? I strongly expect it is used for authentication only, then a symmetric key is generated for encryption. 我强烈期望它仅用于身份验证,然后生成用于加密的对称密钥。 Is this right? 这是正确的吗? In client-to-node encryption I notice that both the nodes and the clients need a key-certificate, so I assume the exchange is not only server-authenticated but also client-authenticated. 在客户端到节点加密中,我注意到节点和客户端都需要密钥证书,因此我假设交换机不仅经过服务器身份验证,而且还经过客户端身份验证。 Is this correct? 它是否正确?
Note: In the above I use "authentication" to mean that the actors can trust each other, not that they know the details of each other's identity. 注意:在上面我使用“身份验证”来表示参与者可以相互信任,而不是他们知道彼此身份的细节。 This is totally separate from how Cassandra authenticates users. 这与Cassandra对用户进行身份验证的方式完全不同。
I am asking these questions because I am thinking about using a unique self-signed certificate on all the nodes for node-to-node encryption, and another unique self-signed certificate for client-to-node encryption. 我问这些问题是因为我正在考虑在所有节点上使用唯一的自签名证书进行节点到节点加密,以及另一个用于客户端到节点加密的独特自签名证书。 If my understanding is correct this would not compromise encryption. 如果我的理解是正确的,这不会影响加密。 Is this right? 这是正确的吗?
1 个解决方案
解决方案1
2 已采纳 2016-05-12 08:03:29
Creating certificates is only mandatory for node-to-node communication. 只有节点到节点的通信才能创建证书。 Each SSL server needs to have it's own private key to ensure that all communication can only be read by the server. 每个SSL服务器都需要拥有自己的私钥,以确保所有通信只能由服务器读取。 The public certificate created along with the key will be used to authenticate the server. 与密钥一起创建的公共证书将用于验证服务器。 This is important for Cassandra nodes to avoid man-in-the-middle attacks and is implemented by checking if certificates can be authenticated through the local node's truststore. 这对于Cassandra节点来说非常重要,可以避免中间人攻击,并通过检查证书是否可以通过本地节点的信任库进行身份验证来实现。
As for client-to-node communication, authentication is optional and you don't need to create any certificate at all if you don't enable require_client_auth . 对于客户端到节点的通信,身份验证是可选的,如果不启用require_client_auth则根本不需要创建任何证书。 In this case the SSL key will be created transparently just as if you connect from your browser to an SSL protected website. 在这种情况下,SSL密钥将透明地创建,就像您从浏览器连接到受SSL保护的网站一样。 The question if you should enable client authentication or not depends on if you're going to use user logins in Cassandra or plan to use anonymous logins. 是否应启用客户端身份验证的问题取决于您是否要在Cassandra中使用用户登录或计划使用匿名登录。 In case you're using the internal Cassandra authentication process using a username and password, there's little use to also enable SSL authentication. 如果您使用用户名和密码使用内部Cassandra身份验证过程,则启用SSL身份验证几乎没有用处。
I am asking these questions because I am thinking about using a unique self-signed certificate on all the nodes for node-to-node encryption, and another unique self-signed certificate for client-to-node encryption.
If you're comfortable create a unique self-signed cert for each node and add it to each node's truststore, just go for it. 如果您愿意为每个节点创建一个独特的自签名证书并将其添加到每个节点的信任库,那就去吧。 It's probably the simplest and safest way to handle this, but will be very inconvenient for large clusters. 它可能是处理这个问题的最简单和最安全的方法,但对于大型集群来说非常不方便。 An alternative option would be to establish trust through a common CA for all your nodes. 另一种选择是通过公共CA为所有节点建立信任。 This will avoid having to import all self-signed certs to each truststore. 这将避免必须将所有自签名证书导入每个信任库。 Using a CA will make it easier to add nodes to your cluster, but also requires to establish a way to sign new certificates safely using the CA. 使用CA可以更轻松地将节点添加到群集,但还需要建立一种使用CA安全地签署新证书的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.