Friday, October 15, 2010

Solaris Cryptographic Framework password system


Solaris OS Cryptographic Framework (SCF) code system to form a seamless and transparent to the user application and kernel module to provide cryptographic services, user applications are seldom noticed and rarely subject to interference, including command, the user programming interface, the kernel programming interface, and its encryption algorithm optimization procedures, including:

AES - Advanced Encryption Standard Advanced Encryption Standard, the U.S. federal government standards, is the designated standard password system, the future users in the government and the banking industry because it Zhihangsuduo 寰堝揩 is very suitable for Yu Xian Dai needs (eg smart cards) and can use a wide range of key sizes.

ARC4 - the public implementation of RC4

Blowfish - Bruce Schneier, published in 1995, the largest 448 variable length keys.

DES - Data Encryption Standard, in 1977 formally adopted by the U.S. government, is the world's most widely used encryption algorithm. In addition to non-government, the banking industry is the largest user of encryption, the main problem is that its key length is very short, the key actually has 64, but the key is 8 bits are parity bits, DES key is actually only 56 in work, and not suited to today's situation, it has AES Advanced Encryption Standard algorithm instead.

3DES - that is Triple DES, only in a particular order of three times using two key implementation of DES, you can use three separate keys.

DH - Diffie-Hellman key agreement, by the founder of public-key cryptosystem proposed by Diffie and Hellman's an idea that allows two users to exchange information in the public media to generate "consistent", and can be shared Key

DSA - Digital Signature Algorithm is a United States Federal Government standard for digital signatures, the so-called digital signatures the sender is using its private key information from the transmission packet data in the extracted (or digital fingerprint) for RSA algorithm operations to ensure that the sender can not deny that once spoke of the information (ie non-repudiation), but also ensure that information packets to be altered by the end of the signature (ie integrity). When the recipient received the information packet, you can use the sender's public key to verify digital signatures.

HMAC - Keyed-hash message authentication code, MAC There are several methods of work. The first is in calculating the summary before the secret key and the data set to the end. If there is no secret key, you can not confirm the data unaltered. Another way to calculate more complex calculation of the hash as usual, and then use symmetric algorithms (eg DES) encryption hash. To authorize the hash, you must first decrypt it. HMAC is a type of MAC calculated using a cryptographic hash function in combination with a secret key.

MAC - Message Authentication Code Message Authentication Code, to use a key to generate a fixed-sized data blocks, and added to the message. The key can be used for authentication of suspicious data, to ensure the transmission of encrypted bit stream from malicious changes.

MD5 - Message-Digest Algorithm was developed by the Massachusetts Institute of Technology for the digital signature information - digest algorithm, so the Hash Message transformation, the transformation of arbitrary length into a 128-bit Message large integer, and it is an irreversible character string transform algorithm, MD5 typical application is to generate a digital fingerprint Message to prevent tampering, the application of digital signatures. August 17, 2004 American International Cryptology Conference, Shandong University, Professor Wang Xiaoyun cracked MD5 algorithm, and found that you can quickly find MD5 collisions, that the two documents can generate the same fingerprint.

PKCS - Public-Key Cryptography Standards from RSA Data Security Inc. U.S. and its partners developed a set of public key cryptography standards, including certificate application, certificate update, certificate invalid table release, extended the certificate and digital signatures, digital envelopes aspects of the format of a series of related agreements. PKCS PKCS # 1 has been released to the PKCS # 15.

PKCS # 5 - Password-based encryption standard, is derived by means of a security from the password encryption key string. Derived from the password using the MD5 key, and encrypted using DES-CBC mode. Mainly used to encrypt transmitted from one computer to another computer's private key, can not be used to encrypt messages.

PKCS # 11 - the definition of a technology independent programming interface for smart cards and PCMCIA cards like the encryption device.

RSA-3 Massachusetts Institute of Technology researchers have developed the most famous public key algorithm, and the first can be used for both encryption and digital signature algorithm, the export is limited. The general thinking behind the RSA will multiply two large prime numbers is very easy, but like the product of decomposition is extremely difficult for them, so you can be the product of the public as the encryption key. In 1999, with the 7 months to complete a particular RSA 512 of the median (known as RSA-155) of the factorization. As a result of large numbers are calculated, making the situation of the fastest RSA slower than DES.

RC4 - RSA's algorithm, applied to e-mail systems such as Lotus Notes and so on.

SHA-1-Secure Hash Algorithm (SHA) by the National Institute of Standards and Technology Association (National Institute of Standards and Technology) developed in 1994 released a revised version of the original algorithm, called SHA-1. Compared with the MD5, SHA-1 generates 160-bit message digest, although the slower, some see it more secure. The maximum length of plaintext messages can reach 264.

Shows Solaris in the algorithm:

# Cryptoadm list

user-level providers:

Provider: / usr / lib / security / $ ISA/pkcs11_kernel.so

Provider: / usr / lib / security / $ ISA/pkcs11_softtoken.so

kernel software providers:

des

aes

arcfour

blowfish

sha1

md5

rsa

swrand

...


# Cryptoadm list-m

user-level providers:

=====================

Provider: / usr / lib / security / $ ISA/pkcs11_kernel.so

no slots presented.

Provider: / usr / lib / security / $ ISA/pkcs11_softtoken.so

Mechanisms:

CKM_DES_CBC

CKM_DES_KEY_GEN

...

kernel software providers:

==========================

des: CKM_DES_ECB, CKM_DES_CBC, CKM_DES3_ECB, CKM_DES3_CBC

aes: CKM_AES_ECB, CKM_AES_CBC

arcfour: CKM_RC4

blowfish: CKM_BF_ECB, CKM_BF_CBC

sha1: CKM_SHA_1, CKM_SHA_1_HMAC, CKM_SHA_1_HMAC_GENERAL

md5: CKM_MD5, CKM_MD5_HMAC, CKM_MD5_HMAC_GENERAL

rsa: CKM_RSA_PKCS, CKM_RSA_X_509, CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS

swrand: No mechanisms presented.

# Mac-l

Algorithm Keysize: Min Max (bits)

------------------------------------------

des_mac 64 64

sha1_hmac 8 512

md5_hmac 8 512

# Encrypt-l

Algorithm Keysize: Min Max (bits)

------------------------------------------

aes 128 128

arcfour 8 128

des 64 64

3des 192 192

Use colorful, such as the use of DES encryption method, so the file system backup and recovery:

# Ufsdump 0f - / var | encrypt-a des-k / etc / mykeys / backup.k | dd of = / dev/rmt/0

# Decrypt-a des-k / etc / mykeys / backup-i / dev/rmt/0 | ufsrestore vf -






相关链接:



Holiday PROMOTION: how to make the cost may change from control



TOMCAT And IIS Integration



Shenzhen Julong year launched China's first six-generation LCD line



Picked Audio CD Burners



Specialist Audio And Multimedia



DivX to iPhone



Listed six Prominent force in the award-winning character Aisino A6



epsxe missing zlib1 dll error fix IT now



Single-core Conroe two series were NAMED Pentium, Celeron



AVI To MOV



Command & Conquer 3 - The Most Difficult Opponents Experience



Easy Help TOOLS



Premier Search Or Lookup Tools



Ambiguous "message" Mostly Huafei Trap



VOB To WMV



Do not worry! Three-trick to help you pick a good memory