PKCS规范培训PPT学习教案

1、会计学1PKCS规范培训规范培训第1页/共129页第2页/共129页第3页/共129页第4页/共129页第5页/共129页第6页/共129页第7页/共129页7816-1/2/3/4/5/6/8ASN.1PKCS-1/13/14/15, 7816-15, DES, AES, SHA,MD2,MD5,PKCS-11, CSPX509, PKCS-3/5/7/8/9/10/12SSL, S/MIME IE, Outlook, Foxmail, Word, Netscape, Mozilla, Firefox, Thunderbird第8页/共129页第9页/共129页Other Security

2、LayersApplication 1CryptokiOther Security LayersApplication kCryptokiDevice Contention/SynchronizationSlot 1Token 1(Device 1)Slot nToken n(Device n)第10页/共129页ObjectCertificateKeyDataSecret KeyPrivate KeyPublic Key令牌逻辑视图是一个能存储对象和能执行密码函数的设备令牌逻辑视图是一个能存储对象和能执行密码函数的设备 第11页/共129页函数接口概述函数接口概述通用目的函数通用目的函数第1

3、2页/共129页函数接口概述函数接口概述槽和令牌管理函槽和令牌管理函数数第13页/共129页函数接口概述函数接口概述会话管理函数会话管理函数第14页/共129页函数接口概述函数接口概述对象管理函数对象管理函数第15页/共129页函数接口概述函数接口概述加密和解密函数加密和解密函数第16页/共129页函数接口概述函数接口概述摘要计算函数摘要计算函数第17页/共129页函数接口概述函数接口概述签名和签名和MAC计算函数计算函数第18页/共129页函数接口概述函数接口概述签名和签名和MAC验证函数验证函数第19页/共129页函数接口概述函数接口概述双功能密码函数双功能密码函数第20页/共129页函数

4、接口概述函数接口概述密钥管理函数密钥管理函数第21页/共129页函数接口概述函数接口概述其他函数其他函数第22页/共129页第23页/共129页第24页/共129页第25页/共129页3.2 Object 对象 证书 密钥 数据 保密密钥 私有密钥 公共密钥 对象的层次结构 第26页/共129页3.2 ObjectToken对象对象Sesssion对象对象Public对象对象Private对象对象第27页/共129页 3.3 Attribute对象包括一套属性，每个对象都具有一个给定值。一个对对象包括一套属性，每个对象都具有一个给定值。一个对象处理的每个属性都有一个唯一确定的值。象处理的每个属

5、性都有一个唯一确定的值。 第28页/共129页第29页/共129页第30页/共129页 3.4 Users PKCS11识别两种令牌用户类型。一个类型就是安全官员（识别两种令牌用户类型。一个类型就是安全官员（SO）。另一个类型就是普通用户。只有普通用户才能访问令）。另一个类型就是普通用户。只有普通用户才能访问令牌上的私有对象，而且只有普通用户在得到授权后才能进行牌上的私有对象，而且只有普通用户在得到授权后才能进行这种访问。这种访问。 一些令牌可能需要用户在执行令牌上的任意密码一些令牌可能需要用户在执行令牌上的任意密码功能之前得到授权，不管令牌是否涉及私有对象。功能之前得到授权，不管令牌是否涉及

6、私有对象。SO的作用的作用是初始化一个令牌，设置普通用户的是初始化一个令牌，设置普通用户的PIN（或由（或由Cryptoki版版本以外的方式确定普通用户怎样得到授权），或许还要操作本以外的方式确定普通用户怎样得到授权），或许还要操作某些公共对象。普通用户只有在某些公共对象。普通用户只有在SO设置普通用户的设置普通用户的PIN以后以后才能注册。才能注册。 第31页/共129页 会话在应用程序和令牌之间提供一个逻辑连接。会话在应用程序和令牌之间提供一个逻辑连接。 Cryptoki 需需要用令牌打开一个以上的会话以便使用令牌的对象和函数。会要用令牌打开一个以上的会话以便使用令牌的对象和函数。会话可以

7、是读话可以是读/写（写（R/W）会话，也可以是只读（）会话，也可以是只读（R/O）会话。读）会话。读/写和只读指的是通向令牌对象的入口，而不是会话对象。在这写和只读指的是通向令牌对象的入口，而不是会话对象。在这两种会话类型下，应用程序能够创建、读、写和破坏会话对象两种会话类型下，应用程序能够创建、读、写和破坏会话对象。但是，只有在读。但是，只有在读/写会话中，应用程序能够创建、修改和破坏写会话中，应用程序能够创建、修改和破坏令牌对象。令牌对象。第32页/共129页 打开一个会话后，应用程序便可访问令牌的公共对象。所给应用程序的所有线程可访问相同会话和相同会话对象。为了访问令牌私有对象，不同用户

8、必须先登录并得到授权。打开一个会话后，应用程序便可访问令牌的公共对象。所给应用程序的所有线程可访问相同会话和相同会话对象。为了访问令牌私有对象，不同用户必须先登录并得到授权。 当关闭一个会话后，在该会话过程中创建的任何会话对象都会被破坏。这甚至适用于其它会话正在使用的会话对象。如果单个应用程序打开同一令牌的多个会话，并使用其中一个创建会话对象，那么这些会话对象就可以被该应用程序的所有会话看到。但是，当创建对象的会话关闭时，对象也被破坏了。当关闭一个会话后，在该会话过程中创建的任何会话对象都会被破坏。这甚至适用于其它会话正在使用的会话对象。如果单个应用程序打开同一令牌的多个会话，并使用其中一个创

9、建会话对象，那么这些会话对象就可以被该应用程序的所有会话看到。但是，当创建对象的会话关闭时，对象也被破坏了。 Cryptoki 支持在多令牌上的多个会话。应用程序可以和一个以上的令牌进行一个以上的会话。一个令牌可以和一个以上的应用程序进行多个会话。但是，一个特定的令牌可能要求应用程序只能有限定数量的会话，或只能有限定数量的读支持在多令牌上的多个会话。应用程序可以和一个以上的令牌进行一个以上的会话。一个令牌可以和一个以上的应用程序进行多个会话。但是，一个特定的令牌可能要求应用程序只能有限定数量的会话，或只能有限定数量的读/写会话。写会话。第33页/共129页 R/O Public Session

10、 R/O User Functions Login User Logout Open Session Open Session Close Session/ Device Removed Close Session/ Device Removed 状态转换状态转换 只读会话只读会话第34页/共129页State State Description Description R/O Public R/O Public Session Session The application has opened a read-only session. The The application has ope

11、ned a read-only session. The application has read-only access to public token application has read-only access to public token objects and read/write access to public session objects and read/write access to public session objects.objects.R/O User R/O User Functions Functions The normal user has bee

12、n authenticated to the The normal user has been authenticated to the token. The application has read-only access to all token. The application has read-only access to all token objects (public or private) and read/write token objects (public or private) and read/write access to all session objects (

13、public or private). access to all session objects (public or private). RO sessionRO sessionNote: Read-Only SO Session do not exists.第35页/共129页 R/W SO Functions R/W Public Session Login SO Logout Open Session Open Session Close Session/ Device Removed Close Session/ Device Removed R/W User Functions

14、Login User Logout Open Session Close Session/ Device Removed 状态转换状态转换 读写会话读写会话第36页/共129页StateStateDescription Description R/W Public R/W Public Session Session The application has opened a read/write session. The application has opened a read/write session. The application has read/write access to a

15、ll public The application has read/write access to all public objects.objects.R/W SO R/W SO Functions Functions The Security Officer has been authenticated to the The Security Officer has been authenticated to the token. The application has read/write access only token. The application has read/writ

16、e access only to public objects on the token, not to private to public objects on the token, not to private objects. The SO can set the normal users PIN.objects. The SO can set the normal users PIN.R/W User R/W User Functions Functions The normal user has been authenticated to the The normal user ha

17、s been authenticated to the token. The application has read/write access to all token. The application has read/write access to all objects. objects. III.III. 基本概念基本概念状态转换状态转换第37页/共129页Type of objectType of sessionR/O PublicR/W PublicR/O UserR/W UserR/W SOPublic session objectR/WR/WR/WR/WR/WPrivate

18、session objectR/WR/WPublic token objectR/OR/WR/OR/WR/WPrivate token objectR/OR/WIII.III. 基本概念基本概念状态转换状态转换第38页/共129页第39页/共129页第40页/共129页III.III. 基本概念基本概念机制机制3.7 Mechanism第41页/共129页3.8 3.8 应用程序与多线程应用程序与多线程III.III. 基本概念基本概念第42页/共129页第43页/共129页IV IV 典型对象属性分析典型对象属性分析第44页/共129页IV IV 典型对象属性分析典型对象属性分析第45页/共

19、129页AttributeData TypeMeaningCKA_CLASSCK_OBJECT_CLASSObject class (type) 第46页/共129页AttributeData TypeMeaningCKA_TOKENCK_BBOOLCK_TRUE if object is a token object; CK_FALSE if object is a session object. Default is CK_FALSE.CKA_PRIVATECK_BBOOLCK_TRUE if object is a private object; CK_FALSE if object i

20、s a public object. Default value is token-specific, and may depend on the values of other attributes of the object.CKA_MODIFIABLECK_BBOOLCK_TRUE if object can be modified Default is CK_TRUE.CKA_LABELRFC2279 stringDescription of the object (default empty).当对象创建以后，只有CKA_TOKEN值可以被修改第47页/共129页AttributeD

21、ata typeMeaningCKA_APPLICATIONRFC2279 stringDescription of the application that manages the object (default empty)CKA_OBJECT_IDByte ArrayDER-encoding of the object identifier indicating the data object type (default empty)CKA_VALUEByte arrayValue of the object (default empty)第48页/共129页AttributeData

22、typeMeaningCKA_CERTIFICATE_TYPE1CK_CERTIFICATE_TYPEType of certificateCKA_TRUSTED10 CK_BBOOLThe certificate can be trusted for the application that it was created.CKA_CERTIFICATE_CATEGORYCK_ULONGCategorization of the certificate:0 = unspecified (default value), 1 = token user, 2 = authority, 3 = oth

23、er entityCKA_CHECK_VALUEByte arrayChecksumCKA_START_DATECK_DATEStart date for the certificate (default empty)CKA_END_DATE CK_DATE End date for the certificate (default empty)第49页/共129页AttributeData typeMeaningCKA_SUBJECT1Byte arrayDER-encoding of the certificate subject nameCKA_IDByte arrayKey ident

24、ifier for public/private key pair (default empty)CKA_ISSUERByte arrayDER-encoding of the certificate issuer name (default empty)CKA_SERIAL_NUMBERByte arrayDER-encoding of the certificate serial number (default empty)CKA_VALUE1Byte arrayBER-encoding of the certificateCKA_URL3RFC2279 stringIf not empt

25、y this attribute gives the URL where the complete certificate can be obtained (default empty)CKA_HASH_OF_SUBJECT_PUBLIC_KEY4Byte arraySHA-1 hash of the subject public key (default empty)CKA_HASH_OF_ISSUER_PUBLIC_KEY4Byte arraySHA-1 hash of the issuer public key (default empty)CKA_JAVA_MIDP_SECURITY_

26、DOMAINCK_ULONGJava MIDP security domain: 0 = unspecified (default value), 1 = manufacturer, 2 = operator, 3 = third party第50页/共129页AttributeData typeMeaningCKA_SUBJECT1Byte arrayWTLS-encoding (Identifier type) of the certificate subject CKA_ISSUER2Byte arrayWTLS-encoding (Identifier type) of the cer

27、tificate issuer (default empty)CKA_VALUEByte arrayWTLS-encoding of the certificateCKA_URL3RFC2279 stringIf not empty this attribute gives the URL where the complete certificate can be obtainedCKA_HASH_OF_SUBJECT_PUBLIC_KEY4Byte arraySHA-1 hash of the subject public key (default empty)CKA_HASH_OF_ISS

28、UER_PUBLIC_KEY4Byte arraySHA-1 hash of the issuer public key (default empty)第51页/共129页AttributeData TypeMeaningCKA_OWNER1Byte ArrayDER-encoding of the attribute certificates subject field. This is distinct from the CKA_SUBJECT attribute contained in CKC_X_509 certificates because the ASN.1 syntax an

29、d encoding are different.CKA_AC_ISSUERByte ArrayDER-encoding of the attribute certificates issuer field. This is distinct from the CKA_ISSUER attribute contained in CKC_X_509 certificates because the ASN.1 syntax and encoding are different. (default empty)CKA_SERIAL_NUMBERByte ArrayDER-encoding of t

30、he certificate serial number. (default empty)CKA_ATTR_TYPESByte ArrayBER-encoding of a sequence of object identifier values corresponding to the attribute types contained in the certificate. When present, this field offers an opportunity for applications to search for a particular attribute certific

31、ate without fetching and parsing the certificate itself. (default empty)CKA_VALUE1Byte ArrayBER-encoding of the certificate.第52页/共129页AttributeData TypeMeaningCKA_KEY_TYPE1,5 CK_KEY_TYPEType of keyCKA_ID8Byte arrayKey identifier for key (default empty)CKA_START_DATE8CK_DATEStart date for the key (de

32、fault empty)CKA_END_DATE8CK_DATEEnd date for the key (default empty)CKA_DERIVE8CK_BBOOLCK_TRUE if key supports key derivation (i.e., if other keys can be derived from this one (default CK_FALSE)CKA_LOCAL2,4,6 CK_BBOOLCK_TRUE only if key was either1.generated locally (i.e., on the token) with a C_Gen

33、erateKey or C_GenerateKeyPair call2.created with a C_CopyObject call as a copy of a key which had its CKA_LOCAL attribute set to CK_TRUECKA_KEY_GEN_MECHANISM2,4,6 CK_MECHANISM_TYPEIdentifier of the mechanism used to generate the key material.CKA_ALLOWED_MECHANISMSCK_MECHANISM_TYPE _PTR, pointer to a

34、 CK_MECHANISM_TYPE arrayA list of mechanisms allowed to be used with this key. The number of mechanisms in the array is the ulValueLen component of the attribute divided by the sizeof CK_MECHANISM_TYPE.第53页/共129页AttributeData typeMeaningCKA_SUBJECT 8Byte arrayDER-encoding of the key subject name (de

35、fault empty)CKA_ENCRYPT 8CK_BBOOLCK_TRUE if key supports encryption9CKA_VERIFY 8CK_BBOOLCK_TRUE if key supports verification where the signature is an appendix to the data9CKA_VERIFY_RECOVER 8CK_BBOOLCK_TRUE if key supports verification where the data is recovered from the signature9CKA_WRAP 8CK_BBO

36、OLCK_TRUE if key supports wrapping (i.e., can be used to wrap other keys)9CKA_TRUSTED10CK_BBOOLThe key can be trusted for the application that it was created.The wrapping key can be used to wrap keys with CKA_WRAP_WITH_TRUSTED set to CK_TRUE.CKA_WRAP_TEMPLATECK_ATTRIBUTE_PTRFor wrapping keys. The at

37、tribute template to match against any keys wrapped using this wrapping key. Keys that do not match cannot be wrapped. The number of attributes in the array is the ulValueLen component of the attribute divided by the size of CK_ATTRIBUTE.第54页/共129页第55页/共129页AttributeData typeMeaningCKA_SUBJECT8Byte a

38、rrayDER-encoding of certificate subject name (default empty)CKA_SENSITIVE8CK_BBOOLCK_TRUE if key is sensitive9 CKA_DECRYPT8CK_BBOOLCK_TRUE if key supports decryption9CKA_SIGN8CK_BBOOLCK_TRUE if key supports signatures where the signature is an appendix to the data9CKA_SIGN_RECOVER8CK_BBOOLCK_TRUE if

39、 key supports signatures where the data can be recovered from the signature9CKA_UNWRAP8CK_BBOOLCK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys)9CKA_EXTRACTABLE 8，12CK_BBOOLCK_TRUE if key is extractable and can be wrapped 9CKA_ALWAYS_SENSITIVE 2，4，6CK_BBOOLCK_TRUE if key ha

40、s always had the CKA_SENSITIVE attribute set to CK_TRUECKA_NEVER_EXTRACTABLE 2，4，6CK_BBOOLCK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE第56页/共129页AttributeData TypeMeaningCKA_WRAP_WITH_TRUSTED11CK_BBOOLCK_TRUE if the key can only be wrapped with a wrapping key that has CKA

41、_TRUSTED set to CK_TRUE.Default is CK_FALSE.CKA_UNWRAP_TEMPLATECK_ATTRIBUTE_PTRFor wrapping keys. The attribute template to apply to any keys unwrapped using this wrapping key. Any user supplied template is applied after this template as if the object has already been created. The number of attribut

42、es in the array is the ulValueLen component of the attribute divided by the size ofCK_ATTRIBUTE.CKA_ALWAYS_AUTHENTICATECK_BBOOLIf CK_TRUE, the user has to supply the PIN for each use (sign or decrypt) with the key. Default is CK_FALSE.第57页/共129页第58页/共129页AttributeData TypeMeaningCKA_SENSITIVE8,11 CK

43、_BBOOLCK_TRUE if object is sensitive (default CK_FALSE)CKA_ENCRYPT8CK_BBOOLCK_TRUE if key supports encryption9CKA_DECRYPT8CK_BBOOLCK_TRUE if key supports decryption9CKA_SIGN8CK_BBOOLCK_TRUE if key supports signatures (i.e., authentication codes) where the signature is an appendix to the data9CKA_VER

44、IFY8CK_BBOOLCK_TRUE if key supports verification (i.e., of authentication codes) where the signature is an appendix to the data9CKA_WRAP8CK_BBOOLCK_TRUE if key supports wrapping (i.e., can be used to wrap other keys)9CKA_UNWRAP8 CK_BBOOL CK_TRUE if key supports unwrapping (i.e., can be used to unwra

45、p other keys)9CKA_ALWAYS_SENSITIVE2,4,6CK_BBOOL CK_TRUE if key is extractable and can be wrapped 9 CKA_NEVER_EXTRACTABLE2,4,6CK_BBOOL CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE 第59页/共129页AttributeData TypeMeaningCKA_CHECK_VALUEByte arrayKey checksumCKA_WRAP_WITH_TRUSTED11CK_BBOOLCK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TR