Crypto Terms: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „Cipher suites Architectural overview A cipher suite is a standardized collection of key exchange algorithms, encryption algorithms (ciphers) and Message authe…“) |
|||
| Zeile 5: | Zeile 5: | ||
schemes. It consists of the following components: | schemes. It consists of the following components: | ||
| − | + | ==Key exchange protocol== | |
| + | “An (interactive) key exchange protocol is a method whereby parties who | ||
do not share any secret information can generate a shared, secret key by communicating over | do not share any secret information can generate a shared, secret key by communicating over | ||
a public channel. The main property guaranteed here is that an eavesdropping adversary | a public channel. The main property guaranteed here is that an eavesdropping adversary | ||
who sees all the messages sent over the communication line does not learn anything about | who sees all the messages sent over the communication line does not learn anything about | ||
the resulting secret key.” [KL08] | the resulting secret key.” [KL08] | ||
| − | Example: DHE | + | *Example: DHE |
| − | + | ==Authentication== | |
| + | The client authenticates the server by its certificate. Optionally the server may | ||
authenticate the client certificate. | authenticate the client certificate. | ||
| − | Example: RSA | + | *Example: RSA |
| − | + | ==Cipher== | |
| + | The cipher is used to encrypt the message stream. It also contains the key size and mode | ||
used by the suite. | used by the suite. | ||
| − | Example: AES256 | + | *Example: AES256 |
| − | + | ==Message authentication code (MAC)== | |
| − | with (integrity). | + | A MAC ensures that the message has not been tampered with (integrity). |
| − | Examples: SHA256 | + | *Examples: SHA256 |
| − | + | ==Authenticated Encryption with Associated Data (AEAD)== | |
| + | AEAD is a class of authenticated encryption | ||
block-cipher modes which take care of encryption as well as authentication (e.g. GCM, | block-cipher modes which take care of encryption as well as authentication (e.g. GCM, | ||
CCM mode). | CCM mode). | ||
| − | Example: AES256-GCM | + | *Example: AES256-GCM |
| − | DHE – RSA – AES256 – SHA256 | + | |
| − | + | =Composition of a typical cipher string= | |
| + | *DHE – RSA – AES256 – SHA256 | ||
Version vom 14. November 2018, 20:26 Uhr
Cipher suites Architectural overview
A cipher suite is a standardized collection of key exchange algorithms, encryption algorithms (ciphers) and Message authentication codes (MAC) algorithm that provides authenticated encryption schemes. It consists of the following components:
Key exchange protocol
“An (interactive) key exchange protocol is a method whereby parties who do not share any secret information can generate a shared, secret key by communicating over a public channel. The main property guaranteed here is that an eavesdropping adversary who sees all the messages sent over the communication line does not learn anything about the resulting secret key.” [KL08]
- Example: DHE
Authentication
The client authenticates the server by its certificate. Optionally the server may authenticate the client certificate.
- Example: RSA
Cipher
The cipher is used to encrypt the message stream. It also contains the key size and mode used by the suite.
- Example: AES256
Message authentication code (MAC)
A MAC ensures that the message has not been tampered with (integrity).
- Examples: SHA256
Authenticated Encryption with Associated Data (AEAD)
AEAD is a class of authenticated encryption block-cipher modes which take care of encryption as well as authentication (e.g. GCM, CCM mode).
- Example: AES256-GCM
Composition of a typical cipher string
- DHE – RSA – AES256 – SHA256