证书如何避免中间人攻击?

发布于 2024-09-27 17:39:31 字数 511 浏览 11 评论 0原文

我还有一个关于网络安全的问题。 如果我理解正确的话,证书是为了识别你的真实身份。所以中间人的攻击是不可能的。 但是当我看到这张图片时:

http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Digital_Signature_diagram.svg/800px-Digital_Signature_diagram.svg.png

我认为中间人攻击是可能的。您可以将签名、证书与数据分开。用你的假数据制作你自己的签名,并将带有假签名(但正确的证书)的假数据发送到服务器/客户端。

在这张图片中我也不明白的是在验证方面检查证书的地方。

谢谢。

SC男孩

I have another question to security in the web.
If I understand it correctly certificates are for identify who you really are. So the man in the middle attack isn't possible.
But when I see this image:

http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Digital_Signature_diagram.svg/800px-Digital_Signature_diagram.svg.png

I think a man in the middle attack is possible. You could split the Signature, the certificate from the data. Make your own signature with your fake data and send the fake data with the fake signature (but the right certificate) to the server/client.

What I also not understand in this picture is where the certificate gets checked, on the verification side.

thanks.

SCBoy

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

野生奥特曼 2024-10-04 17:39:31

用你的虚假数据制作你自己的签名,并将带有虚假签名(但正确的证书)的虚假数据发送到服务器/客户端。

问题是接收者会查看伪造的签名,发现它与真实发送者的证书不匹配。

仅当您拥有该证书的正确私钥时,您才能创建与给定证书匹配的签名(即使证书本身是公开的,这就是非对称加密的魔力)。该私钥由证书所有者(消息的原始发送者)保密。

通过提前分发受信任的证书来防止中间人。
您必须信任证书的真实性,可以直接信任它们(根证书),也可以信任证书上通往您信任的签名的一系列签名。

如果中间人能让你相信他的假证书是真的,那么整个系统就会失败。

Make your own signature with your fake data and send the fake data with the fake signature (but the right certificate) to the server/client.

The problem is that the receiver will then look at the fake signature and see that it does not match the certificate of the real sender.

You can only create signatures that match a given certificate when you have the correct private key for that certificate (even though the certificate itself is public, that is the magic of asymmetric cryptography). This private key is being kept secret by the owner of the certificate (the original sender of the message).

The man-in-the-middle is prevented by distributing trusted certificates in advance.
You have to trust the authenticity of the certificates, either by trusting them directly (root certificates) or by trusting a chain of signatures on the certificate leading up to one that you trust.

If the man in the middle can make you believe that his fake certificate is the real deal, then the whole system fails.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文