什么是私钥挑战?
当我阅读有关智能卡的内容时,我遇到了这个术语,称为私钥挑战。
私钥质询 - 确保证书绑定到其颁发的令牌并且未被复制或克隆。
这个私钥挑战将如何完成?
谢谢和问候,
阳光。
When i reading about smartcards i came across this term called private key challenge.
Private key challenge – to ensure the certificate is bound to the token to which it was issued and has not been copied or cloned.
How this Private Key Challenge will be done ?
Thanks and Regards,
Sunny.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
据我所知,这通常是通过向系统提供一个随机数(曾经使用过的数字......随机数)并要求它将此数字作为加密函数的输入来完成的,该加密函数需要属于被挑战的证书的私钥:
对于加密内容,您通常会获取您的随机数,对其进行加密并将密文移交给受挑战的系统...如果系统可以解密您的随机数(并将其返还给您),它就可以访问私钥...
在签名场景中,您交出您的明文随机数,并且系统必须对其进行签名...如果签名有效,系统就可以访问私钥,
当然对于现实世界的应用程序,您将需要扩展此方案以避免回放攻击,中间人, ETC。
from what i know this is usually done by providing a nonce (number once used ... a random number) to a system and asking it to take this number as input for a cryptographic function that needs the private key that belongs to the challanged certificate:
for encryption stuff you usually take your nonce, encrypt it and hand over the cyphertext to the challanged system ... if the system can decrypt your nonce (and give it back to you), it has access to the private key ...
in a signing scenario you hand over your plaintext nonce, and the system has to sign it ... if the signature is valid, the system has access to the private key
of course for a real world application you will want to extend this scheme to avoid playback attacks, man in the middle, etc.