我一整天都在努力寻找这个问题的答案。我用谷歌搜索,询问了知情人士,搜索了 SSL 证书供应商的网站等等。也许我的搜索今天失败了。无论如何......
所有 SSL 证书供应商都声称他们的 SSL 证书“支持最高级别”的加密。他们指的这个高级是 128 位到 256 位,而不是 40、56 等。
现在,据我了解,SSL 加密有两个部分。您通常将非对称公钥设置为 2048 位。很明显,这是在 SSL 证书中,并且其长度是显而易见的。另一部分是初始握手后传递的对称加密密钥。我在任何 SSL 证书中都没有看到任何提及这一点。
使用哪种对称加密算法取决于客户端(浏览器)和服务器的密码套件。如果它们都支持256位加密,那么就会使用它。
据我所知,在 90 年代,出口限制已经到位,出口的浏览器被限制为 40 位。为此,有一些特殊的解决方法,例如 SGC 证书。这在旧浏览器上仍然需要。除此之外,现代浏览器仅支持 256 位。
在我看来,那些声称他们的证书支持“高加密”的供应商只是在撒一个善意的谎言。他们的证书确实支持它,因为它与证书本身无关(现在)。这是正确的还是我对此完全不感兴趣?
如果我确实完全是妄想,并且在证书中指定了对称加密,那么应该可以创建一个具有此功能的自签名证书,对吗?是否有可能创建一个不支持强加密的系统?如果我能找到执行此操作的说明,这将有助于我理解。是否可以?我之前创建了许多自签名证书,并使用我自己的 CA 证书签署 CSR,但我从未见过任何指定支持的加密强度的配置。
环顾内网并没有帮助。人们要么在对称密钥(40、56、128、256)的上下文中谈论密钥强度,要么在非对称密钥(512、1024、2048)的上下文中谈论密钥强度,但从不谈论两者并解释其差异。
一个论坛中的某人会说您需要获得 256 位证书,然后在下一个论坛中有人说您需要 2048 位证书,尽管所有 SSL 证书供应商都声称仅支持最高 256 位。
我的印象是,人们对它的工作原理存在很多误解。那个或所有的误解都在我可怜的头脑里。
抱歉,这篇文章太长了,但我想了解这一点。
谢谢,
汤姆...
I have been trying to find the answer to this all day. I have googled, asked people in the know, trawled sites for SSL Cert vendors etc etc etc. Maybe my search-fu is just failing today. Anyway...
All the SSL cert vendors make claims that their SSL certificates 'support the highest level' of encryption. This high level that they refer to is 128bits to 256bits, as opposed to 40, 56 etc.
Now, as I understand it, there are two parts to SSL encryption. There is your asymmetric public key that you would typically set to 2048bits. It is clear that this is in the SSL cert and its length is obvious. The other part is the symmetric encryption keys that get passed after the initial handshake. I don't see any mention of this in any SSL certs.
The decision on which symmetric encryption algorithm is used is based on the cipher suites of the client(browser) and the server. If they both support 256bit encryption, then it will be used.
I do understand that in the 90's, the export restrictions were in place and exported browsers were restricted to 40bits. For this, there were special workarounds such as SGC certs. This is still needed on older browsers. That aside, a modern browser simply just supports 256bits.
It seems to me that the vendors claiming that their certs support 'high encryption' are just telling a white lie. Their certs do indeed support it as it has nothing to do with the cert itself (these days). Is this correct or am I completely off ball on this?
If I am indeed completely delusional and the symmetric encryption is specified in the cert, it should be possible to create a self signed cert that has this, right? Is it possible to create one that does not support strong encryption? It would help me understand if I could find instruction to do this. Is it possible? I have created many self signed certs before and sign CSR's with my own CA cert, yet I have never seen any configuration where you specify supported encryption strengths.
Looking around the intarwebs has not helped. People either talk about key strength in the context of the symmetric keys (40, 56, 128, 256) or they talk in the context of the asymmetric keys (512, 1024, 2048), but never about both and explain the difference.
Someone in one forum will say you need to get a 256bit certificate and then in the next forum along someone says you need a 2048bit cert, even though all the SSL cert vendors claim to only support up to 256bit.
I get the impression there is a lot of misunderstanding out there about how this works. That or all the misunderstanding is in my poor head.
Sorry it was such a long one, but I want to understand this.
Thanks,
Tom...
发布评论
评论(2)
好的,所以我找到了答案。谈论回答你自己的问题!周五我的大脑太疲惫了,所以我错过了这个小花絮。
来自http://www.openssl.org/support/faq.html#USER14
这证实了我的要求。目前,高强度加密没有“附加支持”,因为它是默认设置。所有供应商网站上的使用仅仅是一种营销行为。不是说谎,而是不必要地引起人们对默认值的关注,就像这是他们的一个功能一样。
OK, so I found the answer. Talk about answering your own questions! My brain was too frazzled on Friday so I missed this little tidbit.
From http://www.openssl.org/support/faq.html#USER14
This confirms what I am asking. In current times, there is no 'added support' for high strength encryption as it is the default. The usage on all the vendor websites is merely a marketing thing. Not lying, but needlessly bringing attention to the default values like it's a feature of theirs.
我认为你所有的评论都是正确的。当提供“最高级别”的安全强度时,在我看来,这很大程度上是一种营销噱头。否则,安全性的强度确实与 CA 检查/确认您所声称的身份的仔细程度有关。任何像糖果一样发放证书的 CA 实际上提供的安全性都非常有限。尽管如此,这反映了安全的程序因素而不是技术因素。
我同意你的观点,我不认为有办法指定预期或要求的对称密钥大小。当然,可以指定密钥适用的用途(文件签名、SSL 等),但这也与安全强度不同。
I think all your commentary is correct. When the "highest level" of security-strength is provided, it seems to me it is largely a marketing gimmick. Otherwise the strength of the security does have something to do with how carefully the CA checks / confirms your claimed identity. Any CA that hands out certificates like candy is effectively offering very little in the way of security. Still, this reflects a procedural element of security rather than technical.
I agree with you, I don't believe there is a way to specify an expected or demanded symmetric key size. Certainly there is the ability to specify what usage to which the key is applicable (file-signing, SSL, etc.) but that is also not the same thing as security strength.