- å ¬é鵿巿¹åŒã®çš®é¡ãšæŠèŠ
- RSA å ¬ééµ/ç§å¯éµã®ä»çµã¿ãåãããããå³è§£
- å ±é鵿巿¹åŒãšå ¬é鵿巿¹åŒã®æ¯èŒãã¡ãªããã»ãã¡ãªãã
- äžçªèº«è¿ãªå ·äœäŸãhttps (SSL/TLS) ãžã®å¿çš
- ãã®ä»ã®æåãªäœ¿çšäŸãSSH ãžã®å¿çš
- ç§å¯éµã®ã»ãã¥ãªãã£ããã¹ãã¬ãŒãºã®å¿ èŠæ§
- IT/ã€ã³ãã©ãšã³ãžãã¢ã®å°äœãšã¹ãã«åäžã®ããã«
å ¬é鵿巿¹åŒã®çš®é¡ãšæŠèŠ
å ¬é鵿巿¹åŒã«ã¯ããã€ãçš®é¡ããããŸããããã®èšäºã§ã¡ã€ã³ã«èª¬æããã®ã¯ãRSAãã®æŠèŠã§ãã
åçš®å ¬ééµã®æŠèŠã¯ä»¥äžã®éãã§ãã
ãã®ä»ã«éèŠãªå ¬é鵿巿¹åŒãšããŠãDiffie Hellman (DH) éµäº€æãããããŸãããDH éµäº€æã®ä»çµã¿ã«ã€ããŠã¯ä»¥äžãåç §äžããã

RSA å ¬ééµ/ç§å¯éµã®ä»çµã¿ãåãããããå³è§£
ãŸã㯠RSA ã®å ¬ééµ/ç§å¯éµã«ã€ããŠèª¬æããŸãã
ç¹å®ã®ãµãŒã A ãç§å¯éµãæã¡ãä»»æã®ã¯ã©ã€ã¢ã³ãããã®å¯Ÿãšãªãå ¬ééµ (ãµãŒã A ã®å ¬ééµ) ãæã£ãŠãããšããŸãã
å ¬ééµã䜿ã£ãŠæå·åãããšç§å¯éµã§ã®ã¿åŸ©å·ã§ããŸããç§å¯éµã¯ååãµãŒã A 以å€ã«ã¯ç¥ãããªãããããµãŒã A ã®ã¿ã埩å·ã§ããæ©å¯æ§ã確ä¿ã§ããŸãã
éã«ãç§å¯éµã䜿ã£ãŠæå·åãããšãå ¬ééµã§ã®ã¿åŸ©å·ã§ããŸããå ¬ééµã¯åºãç¥ãããåæã§ãããããæ©å¯æ§ã®ç¢ºä¿ã¯ã§ããŸããããããµãŒã A ã®å ¬ééµã§åŸ©å·ã§ãããéä¿¡ãšããã®ã¯ããçºä¿¡æºãééããªããµãŒã A ã§ãããå å®¹ã¯æ¹ç«ãããŠããªãããšããå®å šæ§ã»çæ£æ§ã確ä¿ã§ããŸãã
ããã¯äž»ã«ãããžã¿ã«çœ²å (Digital-Signature)ãã§äœ¿ãããŸãã
ãªããäžå³ã¯ãRSA ã§ããžã¿ã«çœ²åãè¡ãå Žåãã®è©±ã§ãããDSA,ECDSA,EdDSA ã§ããžã¿ã«çœ²åãè¡ãå Žåããããã¯çœ²åå°çšã®ã¢ã«ãŽãªãºã ã§ãããããããããæå·å/埩å·ããæ©èœããããŸããããç§å¯éµã§çœ²åããããå ¬ééµã§æ€èšŒãããæ©èœã®ã¿ã§ãã
ããžã¿ã«çœ²åã®è©³çްã«ã€ããŠã¯ä»¥äžããåç §äžããã

äœã«ãããRSA ã§ã¯ãã®æ§è³ªãå©çšãããµãŒãã«å ¬ééµåã³ç§å¯éµãã€ã³ã¹ããŒã«ããããšã§ã以äžã®ããšãã§ããããã«ãªããŸãã
ä»»æã®ã¯ã©ã€ã¢ã³ãããç¹å®ã®ãµãŒã A ãžã®éä¿¡ã®æ©å¯æ§ç¢ºä¿
ãµãŒã A ã«äžå¯Ÿã®å ¬ééµãšç§å¯éµãã€ã³ã¹ããŒã«ããŸãããããŠéä¿¡ããããã¯ã©ã€ã¢ã³ããçŸãããããã®ã¯ã©ã€ã¢ã³ãã«å ¬ééµãé åžããŸãããã®ã¯ã©ã€ã¢ã³ãã¯éä¿¡å 容ãå ¬ééµã§æå·åãããäžã§ãµãŒã A ãžéä¿¡ããŸãã
ãµãŒã A ã¯å šãŠã®ã¯ã©ã€ã¢ã³ãã®éä¿¡ãã1 ã€ã®ç§å¯éµã§åŸ©å·ããŠäžèº«ã確èªããããšãã§ããŸãã
äžæ¹ããµãŒã A 以å€ã®å šäžçã®æ©åšã¯ç§å¯éµãç¡ãã®ã§éä¿¡ã¯åŸ©å·ã§ããŸãããå ¬ééµã§ã¯åŸ©å·åºæ¥ãªãã®ã§ãå ¬ééµã¯çèŽãããŠã圱é¿ãããŸããã
ç¹å®ã®ãµãŒã A ããä»»æã®ã¯ã©ã€ã¢ã³ããžã®éä¿¡ã®å®å šæ§ã»çæ£æ§ç¢ºä¿
éä¿¡å ããµãŒã A ã§ããããš (çæ£æ§)ãããã³ãµãŒã A ããã®éä¿¡ãæ¹ç«ãããŠããªãããš (å®å šæ§) ããä»»æã®ã¯ã©ã€ã¢ã³ããæ€èšŒã§ããŸãã
ãµãŒã A ã¯éä¿¡ãéããšãã«ããã®éä¿¡å 容ã®ããã·ã¥å€ãç§å¯éµã§æå·åããããŒã¿ãäžç·ã«éããŸãã
ã¯ã©ã€ã¢ã³ãã¯éä¿¡å 容ã®ããã·ã¥å€ãèšç®ãã€ã€ãä»å ãããããŒã¿ãå ¬ééµã§åŸ©å·ããåãå€ã«ãªããã確èªããŸããåèŽããã°ããã¯ãµãŒã A ããã®éä¿¡ã§ãããéä¿¡å 容ã¯éäžã§æ¹ç«ãããŠããªããšããããšãæå³ããŸãã
çè·¡éå®ã®ããã«åŸãã人ãç¹å®ããããšãã§ããã®ã§ãããžã¿ã«çœ²å (Digital-Signature)ããšåŒã°ããŠããŸãã
æè¿ã§ã¯ãããã³ã€ã³ã® multi-sig ã話é¡ã«ãªããŸããããããã¯ããããã³ã€ã³ã䜿ãéã«ãè€æ°äºº (äŸãã°å€«å©Š) ã«ããäžèšããžã¿ã«çœ²åã®ãµã€ã³ãå¿ èŠãšãªããããžã¿ã«çœ²åã®å¿çšäŸã§ãã
å ±é鵿巿¹åŒãšå ¬é鵿巿¹åŒã®æ¯èŒãã¡ãªããã»ãã¡ãªãã
å ±é鵿巿¹åŒã®ä»£è¡šæ Œ AES ãšå ¬é鵿巿¹åŒã®ä»£è¡šæ Œ RSA ãæ¯èŒããŸãã
 æ¯èŒé ç® | AES å ±é鵿巿¹åŒ | RSA å ¬é鵿巿¹åŒ |
---|---|---|
æå·ã»åŸ©å·é床 (èšç®è² è·) | é«é (äœè² è·) | äœé (é«è² è·) |
éµãã»ããããã¿ã€ãã³ã° | éä¿¡éå§ããåã«å ±æ | éä¿¡éå§æã«å ¬ééµãéä» |
ã¯ã©ã€ã¢ã³ãæ°Nã®ãšãã® éµã®å¿ èŠæ° | 2N | N+1 |
2030幎以éã§ã䜿ãã匷床 ã®bitæ° (ã»ãã¥ãªãã£åŒ·åºŠ) | 256bit | 3072bit |
äžçªèº«è¿ãªå ·äœäŸãhttps (SSL/TLS) ãžã®å¿çš
https (SSL/TLS) ã§ã¯éä¿¡ã®æå·åèªäœã¯å ±é鵿巿¹åŒã䜿ããŸããããã®å ±ééµã®å ãã¿ã®äº€æã«ã¯ RSA ãšã¯ç°ãªãå ¬é鵿巿¹åŒã䜿ãããŸããå ·äœçã«ã¯ãDH (Diffie Hellman) éµäº€æããå©çšãããŸãã
DH ã§ã¯äžã§èª¬æããŠãããã®ãšã¯ç°ãªãã¿ã€ãã®å ¬ééµ (DH å ¬ééµ) ã䜿ããŸãããã® DH å ¬ééµã¯ãµãŒããšã¯ã©ã€ã¢ã³ãã§ããããç°ãªãã®ã§ããããã® 2 ã€ã®å ¬ééµãåäœãããŠå ±ééµãçæããŸãã
ã§ãããDH ã«ã¯èªèšŒæ©èœããªããæãæžãŸãã«åŒ±ããããRSA å ¬é鵿巿¹åŒã«ããèªèšŒãè¡ããªããå ±ééµã®äº€æãè¡ããŸãã
ãªã®ã§ https (SSL/TLS) ã«ããã RSA å ¬ééµ (DH å ¬ééµã§ã¯ãªãä»ãŸã§èª¬æããŠããå ¬é鵿巿¹åŒ) ã¯ãèªèšŒãã®çšéã®ã¿ã«äœ¿ãããŸãã
å ·äœçã«ã¯ã¯ã©ã€ã¢ã³ãã¯ä»¥äž 3 ã€ã確èªããŸãã
- ããžã¿ã«èšŒææžã®ä¿¡é Œãã§ãŒã³ã®æäžäœ (ã«ãŒãèšŒææž) ããä¿¡é Œãããã«ãŒãèšŒææ©é¢ãã«ç»é²ãããŠãããïŒ(ããžã¿ã«èšŒææžèªäœãä¿¡é Œã§ãããã®ãïŒ)
- 眲åãå ¬ééµã§åŸ©å·ãããã®ãšãèšŒææžã®ããã·ã¥èšç®çµæãåãã«ãªããïŒ(èšŒææžèªäœãæ¹ç«ãããŠããªããïŒ)
- ã¢ã¯ã»ã¹å URL ã®ãã¡ã€ã³åãšããžã¿ã«èšŒææžã® SANs (ãµããžã§ã¯ã代æ¿å) ã¯äžèŽãããïŒ(â»1)
- ãµãŒãã®ç§å¯éµã«ããããžã¿ã«çœ²åããããDH å ¬ééµ (SV)ãããRSA å ¬ééµã§æ€èšŒã§ãããïŒ(ãµãŒã㯠RSA ç§å¯éµãæã£ãŠãããïŒ)
(â»1) 以åã¯ãã³ã¢ã³ããŒã (CN)ããäžèŽãããã©ãããèŠãããšããããŸããããæè¿ã§ã¯ SANs ã®ã¿ã確èªããåŸåã«ãããŸãã
ãã®ããã«å ¬é鵿¹åŒãšå ±é鵿¹åŒãäž¡çšããããšã§ããäºãã®ã¡ãªããããã«ã«æŽ»ãããŠããã®ã§ãã
äŸãšã㊠Web ãµãŒããžã® https ã¢ã¯ã»ã¹ãèããŸãã
Web ãµãŒãã¯ãRSA ç§å¯éµããšãRSA å ¬ééµä»ãèšŒææž (ããžã¿ã«èšŒææžãããäžè¬çã«ã¯ãµãŒãèšŒææž)ããæã¡ãã¯ã©ã€ã¢ã³ãã¯ãµãŒããžã®ã¢ã¯ã»ã¹æã«ãµãŒããã RSA å ¬ééµä»ãèšŒææžãæç€ºãããŸãã
RSA å ¬ééµä»ãèšŒææžã¯ãèšŒææžæ¬äœããšã眲åãã«æç¢ºã«åãããŠãããèšŒææžæ¬äœã«ã¯å ¬ééµãå å ãããŠããŸããäžæ¹ã眲åã¯ãèšŒææžæ¬äœãããã·ã¥åããç§å¯éµã§æå·åãããã®ã§ãã
ãŸããèšŒææžæ¬äœã«ã¯ããµããžã§ã¯ã代æ¿åããšãããµãŒããžã¢ã¯ã»ã¹ããéã® URL ã®ãã¡ã€ã³åãæžãããŠããŸããäŸãã° www.yahoo.co.jp ã® WebãµãŒããªãããµããžã§ã¯ã代æ¿åã www.yahoo.co.jp ã«ãªããŸãã
ãªããhttps ãããã³ã«ã®ã·ãŒã±ã³ã¹ã¯ä»¥äžã®éãã§ãã
- ã¯ã©ã€ã¢ã³ãããµãŒããž https ã¢ã¯ã»ã¹ããã®éãèªèº«ã䜿ããæå·æ¹åŒãéç¥
- ãµãŒãã¯æé©ãªæå·æ¹åŒãè¿ä¿¡ããããã«çœ²åä»ãèšŒææžãã¯ã©ã€ã¢ã³ããžæç€º
- ã¯ã©ã€ã¢ã³ãã¯ã«ãŒãèšŒææžã®æ€èšŒãèšŒææžã®æ¹ç«æç¡ãã¢ã¯ã»ã¹ URL ã®ãã¡ã€ã³åãšSANs (ãµããžã§ã¯ã代æ¿å) ã®ååŠã確èª
- âåé¡ãªããã°ãã¯ã©ã€ã¢ã³ããšãµãŒãéã§ DH å ¬é鵿¹åŒã«ãããå ±ééµã®çŽ ãå ±æã䜵ããŠãµãŒããã㯠RSA ç§å¯éµã«ãã眲åãã¯ã©ã€ã¢ã³ããžéä» (DH ã¯æãæžãŸãã«åŒ±ãããããžã¿ã«çœ²åã§çžæãèªèšŒãã)
- ã¯ã©ã€ã¢ã³ããšâãµãŒãã¯ããããå ±ééµã®çŽ ããå ±ééµãçæ
- å ±ééµã§âæå·åéä¿¡éå§
ãŸããã±ãŒã¹ãšããŠã¯å°ãªãã§ãããSSL/TLS ã«ã¯ãªãã·ã§ã³ã§ãã¯ã©ã€ã¢ã³ãã®èªèšŒãè¡ãããšãã§ããŸãã

ãã®ä»ã®æåãªäœ¿çšäŸãSSH ãžã®å¿çš
SSH ã䜿ãããã®äºåæºåãšããŠããµãŒãåŽã§ã¯ãŸãæåã« RSA çã®ç§å¯éµ/å ¬ééµã®ãã¢ãçæããå¿ èŠããããŸããããã§ã¯äŸãšã㊠RSA ç§å¯éµ/å ¬ééµã䜿ãããšãšããŸãã
å®éã« SSH ã¯ã©ã€ã¢ã³ãããã¢ã¯ã»ã¹ãåããå ŽåããŸã㯠DH éµäº€æã«ããå ±ééµãå ±æãã以éã®éä¿¡ãå šãŠæå·åããäžã§ãããžã¿ã«çœ²åã«ããèªèšŒãè¡ããŸãã
ãªããå ±ééµã¯æéçµéãšãšãã«å¥ã®éµã«å€ããŠãããŸãã
SSH ãµãŒãã®èªèšŒïŒãã¹ãèªèšŒïŒ
SSH ã¯ã©ã€ã¢ã³ãã¯ã¯ã©ã€ã¢ã³ãåŽã® DH å ¬ééµãéä¿¡ããŸãããããåããŠãµãŒãã¯ãµãŒãåŽã® DH å ¬ééµãéä¿¡ããŸãããåæã«ãRSA å ¬ééµãããRSA ç§å¯éµã«ãã眲åããéä¿¡ããŸãã
SSH ã¯ã©ã€ã¢ã³ã㯠SSH ãµãŒãããã®çœ²åã RSA å ¬ééµã§æ€èšŒããçžæãæ£ããéä¿¡çžæã ãšèªèšŒããã®ã§ããããããã¹ãèªèšŒã§ãã
ãªããSSH ã¯ã©ã€ã¢ã³ãã¯ããããååã¢ã¯ã»ã¹ã§ããã°ãSSH ãµãŒãã® IP ã¢ãã¬ã¹ãšçŽä»ããŠããã® RSA å ¬ééµãã€ã³ã¹ããŒã«ããŸããTeraTerm ã®å Žåã以äžã®ãããªç»é¢ã衚瀺ãããŸãã"Continue" ãæŒäžãããšã¯ã©ã€ã¢ã³ãã« RSA å ¬ééµãã€ã³ã¹ããŒã«ãããŸãã
次å以éãåã IP ãžã®ã¢ã¯ã»ã¹æã«ãæç€ºãããå ¬ééµãå€ãããšãèŠåãåºããŸããåã«ãµãŒããæŽæ¹ããå Žåã¯åé¡ç¡ãã§ããã身ã«èŠããç¡ãå ŽåãæãããŸãã®å¯èœæ§ãããããã§ã (ãã®åŸã® ID ãã¹ã¯ãŒãå ¥åãæŒæŽ©ããæ£èŠã®ãµãŒãã«äžæ£ãã°ã€ã³ãããå¯èœæ§ããã)ã
äŸãã° TeraTerm ã ãšä»¥äžã®ãããªèŠåç»é¢ãåºãŸããæ¬åœã«éµãå€ããŠããã®ã§ããã° "æ¢åã®éµã,æ°ããéµã§äžæžããã" ã«ãã§ãã¯ãå ¥ãã"ç¶è¡" ãæŒäžããéµã眮ãæããŸãã
SSH ã¯ã©ã€ã¢ã³ãã®èªèšŒ
ãã¹ãèªèšŒãçµãã£ãåŸã¯éã«ãSSH ãµãŒãã SSH ã¯ã©ã€ã¢ã³ããèªèšŒããŸããããã«ã¯å€§ãã 2 ã€ã®ããæ¹ããããŸãã
1 ã€ã¯ ID ãã¹ã¯ãŒãèªèšŒããã 1 ã€ã¯å ¬ééµèªèšŒã§ãã
SSH ã¯ã©ã€ã¢ã³ãã® ID ãã¹ã¯ãŒãèªèšŒ
åè¿°ã®éããSSH ã§ã¯ãŸãéµäº€æã«ããå ±ééµã§ã®éä¿¡æå·åãçºãããŸãããªã®ã§ SSH ã¯ã©ã€ã¢ã³ãã® ID ãã¹ã¯ãŒãèªèšŒã¯ãå ±ééµã§æå·åãããç¶æ ã§ãµãŒããžéä»ãããŸãããµãŒãã¯ãã¯ãå ±ééµã§ãã®æ å ±ã埩å·ããID ãã¹ã¯ãŒããæ£ãããã©ããã確èªããŸãã
SSH ã¯ã©ã€ã¢ã³ãã®å ¬ééµèªèšŒ
SSH ã¯ã©ã€ã¢ã³ãã®å ¬ééµèªèšŒã«ãããŠã¯ãID ãã¹ã¯ãŒãã䜿ãããã¯ã©ã€ã¢ã³ãã®å ¬ééµã«ããèªèšŒãè¡ããŸãã
ãã®æ¹åŒã䜿ãããã«ã¯ãSSH ã¯ã©ã€ã¢ã³ãåŽã§ãäºåã« RSA çã®å ¬ééµ/ç§å¯éµã®ãã¢ãçæããå ¬ééµã SSH ãµãŒããžã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã
äŸãã° user-a ãšãããŠãŒã¶ã SSH ã¢ã¯ã»ã¹ããããã«ã¯ããµãŒãåŽã® "/home/user-a/.ssh/authorized_keys" ã«å ¬é鵿 å ±ãæžã蟌ãã§ãããŸãã
ããšã¯ SSH ã¯ã©ã€ã¢ã³ãããã¯ã©ã€ã¢ã³ãåŽã® RSA ç§å¯éµã«ãã眲åãããµãŒããžéä¿¡ããã ãã§ãããµãŒãåŽã§ã¯ RSA å ¬ééµãåè¿°ã® authorized_keys ã«ä¿æããŠããŸãã®ã§ãããã䜿ã£ãŠçœ²åã®æ€èšŒãè¡ããŸãããã®æ€èšŒã«æåããã° SSH ã¯ã©ã€ã¢ã³ããæ£ãã (æ£ãã RSA ç§å¯éµãæã£ãŠãã) ãšå€æããŸãã
ç§å¯éµã®ã»ãã¥ãªãã£ããã¹ãã¬ãŒãºã®å¿ èŠæ§
ç§å¯éµã¯ãšãŠãéèŠãªãã®ã§ãããããã«ãã¡ãŒã«æ·»ä»çãå«ãã宿ã«è€è£œãã¹ãã§ã¯ãããŸããããä¿è·ãã¹ãã§ããWindows çã®ããã€ãã®ãœãããŠã§ã¢ã§ã¯ç§å¯éµããšã¯ã¹ããŒãã§ããªããããªä¿è·èšå®ããããŸãã
ãŸããOpenSSL ã³ãã³ãã ssh-keygen ã³ãã³ãçã§éµãã¢ãäœæããéãç§å¯éµã«ãã¹ãã¬ãŒãºãä»ããŠä¿è·ããããšãã§ããŸãã
ãã®ãã¹ãã¬ãŒãºã«ããä¿è·ã¯ãããç§å¯éµã®å©çšã¿ã€ãã³ã°ãæåå®è¡æã®ã¿ã§ããã°ãå©çšã®ãã³ã«ãã¹ãã¬ãŒãºãå ¥åããã°ããã§åé¡ãããŸããã
ã§ããäŸãã° Apache ã® https çšç§å¯éµããã¹ãã¬ãŒãºã§ä¿è·ããŠããç°å¢ã«ãããŠãWeb ãµãŒããäºæããåèµ·åããŠããŸã£ãå Žåã¯ãã¹ãã¬ãŒãºã®å ¥åãæ±ããããæåã§æã¡èŸŒãŸãªããš httpd ãèµ·åããŸããã
ãªã®ã§èªåã§ç§å¯éµãå©çšãããããšãæåŸ ããç°å¢ã«ãããŠã¯ããã¹ãã¬ãŒãºãèšå®ããŠã¯ããããŸããã
äžæ¹ã人éããµãŒãçã®ç®¡çã®ããã« SSH æ¥ç¶ã§ç§å¯éµã䜿ãå Žåã¯ããã£ãæ¹ãã»ãã¥ãªãã£ã¯é«ããªããŸãã
äžèŠåããã®ãšãæãããã¡ã§ãããããã¯ãèŠçŽ èªèšŒã®èãæ¹ã§ã¯ãç°ãªããã®ã§ããäºèŠçŽ èªèšŒã§ã¯ãèªèšŒã®èŠçŽ ãšããŠãäœãç¥ã£ãŠããïŒããäœãæã£ãŠããïŒããäœè ãªã®ãïŒããšãã£ãçš®é¡ã®äžããç°ãªã 2 çš®é¡ã®èŠçŽ ã«åæ Œããããšã§èªèšŒæåã«ããããšããèãæ¹ãããŸãã(åãèŠçŽ ã®äžã§ 2 åèªèšŒãããã®ã 2 段éèªèšŒãšèšããŸã)
ãã¹ãã¬ãŒãºã¯äººéãé ã®äžã§èŠããŠããã®ãåæãªã®ã§ãäœãç¥ã£ãŠããïŒãã«è©²åœããŸããäžæ¹ãç§å¯éµã®å 容ã¯äººéãèŠãããããã®ã§ã¯ãªãããäœãæã£ãŠãããïŒãã«åœãããŸãã(å ·äœçã«ã¯ç§å¯éµã®ãã¡ã€ã«ãã®ãã®)
ãã®ããã«ããã¹ãã¬ãŒãºãèšå®ããç§å¯éµã䜿ãããšã§ãäºèŠçŽ èªèšŒãå®çŸããŠããã®ã§ãã
â»ã¡ãªã¿ã«ããäœè ãªã®ãïŒãã¯äž»ã«éèèªèšŒãç¶²èèªèšŒçã®çäœèªèšŒã®ããšã§ãã
IT/ã€ã³ãã©ãšã³ãžãã¢ã®å°äœãšã¹ãã«åäžã®ããã«


ã³ã¡ã³ã
è²ã 調ã¹ããããèãããããããã®ã ãããšã¯æããŸãããåºæ¬çãªãšãããééãã ããã§ãã詳ããæžããªãã¡ãããšè£ããšããåãã£ãŠãªãéšåã¯ç¡çã«è©³ããæžããªããäœã¯ãšãããåºæ¬ãæŒãããã®ã倧äºã ãšæããŸãã
> angel ãã
ã³ã¡ã³ãããããšãããããŸããç§ãå šãŠã®çºèšãèšè¿°ã§æ£ããããšãèšã£ãŠããã€ããã¯ãªãã§ããããã¯angelãããåãããšæããŸãããééã£ãŠãããã®ã¯ã§ããéãã§çŽããããšæã£ãŠããŸãã
ãªã®ã§ããã²å ·äœçãªééãã®ç®æãæããŠé ããªãã§ããããã
å®ãããé¡ãããŸãã
ãæ£ããããšããä¿èšŒãå®å šã«è¡ãã®ã¯ããã¯é£ããã§ãããããããã§ãåŠ¥åœæ§ãã©ã®ããã«æ ä¿ããã®ãã¯æžãæãšããŠèããªããã°ãããªããšæããŸããå°ãªããšããã©ããã§ããæžããŠãã£ããããã¯å šãããŠã«ãªããŸããã
ã§ã¯ããã£ãšèŠåœããç¹ã«ã€ããŠã³ã¡ã³ãããŸãã
â
âå ¬ééµã»ç§å¯éµã§ã§ããããš ïœæå·åãšããžã¿ã«çœ²åïœ
* éã«ãç§å¯éµã䜿ã£ãŠæå·åãããšãå ¬ééµã§ã®ã¿åŸ©å·ã§ããŸãã
åé¡ç¹: ãããªäºå®ã¯ãªã
åè: ãŸããå ¬é鵿å·ã®ãæå·åããšã眲åãã¯å¥æè¡ã
RSAã«éã£ãŠã¯ãæå·åãã眲åãã«äž¡çšã§ãããšããç¹æ®æ§ããããããããçãŸãããããã誀解ã
âç¹å®ã®ãµãŒã A ããä»»æã®ã¯ã©ã€ã¢ã³ããžã®éä¿¡ã®å®å šæ§ã»çæ£æ§ç¢ºä¿
* ãã®éä¿¡å 容ã®ããã·ã¥å€ãç§å¯éµã§æå·åããããŒã¿
åé¡ç¹: äžã®ééãã®å»¶é·ã§åæ§ã«ééã
åè: ã眲åãã®ä»çµã¿ã詳ãã説æããã®ã«ã¯æ°åŠãå¿ é ã
ãªããã€æ¹åŒã«ãã£ãŠèšç®å å®¹ã¯æ§ã ãªã®ã§ãäžè¬åãã«ã¯ãããèžã¿èŸŒãã¹ãã§ã¯ãªãã
ã眲åããæ€èšŒãã§ååã ãããã®æå³ãæŒããããšããåºæ¬ã確ãã«ããæ¹ã倧äºã
âå ±é鵿巿¹åŒãšå ¬é鵿巿¹åŒã®æ¯èŒãã¡ãªããã»ãã¡ãªãã
ãã®è¡šèªäœã埮åŠ
ã¡ãªããã»ãã¡ãªãããšãããããåãã»äžåãã«å¿ããŠ
è²ã 䜿ãåããããŠãããããã®ããšããèšããªããšæã
âäžçªèº«è¿ãªå ·äœäŸãhttps (SSL/TLS) ãžã®å¿çš
* ãã®å ±ééµã®å ãã¿ (ãã¬ãã¹ã¿ãŒã·ãŒã¯ã¬ãã) ã¯å ¬é鵿巿¹åŒã䜿ãããŸãã
æ°ã«ãªãç¹: ããã¬ãã¹ã¿ãŒã·ãŒã¯ã¬ããã㯠TLS1.2ãŸã§ã®ååã§ãTLS1.3ããã¯
ã·ã§ã¢ãŒãã·ãŒã¯ã¬ãããªã®ã§ãè£è¶³ãå ¥ãããªã詳ããåŒã³åãçããªã工倫ãã»ãã
* å ·äœçã«ã¯ãDH (Diffie Hellman) éµäº€æããå©çšãããŸãã
åé¡ç¹: 仿ECDHã®ããšãèšããã
* ã§ãããDH ã«ã¯èªèšŒæ©èœããªããæãæžãŸãã«åŒ±ãããã
æ°ã«ãªãç¹: éµäº€æã»èªèšŒã圹å²åæ ããŠãã ããªã®ã§ããã®èª¬æã¯ã¡ãã£ãšãã¬ãã£ãã«ç©¿ã£ãŠèŠãã
* RSA å ¬ééµ (DH å ¬ééµã§ã¯ãªãä»ãŸã§èª¬æããŠããå ¬é鵿巿¹åŒ) ã¯ãèªèšŒãã®çšéã®ã¿ã«äœ¿ãããŸãã
è¯ãç¹: ãèªèšŒããã¡ãããšèšèã«ããŠã説æã¯å°ãªãã®ã§è¯ããšæãã
åé¡ç¹: ãã ããã®èªèšŒãäœãæããŠããã説æããªããããšãã眲åãã§ããããšã®æèšãã»ãã
å³äžã®ãâãµãŒãèªèšŒãã ãã ãš50ç¹ãããã¯èšŒææžã®æ€èšŒã«ãããªããã
* å³äžãDiffieHellmanéµäº€æã
åé¡ç¹: ãããªåŠçã¯ããŠããªãããšãããDHç§å¯éµã¯ã©ããã£ã
* å³äžãå ±é鵿巿¹åŒã
æ°ã«ãªãç¹: MAC/AEAD ã«ããæ¹ããæ€ç¥ã®è©±ãåºããŠãããã
* èšŒææžæ¬äœã«ã¯ãã³ã¢ã³ããŒã ããšãããµãŒããžã¢ã¯ã»ã¹ããéã® URL åãæžãããŠããŸãã
åé¡ç¹: ãã³ã¢ã³ããŒã ãã§ã¯ãªããSANsããURLåã§ã¯ãªãããã¡ã€ã³åã
åè: ãã¡ã€ã³å確èªã«ãããŠãã³ã¢ã³ããŒã ã¯SANsããªãå Žåã®äºåçãªãã®
* ã¯ã©ã€ã¢ã³ãã¯çœ²åä»ãèšŒææžãåãåããšãèšŒææžã®çºè¡å (ã«ãŒã) ãä¿¡é Œã§ããã«ãŒãèšŒææžãã©ããã®ç¢ºèªã
åé¡ç¹: äžéèªèšŒå±ã®èæ ®ããªãã®ã§ã衚çŸãèŠçŽããæ¹ãè¯ã
* â£åé¡ãªããã°ãã¯ã©ã€ã¢ã³ããšãµãŒãéã§ DH å ¬é鵿¹åŒã«ãããâŠ(ç¥)
è¯ãç¹: ããã®èšè¿°èªäœã¯ç¹ã«ééã£ãŠãããšã¯ãããªãã®ã§è¯ããšæãã
åè: ãã ããããŸã§ã®èšè¿°ãå³ã«éœéœ¬ãããã®ã§ããã®æé¢ã®å 容ãæç¢ºã«ææ¡ã§ããŠãªãã®ã§ã¯ãªããã
âãã®ä»ã®æåãªäœ¿çšäŸãSSH ãžã®å¿çš
* 以éã®é信㯠(å ¬ééµã®éä»ãå«ã) å šãŠãã®å ±ééµã«ããæå·åãè¡ã£ãäžã§è¡ããŸããããã«ããå ¬ééµã®æ¹ç«ãé²ãããšãã§ããŸãã
è¯ãç¹: éµäº€æåŸã®éä¿¡ãæå·åãããŠããã®ãæããã®ã¯è¯ããšæã
åé¡ç¹: ãå ¬ééµã®æ¹ãããé²ããã¯ç¹ã«æå³ããªãã®ã§ãã¹ãªãŒãã£ã³ã°ããªã«ã誀解ãããã®ã§ã¯ãªããã
âSSH ãµãŒãã®èªèšŒïŒãã¹ãèªèšŒïŒ
* å ±ééµã亀æåŸããµãŒãããã¯ã©ã€ã¢ã³ããžãµãŒãã®å ¬ééµãæç€ºãããŸãã
åé¡ç¹: éµäº€æãšå ¬ééµã®æç€ºã¯åæãªã®ã§ ( ããã»ã¹èªäœãäžäœåããŠãã®ã§ )ããã®ãããªé åºé¢ä¿ã¯ãªã
* ãããŠã¯ã©ã€ã¢ã³ãã¯ããé©åœãªæ°ãå ¬ééµã§æå·åããããããµãŒãã«éä¿¡ããŸãã(ç¥)ãããSSHãµãŒãã®èªèšŒã§ãã
åé¡ç¹: ãã®ãããªäºå®ã¯ãªãããšããã䜿ã£ãŠãã®ã¯ã眲åããªã®ã ããæå·åã¯é¢ä¿ãªãã
âSSH ã¯ã©ã€ã¢ã³ãã® ID ãã¹ã¯ãŒãèªèšŒ
* SSH ã¯ã©ã€ã¢ã³ãã® ID ãã¹ã¯ãŒãèªèšŒã«ãããŠã¯ãID ãã¹ã¯ãŒãæ å ±ãå ±ééµã§æå·åããŠãµãŒããžéä»ããŸãã
æ°ã«ãªãç¹: IDã»ãã¹ã¯ãŒããæå·åããšããããããéµäº€ææç«åŸã§éä¿¡ãæå·åãããŠãããã
IDã»ãã¹ã¯ãŒããä¿è·ããããã劥åœãæ®æŽã«IDã»ãã¹ã¯ãŒããçã£ãŠæå·åããŠããããã«ãèªãã
âSSH ã¯ã©ã€ã¢ã³ãã®å ¬ééµèªèšŒ
* äŸãã° â/home/user-a/.ssh/known_hostsâ ã«å ¬é鵿 å ±ãæžã蟌ãã§ãããŸãã
åé¡ç¹: äžè¬ã«ã¯ authorized_keys ãã¡ã€ã«ãknown_hosts ã¯åœ¹å²ãéã
* ããšã¯ãã¹ãèªèšŒã®éãè¡ããŸãã
åé¡ç¹: ãã¹ãèªèšŒã®è©±ãšåæ§ããã®ãããªäºå®ã¯ãªã
â
ãã®èšäºã«é¢ä¿ãã話ã¯ã以äžãåèã«ã©ãã
* 2ã€ã®å ¬é鵿å·
https://qiita.com/angel_p_57/items/897bf94160be8d637585
* SSL/TLSã®åºæ¬
https://qiita.com/angel_p_57/items/446130934b425d90f89d
* SSHã®å ¬ééµèªèšŒã«ãããè¯ããã誀解ã®è©±
https://qiita.com/angel_p_57/items/2e3f3f8661de32a0d432
angel ãã
ã³ã¡ã³ãããããšãããããŸããæ£çŽãããªãå§å©è °ã§äžæå¿«ã ãªããšæã£ãŠããŸãããããææã«é¢ããŠã¯åèã«ãªããŸãããããããšãããããŸãã
ãææã® 17 ç¹ã®ãã¡ã2 ç¹ (SSHã®èªèšŒ) ã«ã€ããŠã¯ç¢ºãã«è£åããçãã£ãã§ããããã«é¢ããŠã¯ç§ã®çè§£äžè¶³ã ã£ãã®ã§ä¿®æ£ããŸããã
1 ç¹ã«ã€ããŠã¯æç« ãä¿®æ£ãããå³ã®ä¿®æ£ãéã«åã£ãŠãªãã£ããã®ããããŸãããã¡ãã«ã€ããŠãä¿®æ£ããŸããã
1 ç¹ã¯ angel ããã®èªèéãã§ã¯ïŒãšæãç®æããããŸããã
1 ç¹ã¯åŸ®åŠã ãšããã³ã¡ã³ãã§ãããç¹æ®µåŸ®åŠã ãšã¯æããŸããã§ããã(çè«ãšå®è£ ããã£ã¡ãã«ããŠããç¯ãèŠãããŸãã)
4 ç¹ã«ã€ããŠã¯ãæãããªééãã§ãã£ããã説æãä¿®æ£ããæ¹ãããéšåããããŸããããåºæ¬ãã©ããšããã¬ãã«ã®è©±ã§ã¯ãªããäºçްãªç¹ã ãšãå人çã«ã¯æã£ãŠããŸãã
æ®ã 8 ç¹å«ãå šäœçãªè©±ãšããŠããææã¯äž»ã«ã¹ã¿ã³ã¹ã®éãã ãšæã£ãŠããŸãã
ã¹ã¿ã³ã¹ãšããã®ã¯å ·äœçã«ã¯ãangelããã®èª¬æããåããæããç ç²ã«ããŠããæ£ããæ å ±ãæžãã¹ãããšããã¹ã¿ã³ã¹ã ãšæšæž¬ããŸãããç§ã¯ãå€å°ã¯æ£ãããç ç²ã«ããŠã§ãããŸãã¯èªã人ã«è ¹èœã¡ãããã®ãåªå ããšããã¹ã¿ã³ã¹ã§ãã
æ£ãããšããã®ã¯äž»ã«ã现ãããšãããå šéšæžããã©ãããã§ããäŸãã°ãã®èšäºã§ã¯DHã®èª¬æã ãããããŠããŸããã®ã§ãããããããããæ¹æ³ãç¡ãããã«ãèŠãããããã¿ã©ã¡ã ïŒãšãã䞻匵ã¯çè§£ã¯ã§ããŸãããç§å¯éµåå¿è ã«DHãšECDHã®éãã説æããŠãåãããããªãããããªãïŒãšããçç±ã§çããŠããããŸãã
æ£ãããç ç²ã«ããããšã«ãã倧éšåã®äººãééã£ãç¥èã§æè¡è ãšããŠäžå©çã被ãã®ã§ããã°æ¬æã§ã¯ãããŸãããããã®ãããªäžå©çãããçè§£ã®å©ããšãªãå®åã«åœ¹ç«ã€å©çãèãããšãç§ã¯ãã®ã¹ã¿ã³ã¹ã§èšäºãäœããããšæã£ãŠããŸãã
æ¬èšäºãèªãã 人ãã¹ãããã¢ããããŠãã现ããªãã®ãåŠãã§ããããããããã®ãµã€ãã®èª¬æã¯å°ãéããªããšæãããããšãããã§ãããããç§ãšããŠã¯ããã§ããã®ãµã€ãã®åœ¹å²ã¯æãããŠããããšèããŠããŸãã
ãããªåæã§ãé ããã³ã¡ã³ãã«ã€ããŠè¿ä¿¡ãããŠé ããŸãã
>âå ¬ééµã»ç§å¯éµã§ã§ããããš ïœæå·åãšããžã¿ã«çœ²åïœ
>* éã«ãç§å¯éµã䜿ã£ãŠæå·åãããšãå ¬ééµã§ã®ã¿åŸ©å·ã§ããŸãã
>åé¡ç¹: ãããªäºå®ã¯ãªã
>åè: ãŸããå ¬é鵿å·ã®ãæå·åããšã眲åãã¯å¥æè¡ã
>RSAã«éã£ãŠã¯ãæå·åãã眲åãã«äž¡çšã§ãããšããç¹æ®æ§ããããããããçãŸãã
>ãããã誀解ã
ãããªäºå®ã¯ç¡ãããšããããã¯ãRSAãã®ããšãèšã£ãŠããããšããåæãæããŠããã ãã ãšæããŸãã远å ããŸããã
>âç¹å®ã®ãµãŒã A ããä»»æã®ã¯ã©ã€ã¢ã³ããžã®éä¿¡ã®å®å šæ§ã»çæ£æ§ç¢ºä¿
>* ãã®éä¿¡å 容ã®ããã·ã¥å€ãç§å¯éµã§æå·åããããŒã¿
>åé¡ç¹: äžã®ééãã®å»¶é·ã§åæ§ã«ééã
>åè: ã眲åãã®ä»çµã¿ã詳ãã説æããã®ã«ã¯æ°åŠãå¿ é ã
>ãªããã€æ¹åŒã«ãã£ãŠèšç®å å®¹ã¯æ§ã ãªã®ã§ãäžè¬åãã«ã¯ãããèžã¿èŸŒãã¹ãã§ã¯ãª
>ãã
>ã眲åããæ€èšŒãã§ååã ãããã®æå³ãæŒããããšããåºæ¬ã確ãã«ããæ¹ã倧äºã
åé¡ç¹ã«ã€ããŠã¯äžèšãšåãã§ããããäžè¬åãã«ã¯ãããèžã¿èŸŒãã¹ãã§ã¯ãªãããããïœã«ããæ¹ã倧äºããã«ã€ããŠã¯ã¹ã¿ã³ã¹ã®éãã§ããããã¹ãã§ãªãããšããã®ã¯äž»èŠ³ã®æŒãä»ãã«èãããŸãã(客芳çãªè«æ ãä»ãããããªãå¥ã§ãã)
>âå ±é鵿巿¹åŒãšå ¬é鵿巿¹åŒã®æ¯èŒãã¡ãªããã»ãã¡ãªãã
>ãã®è¡šèªäœã埮åŠ
>ã¡ãªããã»ãã¡ãªãããšãããããåãã»äžåãã«å¿ããŠ
>è²ã 䜿ãåããããŠãããããã®ããšããèšããªããšæã
ããã§ã¯çŸå®äžçã§ã®å®è£ ã®è©±ãããŠããããã§ã¯ãããŸããã
æ¹åŒã®ã¡ãªããã»ãã¡ãªããã§ããããã®çµæãå®è£ ã§äœ¿ãåãããããŠããããã§ãããã
>âäžçªèº«è¿ãªå ·äœäŸãhttps (SSL/TLS) ãžã®å¿çš
>* ãã®å ±ééµã®å ãã¿ (ãã¬ãã¹ã¿ãŒã·ãŒã¯ã¬ãã) ã¯å ¬é鵿巿¹åŒã䜿ãããŸãã
>æ°ã«ãªãç¹: ããã¬ãã¹ã¿ãŒã·ãŒã¯ã¬ããã㯠TLS1.2ãŸã§ã®ååã§ãTLS1.3ããã¯
>ã·ã§ã¢ãŒãã·ãŒã¯ã¬ãããªã®ã§ãè£è¶³ãå ¥ãããªã詳ããåŒã³åãçããªã工倫ãã»ã
>ã
ããã¯ç¥ããŸããã§ããããããã«tls 1.3 ã® RFC ãããã£ãšæ€çŽ¢ããæãã§ã¯ draft ã®éäžãã
premasterãšããã¯ãŒããåºãŠããªããªããŸããããšããããæ¶ããšããŸãã(ãããæ¬è³ªããã¯å€ããææã§ãåºæ¬ããªã£ãŠãããã©ããããšã¯éã話ããšã)
>* å ·äœçã«ã¯ãDH (Diffie Hellman) éµäº€æããå©çšãããŸãã
>åé¡ç¹: 仿ECDHã®ããšãèšããã
å ã»ã©ç³ããéããã¹ã¿ã³ã¹ã®éãã§ããããã®èšäºã§äœã説æããããããšãã芳ç¹ã§ãçããŠãŸãã
ãã®èª¬æãå ¥ãããªãããããæ°åŠçãªè©±ãå¿ èŠã«ãªããç§ã説æãããå 容ããçŠç¹ããŒãããŸããäžéå端ãªèª¬æãããããã¯æžããªãæ¹ããããšå€æããŠããŸããæ°åŠã«åŒ·ãæ¹ããã®ãããªäž»åŒµããããã®ã¯äœãšãªããæ°æã¡ã¯åãããŸããã
>* ã§ãããDH ã«ã¯èªèšŒæ©èœããªããæãæžãŸãã«åŒ±ãããã
>æ°ã«ãªãç¹: éµäº€æã»èªèšŒã圹å²åæ ããŠãã ããªã®ã§ããã®èª¬æã¯ã¡ãã£ãšãã¬ãã£
>ãã«ç©¿ã£ãŠèŠãã
ããŒããä»°ã£ãŠããããšã¯åãããŸãããããã®èª¬æã®ã»ããç§ã¯çè§£ãé²ããšæããŸãã
ããããããããã圹å²åæ ãããŠããŸãããšããã£ãšèª¬æããŠããŸããšãDHã¯æãããŸãã«åŒ±ãã
ãšããäºå®ãå°è±¡ã«æ®ããªããšæããŸãã®ã§ã
>* RSA å ¬ééµ (DH å ¬ééµã§ã¯ãªãä»ãŸã§èª¬æããŠããå ¬é鵿巿¹åŒ) ã¯ãèªèšŒãã®çš
>éã®ã¿ã«äœ¿ãããŸãã
>è¯ãç¹: ãèªèšŒããã¡ãããšèšèã«ããŠã説æã¯å°ãªãã®ã§è¯ããšæãã
>åé¡ç¹: ãã ããã®èªèšŒãäœãæããŠããã説æããªããããšãã眲åãã§ããããšã®
>æèšãã»ãã
>å³äžã®ãâãµãŒãèªèšŒãã ãã ãš50ç¹ãããã¯èšŒææžã®æ€èšŒã«ãããªããã
ãã®æ¬¡ã®å³ã§èª¬æããŠããŸããåããã¥ããã£ãã®ã§æç« ãç®æ¡æžãã«ããŠåãããããè£è¶³ãã€ããŸããã
>* å³äžãDiffieHellmanéµäº€æã
>åé¡ç¹: ãããªåŠçã¯ããŠããªãããšãããDHç§å¯éµã¯ã©ããã£ã
ä»°ãéãã§ããä¿®æ£ããŸããã
>* å³äžãå ±é鵿巿¹åŒã
>æ°ã«ãªãç¹: MAC/AEAD ã«ããæ¹ããæ€ç¥ã®è©±ãåºããŠãããã
確ãã«AEADã®è©±ã¯å ¥ãããã®ã§ããããããçŠç¹ããŒãããã®ã§ããã¯å²æã
>* èšŒææžæ¬äœã«ã¯ãã³ã¢ã³ããŒã ããšãããµãŒããžã¢ã¯ã»ã¹ããéã® URL åãæžãããŠ
>ããŸãã
>åé¡ç¹: ãã³ã¢ã³ããŒã ãã§ã¯ãªããSANsããURLåã§ã¯ãªãããã¡ã€ã³åã
>åè: ãã¡ã€ã³å確èªã«ãããŠãã³ã¢ã³ããŒã ã¯SANsããªãå Žåã®äºåçãªãã®
ããã¯éãã®ã§ã¯ïŒããããSANsã£ãŠãµããžã§ã¯ãâ代æ¿âåã§ãããïŒ
ã³ã¢ã³ããŒã 以å€ã«ã代æ¿ã§äœ¿ããååãªã®ã§ã¯ïŒ(ã³ã¢ã³ããŒã ã¯ãµããžã§ã¯ãå ã«ãã)
ãããæ¡åŒµãã£ãŒã«ãã§ãããæ¬æ¥çã«ã¯ã³ã¢ã³ããŒã ã ãšæããŸããã
ãªããæ¬èšäºã®ã¡ã€ã³ã¯ãç§å¯éµã»å ¬ééµãã§ãã®ã§ãhttpsã«ç¹åããŠè²ã ãš
詳ãã説æãããã€ããã¯ãããŸãããä»ã®èšäºã§ãã®ãããã¯èšèŒããŠããŸãã
>* ã¯ã©ã€ã¢ã³ãã¯çœ²åä»ãèšŒææžãåãåããšãèšŒææžã®çºè¡å (ã«ãŒã) ãä¿¡é Œã§ã
>ãã«ãŒãèšŒææžãã©ããã®ç¢ºèªã
>åé¡ç¹: äžéèªèšŒå±ã®èæ ®ããªãã®ã§ã衚çŸãèŠçŽããæ¹ãè¯ã
ãããçŠç¹ããŒãããã®ã§å²æã
>* â£åé¡ãªããã°ãã¯ã©ã€ã¢ã³ããšãµãŒãéã§ DH å ¬é鵿¹åŒã«ãããâŠ(ç¥)
>è¯ãç¹: ããã®èšè¿°èªäœã¯ç¹ã«ééã£ãŠãããšã¯ãããªãã®ã§è¯ããšæãã
>åè: ãã ããããŸã§ã®èšè¿°ãå³ã«éœéœ¬ãããã®ã§ããã®æé¢ã®å 容ãæç¢ºã«ææ¡ã§ã
>ãŠãªãã®ã§ã¯ãªããã
å³ã®ä¿®æ£ã远ãã€ããŠããªãã£ãã®ã§ä¿®æ£ããŸããã
>âãã®ä»ã®æåãªäœ¿çšäŸãSSH ãžã®å¿çš
>* 以éã®é信㯠(å ¬ééµã®éä»ãå«ã) å šãŠãã®å ±ééµã«ããæå·åãè¡ã£ãäžã§è¡ã
>ãŸããããã«ããå ¬ééµã®æ¹ç«ãé²ãããšãã§ããŸãã
>è¯ãç¹: éµäº€æåŸã®éä¿¡ãæå·åãããŠããã®ãæããã®ã¯è¯ããšæã
>åé¡ç¹: ãå ¬ééµã®æ¹ãããé²ããã¯ç¹ã«æå³ããªãã®ã§ãã¹ãªãŒãã£ã³ã°ããªã«ã誀
>è§£ãããã®ã§ã¯ãªããã
æ¹ããŠèŠãŠã¿ãŠãèªåã§ãæå³ããããªãã£ãã§ããæžãçŽããŸããã
>âSSH ãµãŒãã®èªèšŒïŒãã¹ãèªèšŒïŒ
>* å ±ééµã亀æåŸããµãŒãããã¯ã©ã€ã¢ã³ããžãµãŒãã®å ¬ééµãæç€ºãããŸãã
>åé¡ç¹: éµäº€æãšå ¬ééµã®æç€ºã¯åæãªã®ã§ ( ããã»ã¹èªäœãäžäœåããŠãã®ã§ )ãã
>ã®ãããªé åºé¢ä¿ã¯ãªã
>
>* ãããŠã¯ã©ã€ã¢ã³ãã¯ããé©åœãªæ°ãå ¬ééµã§æå·åããããããµãŒãã«éä¿¡ããŸã
>ã(ç¥)ãããSSHãµãŒãã®èªèšŒã§ãã
>åé¡ç¹: ãã®ãããªäºå®ã¯ãªãããšããã䜿ã£ãŠãã®ã¯ã眲åããªã®ã ããæå·åã¯é¢
>ä¿ãªãã
ããã¯ãææã®éããè£åããåããã«èšèŒããŠããŸããã確èªããä¿®æ£ããŸããã
>âSSH ã¯ã©ã€ã¢ã³ãã® ID ãã¹ã¯ãŒãèªèšŒ
>* SSH ã¯ã©ã€ã¢ã³ãã® ID ãã¹ã¯ãŒãèªèšŒã«ãããŠã¯ãID ãã¹ã¯ãŒãæ å ±ãå ±ééµã§æ
>å·åããŠãµãŒããžéä»ããŸãã
>æ°ã«ãªãç¹: IDã»ãã¹ã¯ãŒããæå·åããšããããããéµäº€ææç«åŸã§éä¿¡ãæå·åã
>ããŠãããã
>IDã»ãã¹ã¯ãŒããä¿è·ããããã劥åœãæ®æŽã«IDã»ãã¹ã¯ãŒããçã£ãŠæå·åããŠãã
>ããã«ãèªãã
SSHã®äž»æ©èœããèããŠããããªè§£éããŸãïŒãšèšãããã§ããäžçããã®ã§ä¿®æ£ããŸããã
>âSSH ã¯ã©ã€ã¢ã³ãã®å ¬ééµèªèšŒ
>* äŸãã° â/home/user-a/.ssh/known_hostsâ ã«å ¬é鵿 å ±ãæžã蟌ãã§ãããŸãã
>åé¡ç¹: äžè¬ã«ã¯ authorized_keys ãã¡ã€ã«ãknown_hosts ã¯åœ¹å²ãéã
å¡ãã¹ã§ããä¿®æ£ããŸããããããåºæ¬ãã©ããšãã話ã§ã¯ãªãããšã
>* ããšã¯ãã¹ãèªèšŒã®éãè¡ããŸãã
>åé¡ç¹: ãã¹ãèªèšŒã®è©±ãšåæ§ããã®ãããªäºå®ã¯ãªã
ããã確èªããä¿®æ£ããŸããã
éããããã®åºæ¬æ å ±æè¡è æ€å®ã®åéšè ã§ãããå ¬ééµãšç§å¯éµã®éããããåãããŸããã
æ å ±ãçºä¿¡ããæ¹ã«ã¯ãã®çºä¿¡å 容ã«å¯Ÿããæ¹å€ããã人ãããã®ãã€ããã®ã§ããã圹ã«ç«ã£ãŠãããšæã£ãŠããæ¹ããªãŒããªã³ãªãŒã§å€§å¢ããŸãã®ã§ïŒç§å«ãïŒããæ°ã«ãªãããçºä¿¡ãç¶ããŠæ¬²ãããšæããŸãã
éããããããããæ°é£ãããããšãããããŸãïŒãšãŠãå±ã¿ã«ãªããŸãã
åããŠã®ããšã ã£ãã®ã§ã©ã察åŠãããã®ãããšããæãã§ãããããã®ãµã€ããèªç¥åºŠãäžãã£ãŠããã®ã ãªãå²ç« ã¿ãããªãã®ã ãªããšæããããšã«ããŸããã
ä»åŸããã²ãã²ããã«ïŒ
ããã«ã¡ã¯ã
ãäžçªèº«è¿ãªå ·äœäŸãhttps (SSL/TLS) ãžã®å¿çšãã®å³ã«ãŠã質åãããŠãã ããã
â ä»ãµã€ããåèæžã§ã¯ããã®å³ã§èšãDHéµäº€æããã»ã¹ã«ãããŠã¯ã
ãCLããSVã«premaster secret(PMS)ãSVã®RSAå ¬ééµã«ãã£ãŠæå·åããSVåŽã§PMSãè€åããåŸ
ãSVãCLããããã§PMSããMS(å ±éãæ)ãçæããæšãèšèŒãããŠããŸãã
ããã®å³ã§ã¯ãDHå ¬ééµ(CL)ããPMSã«è©²åœãããšçè§£ããã®ã§ããã
ããã®å Žåäžèšèª¬æãšç°ãªããSVã®RSAå ¬ééµã§æå·åãããŠSVã«éãããŠããªãã®ã¯äœæ ã§ããããã
â¡SVãCLããããã«ãããŠãDHå ¬ééµ(SV,CL)ãšDHç§å¯éµãããå ±ééµãçæããšãããŸããã
ãDHç§å¯éµãšã¯SVãCLããããã®DHç§å¯éµã®ããšã§ããããïŒ
ãããã§ããã°ãSVãšCLã§åãå ±ééµãäœæãããä»çµã¿ãçè§£ã§ããŸããã§ããã®ã§ã
ã解説ããã ãããšå©ãããŸããïŒããããç§ã®çè§£åãè¶³ããŠããªãããïŒ
ãããããé¡ãããããŸãã
ããããããã
ã³ã¡ã³ãããããšãããããŸãã
â ã«ã€ããŠã§ãããéµäº€æããã»ã¹ã§RSAå ¬ééµã¯çŸåšã»ãŒäœ¿ãããŠããŸãããçŸåšhttpsã§å®è£ ãããŠããã®ã¯DHå ¬ééµã§ãã(TLSããŒãžã§ã³1.3ã§ã¯RSAæ¹åŒã¯å»æ¢ã«ãªããŸããã)
ãRSAå ¬ééµã«ããå ±ééµçæãã¯ãåæ¹ç§å¿æ§ãç¡ãã倧ããªã»ãã¥ãªãã£ãªã¹ã¯ã䌎ãããšãèªç¥ãããããã§ãããããµãŒãã®ç§å¯éµãæŒæŽ©ããéãéå»ã®httpséä¿¡ããå šãŠã埩å·åºæ¥ãŠããŸãã®ã§ãã(ãã®ãããã¯ã¹ããŒãã³äºä»¶ãšé¢ããããããŸãã)
ç§ããã£ãšæ°ã«ãªã£ãŠã¯ããã®ã§ãããä»ãµã€ããåèæžã§ã¯å€ãæ å ±ããã®ãŸãŸäœ¿ãããŠããããã§ããã
â¡ã«ã€ããŠã¯ããèªèã®éããSV/CLããããã®DHç§å¯éµã®ããšã§ãã
ãã®ããã㯠Diffie-Hellman ã§æ€çŽ¢ããã°è²ã ãšæ å ±ãåºãŠãããšæããŸããç§èªèº«ãåããæã説æãã§ããªãã£ãã®ã§å²æããŠããã®ã§ãããããã®ãã¡è§£èª¬èšäºã«ããŠã¿ãããšæããŸãã
ãè¿ä¿¡ããããšãããããŸãã
â æ¬æäžã«ããéµäº€æãšããŠRSAã䜿çšããã®ã¯å±éºãªæšãã£ããèšèŒãããŠãããŸãããã倧å€å€±ç€ŒããããŸããã
ããã ãæ¬ãµã€ãã®å¥èšäºããå³è§£ãããåããããžã¿ã«èšŒææž(SSLèšŒææž)ã®ä»çµã¿âŠã
ãäžã®ãããžã¿ã«(SSL)èšŒææžãšã¯ãç®æã®ã·ãŒã±ã³ã¹å³ã«ããŠããRSAãšã¯æžãããŠããªããã®ã®
ãã¯ã©ã€ã¢ã³ãåŽããâå ±ééµã®å ãã¿âããµãŒãã®å ¬ééµã§æå·åããŠããããã«èŠããŸãã
ããããããDHæ¹åŒã§ã¯ãRSAæ¹åŒãšã¯ç°ãªããã¯ã©ã€ã¢ã³ããããµãŒãã«âå ±ééµã®å ãã¿â(æ¬èšäºã®å³ã§ããâDHå ¬ééµ(CL)â)ãæå·åããŠéãå¿ èŠæ§ãç¡ããªã£ãããšããè§£éã§ããããã®ã§ããããã»ã»ïŒ
â¡ç§ã®æ¹ã§ã調ã¹ãŠã¿ãŸãã解説èšäºã®ãæ€èšããããšãããããŸãïŒ
ããããããã
ãããžã¿ã«èšŒææžã®ä»çµã¿ãã«ã€ããŠã§ãããå³ãå€ãæ¹åŒã®èª¬æã«ãªã£ãŠãããä¿®æ£ããããšæããªãããæŸçœ®ããŠãããŸããããããã®æ©äŒãé ããä¿®æ£ããŸãããã
> ãããããDHæ¹åŒã§ã¯ãRSAæ¹åŒãšã¯ç°ãªããã¯ã©ã€ã¢ã³ããããµãŒãã«âå ±ééµã®å ãã¿â(æ¬èšäºã®å³ã§ããâDHå ¬ééµ(CL)â)ãæå·åããŠéãå¿ èŠæ§ãç¡ããªã£ãããšããè§£éã§ããããã®ã§ããããã»ã»ïŒ
ã¯ããRSAãšDHã¯æ ¹æ¬çã«æ¹åŒãéããŸããDHã§ã¯ç¹å®æ¡ä»¶ã®äºãã«ç°ãªãå ¬ééµãéãåãããšã§ãåšãã«ç¥ãããã«å ±ééµãçæããããšãã§ããŸãã