预期的输出(CNG 示例)
更新: 2008 年 7 月
下一代加密技术 (CNG) 安全通信示例包含三个应用程序,其中每个应用程序都产生大量的文本输出。此外,该示例还包含五个产生不同输出的版本。有关这些应用程序和版本的更多信息,请参见 CNG 安全通信示例和源代码概述。
本主题包含以下部分,这些部分显示输出的选定部分:
Alice,“选项”菜单
版本 1-5,不含截获,非详细模式
版本 3,含截获,非详细模式
版本 4-5,含截获,详细模式
在输出部分,冒号后跟大于号 (:>) 表示提示。省略号 (...) 表示省略了与前一输出块相比无变化的输出行。
下图演示了会话开始时的全部三个控制台窗口:
Alice,“选项”菜单
下面的输出显示了 Alice 在会话开始时显示的选项菜单。
Cryptography Next Generation Secure Communication Example
------------------------------------------------------------------
Please select a security model:
1 = Plaintext only.
2 = Encrypt messages.
3 = Encrypt messages, use public key to digitally sign messages.
4 = Encrypt messages, use private key to digitally sign messages.
5 = Encrypt messages, use private key to digitally sign messages
and cryptographic keys. Causes Abort on security failures.
x = Exit.
:> 3
Include Mallory? y/n
:> y
Verbose output mode? y/n
:> y
版本 1-5,不含截获,非详细模式
本部分显示当您选择非详细模式并关闭 Mallory 的截获功能时由 Alice.exe 版本 1 到 5 生成的输出部分。
Alice,版本 1
下面的输出显示了当 Alice 和 Bob 在没有加密、数字签名或截获的情况下进行基本消息交换时发生的情况。
Cryptography Next Generation Secure Communication Example
Security Version: 1 Mode: Regular Mallory: no Signatures: no
-----------------------------------------------------------------------
Hi, I'm Alice Green. My sales associate is Bob White.
I need to send him a customer order right now!
:> Hi Bob. I have a new customer contact.
Hi Alice. That is good news. Please send it to me.
:> Here it is: Coho Winery, 111 AnyStreet, Chicago
Thanks, I'll arrange to meet him.
...
Alice,版本 2
下面的输出显示了当 Alice 和 Bob 使用加密密钥对其消息进行加密时发生的情况。
Cryptography Next Generation Secure Communication Example
Security Version: 2 Mode: Regular Mallory: no Signatures: no
-----------------------------------------------------------------------
...
-----------------------------------------------------------------------
Now Bob will publicly send me his public cryptographic key:
Listening...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
:> Hi Bob. I have a new customer contact.
Hi Alice. That is good news. Please send it to me.
:> Here it is: Coho Winery, 111 AnyStreet, Chicago
Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------
...
Alice,版本 3-5
下面的输出显示了当 Alice 和 Bob 使用数字签名对其密钥和消息进行签名时发生的情况。由于 fMallory 标志为 false(即没有截获),因此输出几乎与上一部分完全相同。
Cryptography Next Generation Secure Communication Example
Security Version: 3 Mode: Regular Mallory: no Signatures: yes
-----------------------------------------------------------------------
Hi, I'm Alice Green. My sales associate is Bob White.
I need to send him a customer order right now!
First, I will send Bob a digital signature key over a public channel.
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, I'll send Bob my key.
Sending...
-----------------------------------------------------------------------
Now Bob will publicly send me his public cryptographic key:
Listening...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
...
版本 3,含截获,非详细模式
此版本显示当 fMallory 标志设置为 true 时发生的情况。请仔细查看 Bob 从 Alice 那里接收的地址。将其与上一部分 Bob 接收的地址进行比较。您会看到 Mallory 截获了该地址,并对它进行了细微的更改。
虽然 Alice 和 Bob 在发送的每条消息中都使用了数字签名,但 Mallory 仍然能够截获这些消息。这是因为他们都是通过与加密密钥一样的非安全通道来发送数字签名密钥的。Mallory 能够截获全部密钥。他使用加密密钥对消息进行加密,并使用数字签名密钥对消息进行签名。由于 Alice 和 Bob 使用相同的密钥,因此没有人产生怀疑。
Bob,版本 3
下面的输出来自 Bob 的控制台窗口。它显示了 Bob 从 Mallory 那里收到的消息。
Cryptography Next Generation Secure Communication Example
Security Version: 3 Mode: Regular Mallory: yes Signatures: yes
----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, Alice will send me her key.
Listening...
-----------------------------------------------------------------------
Next, I will send my public cryptographic key to Alice:
Sending...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
Hi Bob. I have a new customer contact.
:> Hi Alice. That is good news. Please send it to me.
Here it is: Coho Winery, 111 AnyStreet, Chicago
:> Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------...
Mallory,版本 3
下面的输出来自 Mallory 的控制台窗口。它显示了 Mallory 如何截获并更改 Alice 和 Bob 的消息。
Cryptography Next Generation Secure Communication Example
Security Version: 2 Mode: Regular Mallory: yes Signatures: no
-----------------------------------------------------------------------
Hi, I'm Mallory, the man in the middle.
I wonder what Alice and Bob are talking about.
I think I'll listen in.
-----------------------------------------------------------------------
Alice and Bob are going to exchange their
public cryptographic keys through a public channel.
First, Alice will send Bob her key.
Good. I just intercepted Alice's public key:
Next, I will send my MalloryAlice public cryptographic key to Alice:
Sending...
Next, I will send my MalloryBob public cryptographic key to Bob:
Sending...
Now I will receive Bob's public key:
Good. I just intercepted Bob's public key:
-----------------------------------------------------------------------
Now that they have exchanged their keys,
they can have a secure conversation:
-----------------------------------------------------------------------
From Alice:
Hi Bob. I have a new customer contact.
To Bob:
:> Hi Bob. I have a new customer contact.
From Bob:
Hi Alice. That is good news. Please send it to me.
To Alice:
:> Hi Alice. That is good news. Please send it to me.
From Alice:
Here it is: Coho Winery, 111 AnyStreet, Chicago
To Bob:
:> Coho Winery, OneEleven EveryStreet, Chicago
From Bob:
Thanks, I'll arrange to meet him.
To Alice:
:> I think the address is wrong, but I'll keep trying.
-----------------------------------------------------------------------
I am so clever!
Here is what I received: Coho Winery, 111 AnyStreet, Chicago
and here is what I sent: Coho Winery, OneEleven EveryStreet, Chicago
They will never catch me!
-----------------------------------------------------------------------
...
版本 4-5,含截获,详细模式
在版本 4 和 5 中,Alice 向 Bob 发送了用于对他们的消息进行签名的数字签名私钥。Mallory 不知道 Alice 用来向 Bob 发送该密钥的专用通道。因此,他继续使用在公共通道上截获的数字签名密钥。
Bob,版本 4
本部分显示完整详细的输出。您可以查看加密的数字签名密钥、消息加密密钥以及加密的消息。此版本还包括当检测到未经验证的数字签名时显示的安全警告。
Cryptography Next Generation Secure Communication Example
Security Version: 4 Mode: Verbose Mallory: yes Signatures: yes
-----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
Here it is:
☻???x???♥?? ♦ ?ie??t?VD?A?Y??▬☻§?Ed►??H?Hm2G¶?E??N?!`?☺¶^[←?↨?▬d? K9zdnJ
?☻?:↓?☺ ?L?K???C+♦??c?*7↓l?§??-??`L?h↓?GF?=???????????↔??&1|☺?????%?_???
?
Now Alice privately sent me a digital signature key. I will use it instead.
Here it is:
0??☻☺ 0►♠*?H?=☻☺♠♣+?♦ #♦??0??☻☺☺♦B☺??t
???♥?? ♦☺?V??)???s<m{sGM!?;~??d??Oc`♦?j??⌂§?d??b?? ????????,?♠ ??4?]???
.??☺DN)3?=T↨??p>M???X?B????50???? ? ?E§?B?nr?z?/r??U????7,⌂?n?SL??,+
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, Alice will send me her key.
Listening...
======== SECURITY ERROR!!===========
Cryptographic Key: Failure verifying digital signature.
Here it is: an ECDH public KeyBlob
encoded within an XML string:
<ECDHKeyValue xmlns="http://www.w3.org/2001/04/xmldsig-more#">
<DomainParameters>
<NamedCurve URN="urn:oid:1.3.132.0.35" />
</DomainParameters>
<PublicKey>
<X Value="5810718142462989354994453278603666484069278865008031317447
037792465942980799716553452148826647328907514445799324904361787703912513
195249832409677600954844765" />
<Y Value="3280794663882281563639053942916365892460715799983953322007
508591453180081202861463948160922147015703385178443338980028430040655324
927942630539423460021361227" />
</PublicKey>
</ECDHKeyValue>
-----------------------------------------------------------------------
Next, I will send my public cryptographic key to Alice:
Sending...
Here it is: an ECDH public KeyBlob
encoded within an XML string:
<ECDHKeyValue xmlns="http://www.w3.org/2001/04/xmldsig-more#">
<DomainParameters>
<NamedCurve URN="urn:oid:1.3.132.0.35" />
</DomainParameters>
<PublicKey>
<X Value="2455055322326895878650801953827546401118074905382497016837
137236585732889354895381530732942808710858667195863286496064074787137035
924365385948877294503335106" />
<Y Value="1218921928274644208762495755994900948182290688858431853778
446672036473174952224569387259723200925573098776195363817761522302928910
53555717400648130000558239" />
</PublicKey>
</ECDHKeyValue>
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
Incoming message:
??(??m?⌂4i?JOgion vector: ?
Ciphertext:
??∟↓[\▼?3♦Z GTGa>?&??,?x3f1Sh7L↓n?dc?I?A??\?P?l⌂X⌂@?V#??G??(O???6?♦☻)?
PJ???@{N
Signature:
?QF????¶☻ ~?YA?????oJ?7??{◄?oVg???L?→←3?⌂§?
Y???Ca??S?Rl?v8(? ? ????I0 ?♦?|???L9|????????
??♦&)??gm??28?!??L?
U?, ???N??@4??2§S
Incoming decoded message:
Hi Bob. I have a new customer contact.
SECURITY WARNING! Received signature did not verify
-----------------------------------------------------------------------
:> Hi Alice. That is good news. Please send it to me.
-----------------------------------------------------------------------
Incoming message:
Initialization vector: ??4??♂??§??♫:(??
Ciphertext:
?m?????y??x'~?<⌂yZ???G??Q????§????↕G??☼M?(?y[§▼→a?f%L??????← ????y???
&??z ?p?????[?p
Signature:
???7[?ju???4??]???F?l?'-A??@?l??‼?¶F"k???g??♀{??S??????▲?t.?;???↕▬?u?♠♀
?!%}?????∟?☻?*?a?"◄o??▬??,?w??F▲k??Y∟?▲???j??T???↕♫2???
Incoming decoded message:
Coho Winery, OneEleven EveryStreet, Chicago
SECURITY WARNING! Received signature did not verify
-----------------------------------------------------------------------
:> Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------
Bob,版本 5
与上一版本一样,版本 5 也使用数字签名私钥对消息加密密钥进行签名。另外,此版本还会在遇到安全错误时立即结束会话。
Cryptography Next Generation Secure Communication Example
Security Version: 5 Mode: Verbose Mallory: False Sign keys: true
-----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
Here it is:
...
Now Alice will privately sent me a digital signature key. I will use it
instead.
Here it is:
...
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel
First, Alice will send me her key.
Listening...
======== SECURITY ERROR!===========
Cryptographic Key: Failure verifying digital signature.
Contact your security administrator.
TERMINATING SESSION
请参见
概念
修订记录
日期 |
修订记录 |
原因 |
---|---|---|
2008 年 7 月 |
新增主题。 |
信息补充。 |