1 / 23

算 法约束 : 密码合规管理统一框架

算 法约束 : 密码合规管理统一框架. 范学雷 王卫军 高级软件工程师.

trina
Download Presentation

算 法约束 : 密码合规管理统一框架

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 算法约束:密码合规管理统一框架 范学雷 王卫军 高级软件工程师

  2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

  3. 议程 • 密码合规管理的背景和需求 • 密码合规管理的基本框架 • 算法约束框架的应用 • 算法约束框架的展望 • 演示

  4. 密码合规管理的背景 密码分析的发展 • MD2/MD5/SHA-1的安全性 • RSA/DSA密钥长度 • DES/RC4_40/DES_40的安全性 • SHA-2 • AEAD

  5. 密码合规管理的背景 密码管理建议 • 美国国家标准与技术研究院 (NIST) • 欧洲卓越密码网络(ECRYPT)计划 • 德国联邦信息安全办公室(BSI) • 美国国家安全局 (NSA Suite B) • 法国网络与信息安全局(ANSSI)

  6. 示例:NIST密码管理建议 (I)

  7. 示例: NIST密码管理建议 (II)

  8. 示例: NIST密码管理建议(III)

  9. 示例: NIST密码管理建议 (IV)

  10. 密码合规管理的需求(I) • 不同的应用有不同的约束 • 不同的组织有不同的建议 • 合规约束随时间变化而变化 • 算法有适用范围 • 算法有适用时限

  11. 密码合规管理的需求(II) • 独立于算法实现库 • 集中的密码合规管理模式 • 一致的密码合规管理接口

  12. 密码合规管理的基本框架 • 统一接口 • java.security.AlgorithmConstraints • 创建模式 • java.security.AlgorithmConstraintsFactory • 运用模式 • XXX.setAlgorithmConstraints(AlgorithmConstraints) • 集中管理 • Java security properties

  13. AlgorithmConstraints package java.security; public interface AlgorithmConstraints{ public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters); public boolean permits(Set<CryptoPrimitive> primitives, Key key); public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters); }

  14. AlgorithmConstraintsFactory package java.security; public class AlgorithmConstraintsFactory{ public AlgorithmConstraintsgetInstance( String name, Provider provider); … }

  15. 运用模式示例 package javax.net.ssl; public class SSLParameters { public void setAlgorithmConstraints( AlgorithmConstraints constraints); public AlgorithmConstraintsgetAlgorithmConstraints(); … }

  16. Java security property • jdk.algorithmConstraints • jdk.tls.algorithmConstraints • jdk.certpath.algorithmConstraints

  17. 算法约束框架的当前应用 • PKI数字证书验证 • JSSETLS算法筛选 • Java Security Property • jdk.certpath.disabledAlgorithms • jdk.tls.disabledAlgorithms

  18. 算法约束框架的展望(I) • 将算法约束扩展到更多模块 • Kerberos • Tools • XML安全 • 更加便捷的集中控制属性 • jdk.algorithmConstraints=NIST-192

  19. 算法约束框架的展望(II) • 便捷的算法约束集创建模式 • AlgorithmConstraintsFactory.getInstance(“NIST-256”) • 灵活的算法约束集导入模式 • PKIXParameters.setAlgorithmConstraints(AlgorithmConstraints) • 建议第三方采取统一的框架

  20. To fill a shape with an image. Use existing picture box, DO NOT delete and create new picture box. Right click on the shape. At the bottom of the submenu select “Format Shape” Select “Fill” at the top of the “Format Shape” dialog box. Select “Picture or Texture fill” from the options. And select “File” under the “Insert from” option. Navigate to the file you want to use and select “Insert” On the “Format” tab, in the Size group, click on “Crop to Fill” in the Crop tool and drag the image bounding box to the desired size DELETE THIS INSTRUCTION NOTE WHEN NOT IN USE 实例演示

  21. Graphic Section Divider

More Related