_part 35 - certificate authority

Download _Part 35 - Certificate Authority

Post on 14-Jun-2015

388 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

Chuyn trang dnh cho k thut vin tin hc CHIA S - KINH NGHIM - HC TP - TH THUT

Part 35 - Certificate AuthorityTrong thi i CNTT ngy nay c l khng ai trong chng ta khng s hu mt a ch Email ca ring mnh v thng xuyn thng qua trao i thng tin cng nh lin lc vi i tc trong kinh doanh. Vn t ra l vi nhng ti liu c mc quan trng v ring t cao m ta khng mun c mt ngi th 3 bit, tuy nhin vic trao i thng tin qua Internet vi cc thao tc th m cng trc gi ta s dng th nguy c b hacker nh cp thng tin l iu lun lun c kh nng xy ra mc cao. V bn cm thy lo lng v nguy c r r thng tin c th xy ra bt c lc no ny, cho nn bn tin hnh m ha d liu ca mnh gi cho i tc. Vy cng vic m ha ny c thc s an ton hay khng? v c ch n m ha nh th no? chng ta hy tm hiu cc c ch bo mt sau: Trc tin ta hy tm hiu v qui trnh m ha & gii m d liu. V d A c mt thng tin quan trng mun gi cho B c ni dung l "GC Com Co" chng hn v A mun m ha d liu ra ch khng gi tng minh nh vy, nn A s t ra mt kha v d l "1" (Key=1) chng hn v tin hnh m ha n thnh mt chui i khi "JKHeifuyoiuIOYUOf" Khi B nhn c thng tin t A gi cho vn l mt chui k t rm r trn. gii m tt nhin B phi c Key m A cung cp cho th mi c th c c ni dung ny. C 2 cch m ha & gii m d liu nh sau: 1/ Cch i xng: Vi cch ny ging nh nhng g ti va nu trn, tng chng nh an ton nhng li tn ti nhng nhc im ln m hin ti ngi ta khng chn hnh thc m ha & gii m kiu ny, v nu nh mt ai c c Key ny h s c c ton b d liu m trc ta m ha hn na trong thc t A khng ch c mt mnh B l i tc m c m hng trm hng nghn i tc khc na. Vi mi i tc A phi c mt Key ring cho i tc , v A cng phi lu tr chng y kha m pha i tc cp cho.

1 of 49

V d A gi mt gi tin tn l Data cho B c m ha vi Key = 1 cho ra kt qu l gi tin Data' B nhn c gi tin trn v tin hnh gii m vi Key trn v thu c Data ban u Tuy nhin v mt l do no C nht c gi tin Data' v Key ca A gi cho B. Khi n tin hnh gii m v sa thng tin sau gii m vi Key trn v gi cho B. V vy thng tin m B nhn hon ton b sai lch khng ng tin cy nhng bn thn B cng khng bit.

Trc nguy c ngi ta a ra cch m ha d liu th 2 2/ Khng i xng: Ngi ta chng minh rng lun tn ti 2 s P,Q vi P # Q Khi m ha d liu vi P ngi ta em kt qu thu c gii m vi Q s thu c d liu ban u v ngc li

2 of 49

Vi qui trnh ny mi ngi dng s dng cng ngh m ha s ch cn 2 kha m thi v d A s dng cng ngh m ha nn A c: Kha PA gi l Public Key kha ny l kha cng khai mi ngi u c th xem v s dng kha ny Kha QA gi l Private Key kha ny l kha b mt ch c mnh A l c th xem v s dng kha ny V vy khi A gi gi tin Data cho B n s dng Public Key PB ca B m ha v cho ra kt qu l Data' Khi B thu c Data' n dng Private Key ca ring mnh gii m d liu v thu c Data ban u

Tuy nhin cch ny vn cha thc s an ton v A ch ly Public Key PB ca B s dng m khng xc minh tnh xc thc ca n c ng l ca B hay khng. Khi vi mt th thut no C ly Public Key PC ca mnh chn vo Public Key PB ca B nhm nh la A Nh vy v tnh thay v A dng PB ca B th n li ly PC ca C v m ha d liu gi cho B, lc ny C s ly gi tin m ha trn v tin hnh gii m sau l chnh sa ni dung Tip n n li dng PB ca B gii m d liu v gi n B. Nh vy thng tin m A gi cho B n lc ny vn cha thc s an ton.

3 of 49

Nhng may thay Microsoft xy dng cho ta cng c Certificate Authority ng vai tr nh mt nh cp pht giy chng thc v qun l cc thng tin chng thc y Nh vy vn y l ta phi dng mt CA Server chuyn cp cc chng thc cho ngi dng, trn thc t cc CA Server do ta xy dng m ta xy dng s khng c ngi s dng tin tng m c hn cc cng ty chuyn cung cp CA Server m cc hng phn mm ln nh google.com, yahoo.com vn thu s dng. Tuy nhin v chng ta ang nghin cu nn khng phi mua lm g cho tn km m ta s t xy dng mt CA Server ring.

Vi CA Server bn thn n cng c mt b Public Key & Private Key ca ring mnh. Khi A,B,C.... mun gi thng tin cho nhau phi thng qua CA Server ny xin cp giy chng nhn cho ring mnh c nh vy khi thng tin b nh cp hay sa i th nh c CA Server s xc thc tnh tin cy ca d liu nhn c cho ngi dng bit. Qui trnh ny nh sau: CA Server s ly thng tin Public Key ca ngi dng no gi l CRC hay thng tin c trng ca ngi dng . K tip n m ha CRC ny vi chnh Private Q ca n cho ra mt gi tr S v gi tr ny c cng khai Nh vy lc ny mi ti khon ngi dng s tn ti 2 Public Key v 1 Private Key

4 of 49

C nh vy khi B nhn c mt thng tin t A n s em thng tin S ca n gii m vi P ca CA Server v thu c CRC no N s ly tip gi tr CRC va thu c em so snh vi CRC ca chnh mnh nu trung khp th cho qua. Ngc li n bit y chnh l ni dung khng ng tin cy do b sa i t trc

By gi chng ta i vo thc t, trong bi ny ti s ng dng Certificate Authority vo trong vic m ha Email ca cc user nh vy ti phi dng 1 CA Server nhm cung cp chng thc cho cc user v mt Mail Server cc user c th gi mail cho nhau. cho n gin ti s ci tt c cc dch v ny ln cng mt my m thi 1/ CA WORKGROUP Trc tin ta xt trng hp s dng Certificate Authority (CA) trong mi trng WORKGROUP ci CA Server u tin bn phi ci dch v IIS ln my s ci CA, tuy nhin bn phi ci IIS hon tt mi c ci CA Services nu khng dch v CA s khng chy c.

5 of 49

Sau khi ci IIS hon tt bn quay tr li Windows Components chn Certificate Services v nhp Next ci t

Do ta ang trong mi trng Workgroup nn 2 la chn u tin s b m i y ta chn la chn th 3 l Stand-alone root CA

6 of 49

t tn cho CA ty thch y ti t l GC Com Co

Gi nguyn gi tr mc nh ca mn hnh Certificate Database Settings chn Next

7 of 49

Cui qu trnh ci t CA bn phi chn Yes ng Enable IIS nu khng CA khng hot ng c

Tip theo ti dng mt Mail Server vi MDaemon Sau khi ci t MDaemon hon tt bn nhp domain ca mnh vo Domain name

8 of 49

Ti mn hnh Setup your first account bn t mt ti khon mi, ti khon ny chnh l ti khon Admin trong MDaemon

Mn hnh Setup you DNS trng v nhp Next

9 of 49

Cui qu trnh ci t bn vo Services xem dch v MDaemon c c Started cha nu cha bn hy Start n th mi c th s dng MDaemon c

Mc nhin MDaemon s khng cho to ti khon mi vi password n gin v vy trong bi ti s b tnh nng ny bng cch nhp vo Menu Setup -> Miscellaneous Options Chn tip Tab Misc v b mc Require strong passwords

10 of 49

By gi ti s to 2 ti khon mi l gccom1 v gccom2 trong Account Manager cc User c th s dng ti khon ny Test mail th

11 of 49

Trong Local user and Group ti cng s to 2 Account mi l gccom1 v gccom2 kim chng

Logon vi gccom1 v cu hnh Outlook Express cho Account ny ng vi ti khon gccom1 trong MDaemon

12 of 49

Nhp chnh xc email ca gccom1 trong Email address

Do chng ta ang th nghim trn chnh my mnh nn cc dch v SMTP & POP3 bn nhp IP ca chnh mnh

13 of 49

Nhp li ti khon & mt khu ca Account gccom1 trong MDaemon

By gi gccom1 s gi mt Email cho gccom2 vi ni dung GCCOM1 SENT TO GCCOM2

14 of 49

ng nhp vi ti khon Administrator v vo C:\MDaemon\Users\gccom.net\gccom2 xem cc Email m gccom1 gi cho gccom2

15 of 49

Ti tm thy ni dung Email m gccom1 gi cho gccom2. Sau ti th Edit n bng cch thm mt dng mi l REPLY TO ME ngay bn di

16 of 49

Logon vi gccom kim tra mail gccom2 s thy rng mnh nhn c mt Email t gccom1 vi ni dung b Administrator Edit trc m n khng h hay bit. Nh vy n y ta thy h thng ca chng ta lc ny thc s khng an ton cht no c

17 of 49

By gi gccom1 & gccom2 s tin hnh ci CA ln mnh ng dng CA vo vic k tn in t v m ha Email nh sau: Vo a ch http://[IP my CA Server]/certsrv Nhp vo Request a certificate yu cu CA Server cp chng thc cho mnh

18 of 49

Do chng ta cn chng thc cho Email m thi nn ti mn hnh tip theo ta chn Email Protection Certificate

19 of 49

Ti mn hnh Information bn phi nhp chnh xc thng tin v ti khon email ca mnh v nhp Submit gi yu cu

20 of 49

Chn Yes hon tt

Cui cng n s hin th mn hnh thng bo nhn n yu cu ca bn v ch Administrator chng thc

21 of 49

Ti CA Server bn vo Start -> Programs -> Administrative tools -> Certificate Authority xem cc yu cu chng thc t cc Client

22 of 49

Trong Folder Pending Requests bn chn Issue chp nhn n ca user

n sau khi c chp nhn s hin th trong Folder Issued Certificates

Cc user sau khi c chng thc phi tin hnh ci CA ln chnh mnh bng cch vo li trang Web CA Server chn View the status of a pending certificate request

23 of 49

Nhp vo Link Email Protection Certificate

Chn Install this certificate tin hnh ci t CA ln mnh

24 of 49

Mn hnh thng bo ci t thnh cng

By gi ti gccom1 ti s tin hnh gi 2 Email cho gccom2 mt Mail s dng ch k in t, mt Mail s m ha hon ton ni dung Trc tn ti to mt Email th 1 vi: Subject l Test CA 1 Ni dung Test CA 1 V nhp vo nt Sign bn trn v gi i

25 of 49

Tip theo ti to mt Email th 2 vi: Subject l Test CA 2 Ni dung Test CA 2 V nhp vo c 2 nt Sign v Encrypt bn trn v gi i

26 of 49

Lc ny Outlook Express s thng bo li v thc cht c 2 user gccom1 v gccom2 ch mi ci CA ln mnh nhng cha lm cng on thng bo cho nhau v thng tin CA ca chnh mnh. V vy n y 2 user phi gi cho nhau 2 email Sign nhng khng Encrypt cung cp CA cho nhau trc th cc Email v sau mi c th Encrypt c

Sau khi gi Mail cho nhau thnh cng v c CA ln nhau th gi y mi khi gi mail cho nhau ta khng phi nhp a ch Mail ca user kia na m nhp trc tip vo nt To

27 of 49

Trong mn hnh Select Recipients xut hin thng tin CA ca 2 bn

Tr li vic gccom1 gi Mail vi ty chn Sign & Encrypt cho gccom2

28 of 49

Sau khi gi hon tt cho gccom2 ti mc Sent Items ca gccom1 s thy xut hin 2 Email mt c icon ng du v mt c icon cha kha

By gi ti ng nhp vo Administrator v th tin hnh sa Email xem gccom2 c pht hin hay khng Ti Email c k tn in t chng ta thy ni dung khng b m ha, v vy ti c th thm mt dng mi vo l REPLY TO ME

29 of 49

Nhng vi Email b m ha ton th ton b ni dung ta khng xem c, nhng tt nhin l c th ph phch thoi mi y ti cng thm mt dng REPLY TO ME

30 of 49

Logon vi gccom2 v kim tra th s thy xut hin 2 th mi t gccom1

Recommended

View more >