預期的輸出 (CNG 範例)
更新: 2008 年 7 月
Cryptography Next Generation (CNG) 安全通訊範例包含三個應用程式,每個應用程式都會產生大量文字輸出。此外,此範例還包含五個版本,可產生不同的輸出。如需這些應用程式和版本的詳細資訊,請參閱 Cryptography Next Generation (CNG) 安全通訊範例和原始程式碼概觀 (CNG 範例)。
本主題包含下列章節,顯示輸出的選取部分:
Alice、選項功能表
版本 1-5,沒有攔截的情況、非詳細資訊模式
版本 3,有攔截的情況、非詳細資訊模式
版本 4-5,有攔截的情況、詳細資訊模式
在輸出章節中,冒號後面加上大於符號 (:>) 即代表提示字元。省略符號 (...) 則表示省略的輸出行,因為這些輸出行自前面的輸出區塊以來都未改變。
下圖顯示工作階段啟動時的所有三個主控台視窗:
.png)
Alice、選項功能表
下列輸出顯示 Alice 在工作階段開始顯示的選項功能表。
Cryptography Next Generation Secure Communication Example
------------------------------------------------------------------
Please select a security model:
1 = Plaintext only.
2 = Encrypt messages.
3 = Encrypt messages, use public key to digitally sign messages.
4 = Encrypt messages, use private key to digitally sign messages.
5 = Encrypt messages, use private key to digitally sign messages
and cryptographic keys. Causes Abort on security failures.
x = Exit.
:> 3
Include Mallory? y/n
:> y
Verbose output mode? y/n
:> y
版本 1-5,沒有攔截的情況、非詳細資訊模式
本節顯示當您選擇非詳細資訊模式以及關閉 Mallory 的攔截功能時,Alice.exe 版本 1 到 5 所產生輸出的部分。
Alice,版本 1
下列輸出顯示在沒有加密、數位簽章或攔截的情況下,Alice 和 Bob 進行基本訊息交換的狀況。
Cryptography Next Generation Secure Communication Example
Security Version: 1 Mode: Regular Mallory: no Signatures: no
-----------------------------------------------------------------------
Hi, I'm Alice Green. My sales associate is Bob White.
I need to send him a customer order right now!
:> Hi Bob. I have a new customer contact.
Hi Alice. That is good news. Please send it to me.
:> Here it is: Coho Winery, 111 AnyStreet, Chicago
Thanks, I'll arrange to meet him.
...
Alice,版本 2
下列輸出顯示 Alice 和 Bob 使用密碼編譯金鑰來加密訊息時,所發生的狀況。
Cryptography Next Generation Secure Communication Example
Security Version: 2 Mode: Regular Mallory: no Signatures: no
-----------------------------------------------------------------------
...
-----------------------------------------------------------------------
Now Bob will publicly send me his public cryptographic key:
Listening...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
:> Hi Bob. I have a new customer contact.
Hi Alice. That is good news. Please send it to me.
:> Here it is: Coho Winery, 111 AnyStreet, Chicago
Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------
...
Alice,版本 3-5
下列輸出顯示 Alice 和 Bob 使用數位簽章簽署金鑰和訊息時,所發生的狀況。由於 fMallory 旗標為 false (即沒有攔截),輸出幾乎與上一節相同。
Cryptography Next Generation Secure Communication Example
Security Version: 3 Mode: Regular Mallory: no Signatures: yes
-----------------------------------------------------------------------
Hi, I'm Alice Green. My sales associate is Bob White.
I need to send him a customer order right now!
First, I will send Bob a digital signature key over a public channel.
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, I'll send Bob my key.
Sending...
-----------------------------------------------------------------------
Now Bob will publicly send me his public cryptographic key:
Listening...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
...
版本 3,有攔截的情況、非詳細資訊模式
此版本顯示當 fMallory 旗標設定為 true 時,所發生的狀況。仔細留意 Bob 從 Alice 收到的地址。請與上一節 Bob 收到的地址比較。您會發現 Mallory 攔截了地址並稍做改動。
雖然 Alice 和 Bob 隨每個訊息傳送了數位簽章,但 Mallory 仍能夠攔截訊息。這是因為他們透過與密碼編譯加密金鑰相同的不安全通道傳送數位簽章金鑰。Mallory 能夠攔截這兩個金鑰。他使用密碼編譯金鑰來加密他的訊息,再使用數位簽章金鑰簽署訊息。由於 Alice 和 Bob 使用相同的金鑰,因此沒有人會懷疑。
Bob,版本 3
下列輸出取自於 Bob 的主控台視窗。這顯示 Bob 從 Mallory 收到的訊息。
Cryptography Next Generation Secure Communication Example
Security Version: 3 Mode: Regular Mallory: yes Signatures: yes
----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, Alice will send me her key.
Listening...
-----------------------------------------------------------------------
Next, I will send my public cryptographic key to Alice:
Sending...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
Hi Bob. I have a new customer contact.
:> Hi Alice. That is good news. Please send it to me.
Here it is: Coho Winery, 111 AnyStreet, Chicago
:> Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------...
Mallory,版本 3
下列輸出取自於 Mallory 的主控台視窗。這顯示 Mallory 如何攔截和變更 Alice 和 Bob 之間的訊息。
Cryptography Next Generation Secure Communication Example
Security Version: 2 Mode: Regular Mallory: yes Signatures: no
-----------------------------------------------------------------------
Hi, I'm Mallory, the man in the middle.
I wonder what Alice and Bob are talking about.
I think I'll listen in.
-----------------------------------------------------------------------
Alice and Bob are going to exchange their
public cryptographic keys through a public channel.
First, Alice will send Bob her key.
Good. I just intercepted Alice's public key:
Next, I will send my MalloryAlice public cryptographic key to Alice:
Sending...
Next, I will send my MalloryBob public cryptographic key to Bob:
Sending...
Now I will receive Bob's public key:
Good. I just intercepted Bob's public key:
-----------------------------------------------------------------------
Now that they have exchanged their keys,
they can have a secure conversation:
-----------------------------------------------------------------------
From Alice:
Hi Bob. I have a new customer contact.
To Bob:
:> Hi Bob. I have a new customer contact.
From Bob:
Hi Alice. That is good news. Please send it to me.
To Alice:
:> Hi Alice. That is good news. Please send it to me.
From Alice:
Here it is: Coho Winery, 111 AnyStreet, Chicago
To Bob:
:> Coho Winery, OneEleven EveryStreet, Chicago
From Bob:
Thanks, I'll arrange to meet him.
To Alice:
:> I think the address is wrong, but I'll keep trying.
-----------------------------------------------------------------------
I am so clever!
Here is what I received: Coho Winery, 111 AnyStreet, Chicago
and here is what I sent: Coho Winery, OneEleven EveryStreet, Chicago
They will never catch me!
-----------------------------------------------------------------------
...
版本 4-5,有攔截的情況、詳細資訊模式
在版本 4 和 5 中,Alice 會將私密數位簽章金鑰傳送給 Bob,用來簽署他們的訊息。Mallory 並不知道 Alice 用來傳送金鑰給 Bob 的私用通道。因此,他繼續使用在公用通道上攔截到的數位簽章金鑰。
Bob,版本 4
本節顯示完整的詳細輸出。您可以看到加密的數位簽章金鑰、訊息加密金鑰以及加密的訊息。此版本也包含偵測到未驗證的數位簽章時顯示的安全性警告。
Cryptography Next Generation Secure Communication Example
Security Version: 4 Mode: Verbose Mallory: yes Signatures: yes
-----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
Here it is:
☻???x???♥?? ♦ ?ie??t?VD?A?Y??▬☻§?Ed►??H?Hm2G¶?E??N?!`?☺¶^[←?↨?▬d? K9zdnJ
?☻?:↓?☺ ?L?K???C+♦??c?*7↓l?§??-??`L?h↓?GF?=???????????↔??&1|☺?????%?_???
?
Now Alice privately sent me a digital signature key. I will use it instead.
Here it is:
0??☻☺ 0►♠*?H?=☻☺♠♣+?♦ #♦??0??☻☺☺♦B☺??t
???♥?? ♦☺?V??)???s<m{sGM!?;~??d??Oc`♦?j??⌂§?d??b?? ????????,?♠ ??4?]???
.??☺DN)3?=T↨??p>M???X?B????50???? ? ?E§?B?nr?z?/r??U????7,⌂?n?SL??,+
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, Alice will send me her key.
Listening...
======== SECURITY ERROR!!===========
Cryptographic Key: Failure verifying digital signature.
Here it is: an ECDH public KeyBlob
encoded within an XML string:
<ECDHKeyValue xmlns="http://www.w3.org/2001/04/xmldsig-more#">
<DomainParameters>
<NamedCurve URN="urn:oid:1.3.132.0.35" />
</DomainParameters>
<PublicKey>
<X Value="5810718142462989354994453278603666484069278865008031317447
037792465942980799716553452148826647328907514445799324904361787703912513
195249832409677600954844765" />
<Y Value="3280794663882281563639053942916365892460715799983953322007
508591453180081202861463948160922147015703385178443338980028430040655324
927942630539423460021361227" />
</PublicKey>
</ECDHKeyValue>
-----------------------------------------------------------------------
Next, I will send my public cryptographic key to Alice:
Sending...
Here it is: an ECDH public KeyBlob
encoded within an XML string:
<ECDHKeyValue xmlns="http://www.w3.org/2001/04/xmldsig-more#">
<DomainParameters>
<NamedCurve URN="urn:oid:1.3.132.0.35" />
</DomainParameters>
<PublicKey>
<X Value="2455055322326895878650801953827546401118074905382497016837
137236585732889354895381530732942808710858667195863286496064074787137035
924365385948877294503335106" />
<Y Value="1218921928274644208762495755994900948182290688858431853778
446672036473174952224569387259723200925573098776195363817761522302928910
53555717400648130000558239" />
</PublicKey>
</ECDHKeyValue>
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
Incoming message:
??(??m?⌂4i?JOgion vector: ?
Ciphertext:
??∟↓[\▼?3♦Z GTGa>?&??,?x3f1Sh7L↓n?dc?I?A??\?P?l⌂X⌂@?V#??G??(O???6?♦☻)?
PJ???@{N
Signature:
?QF????¶☻ ~?YA?????oJ?7??{◄?oVg???L?→←3?⌂§?
Y???Ca??S?Rl?v8(? ? ????I0 ?♦?|???L9|????????
??♦&)??gm??28?!??L?
U?, ???N??@4??2§S
Incoming decoded message:
Hi Bob. I have a new customer contact.
SECURITY WARNING! Received signature did not verify
-----------------------------------------------------------------------
:> Hi Alice. That is good news. Please send it to me.
-----------------------------------------------------------------------
Incoming message:
Initialization vector: ??4??♂??§??♫:(??
Ciphertext:
?m?????y??x'~?<⌂yZ???G??Q????§????↕G??☼M?(?y[§▼→a?f%L??????← ????y???
&??z ?p?????[?p
Signature:
???7[?ju???4??]???F?l?'-A??@?l??‼?¶F"k???g??♀{??S??????▲?t.?;???↕▬?u?♠♀
?!%}?????∟?☻?*?a?"◄o??▬??,?w??F▲k??Y∟?▲???j??T???↕♫2???
Incoming decoded message:
Coho Winery, OneEleven EveryStreet, Chicago
SECURITY WARNING! Received signature did not verify
-----------------------------------------------------------------------
:> Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------
Bob,版本 5
如同前一個版本,版本 5 也使用私密數位簽章金鑰來簽署訊息加密金鑰。此外,此版本只要遇到安全性錯誤,便會立即結束工作階段。
Cryptography Next Generation Secure Communication Example
Security Version: 5 Mode: Verbose Mallory: False Sign keys: true
-----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
Here it is:
...
Now Alice will privately sent me a digital signature key. I will use it
instead.
Here it is:
...
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel
First, Alice will send me her key.
Listening...
======== SECURITY ERROR!===========
Cryptographic Key: Failure verifying digital signature.
Contact your security administrator.
TERMINATING SESSION
請參閱
概念
Cryptography Next Generation (CNG) 安全通訊範例
變更記錄
日期 |
記錄 |
原因 |
|---|---|---|
|
2008 年 7 月 |
加入主題。 |
資訊加強。 |