TLS中PSK的简要介绍 | 您所在的位置:网站首页 › psk 认证 › TLS中PSK的简要介绍 |
PSK的目的
我们都知道TLS需要依赖非对称算法(RSK,EC,DS,DH...)完成秘钥交换,身份认证的功能,但是非对称算法的耗时和耗计算资源的特性在对资源或者耗时敏感的场景下,你就想把他优化掉。本文我们就简绍一种TLS标准本身提供的优化方式:PSK. PSK的江湖地位PSK的方式应该是最古老的一种秘钥交换和认证方式,但是它在TLS中的江湖地位是比较低的,从最早的非正式的优化方案到有了自己的RFC编号RFC4279(December 2005)对比TLS的历史 TLS中PSK的核心目的一下是RFC中的原文摘录 This document specifies three sets of new ciphersuites for the Transport Layer Security (TLS) protocol to support authentication based on pre-shared keys (PSKs). These pre-shared keys are symmetric keys, shared in advance among the communicating parties. 一,The first set of ciphersuites uses only symmetric key operations for authentication. TLS_PSK_WITH_RC4_128_SHA PSK RC4_128 SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK 3DES_EDE_CBC SHA TLS_PSK_WITH_AES_128_CBC_SHA PSK AES_128_CBC SHA TLS_PSK_WITH_AES_256_CBC_SHA PSK AES_256_CBC SHA 二,The second set uses a Diffie-Hellman exchange authenticated with a pre-shared key, and TLS_DHE_PSK_WITH_RC4_128_SHA DHE_PSK RC4_128 SHA TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE_PSK 3DES_EDE_CBC SHA TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE_PSK AES_128_CBC SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE_PSK AES_256_CBC SHA 三,the third set combines public key authentication of the server with pre-shared key authentication of the client. TLS_RSA_PSK_WITH_RC4_128_SHA RSA_PSK RC4_128 SHA TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA_PSK 3DES_EDE_CBC SHA TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA_PSK AES_128_CBC SHA TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA_PSK AES_256_CBC SHA |
CopyRight 2018-2019 实验室设备网 版权所有 |