ProHoster > Блог > Gudanarwa > Ƙwarewa cikin amfani da fasahar Rutoken don yin rajista da ba da izini ga masu amfani a cikin tsarin (sashe na 1)

Ƙwarewa cikin amfani da fasahar Rutoken don yin rajista da ba da izini ga masu amfani a cikin tsarin (sashe na 1)

Barka da rana Ina so in raba gwaninta akan wannan batu.

Rutoken shine hardware da software mafita a fagen tantancewa, tsaro na bayanai da sa hannun lantarki. Mahimmanci, wannan filasha ce da ke iya adana bayanan tantancewa waɗanda mai amfani ke amfani da su don shiga cikin tsarin.

A cikin wannan misali, ana amfani da Rutoken EDS 2.0.

Don yin aiki tare da wannan Rutoken kuna buƙatar shigar da direba akan windows.

Don Windows, shigar da direba ɗaya kawai yana tabbatar da cewa an shigar da duk abin da ake buƙata don OS ya ga Rutoken naka kuma zai iya aiki da shi.

Kuna iya yin hulɗa tare da Rutoken ta hanyoyi daban-daban. Kuna iya samun dama gare shi daga bangaren uwar garken aikace-aikacen, ko kai tsaye daga bangaren abokin ciniki. Wannan misalin zai kalli hulɗa tare da Rutoken daga ɓangaren abokin ciniki na aikace-aikacen.

Sashin abokin ciniki na aikace-aikacen yana hulɗa tare da rutoken ta hanyar rutoken plugin. Wannan shiri ne da aka sanya shi daban akan kowane mai bincike. Don Windows kawai kuna buƙatar saukewa kuma shigar da plugin ɗin, located a wannan mahada.

Shi ke nan, yanzu za mu iya yin hulɗa tare da Rutoken daga ɓangaren abokin ciniki na aikace-aikacen.

Wannan misalin yana tattauna ra'ayin aiwatar da algorithm izni mai amfani a cikin tsarin ta amfani da tsarin amsa kalubale.

Asalin ra'ayin shine kamar haka:

  1. Abokin ciniki yana aika buƙatar izini zuwa uwar garken.
  2. Sabar tana amsa buƙatu daga abokin ciniki ta hanyar aika kirtani bazuwar.
  3. Abokin ciniki ya sanya wannan kirtani tare da bazuwar 32-bit.
  4. Abokin ciniki yana sanya hannu akan kirtani da aka karɓa tare da takardar shaidar sa.
  5. Abokin ciniki yana aika saƙon rufaffen da aka karɓa zuwa uwar garken.
  6. Sabar tana tabbatar da sa hannun ta hanyar karɓar saƙon da ba a ɓoye na asali ba.
  7. Sabar ta zare rago 32 na ƙarshe daga saƙon da ba a ɓoye ba.
  8. Sabar tana kwatanta sakamakon da aka karɓa tare da saƙon da aka aika lokacin neman izini.
  9. Idan saƙonnin iri ɗaya ne, to ana ɗaukar izini cikin nasara.

A cikin algorithm na sama akwai irin wannan abu azaman takaddun shaida. Don wannan misali, kuna buƙatar fahimtar wasu ka'idar cryptographic. A Habré akwai babban labarin akan wannan batu.

A cikin wannan misali, za mu yi amfani da asymmetric boye-boye algorithms. Don aiwatar da algorithms asymmetric, dole ne ku sami maɓalli biyu da takaddun shaida.

Maɓalli biyu sun ƙunshi sassa biyu: maɓalli na sirri da maɓallin jama'a. Maɓalli na sirri, kamar yadda sunansa ya nuna, dole ne ya zama sirri. Muna amfani da shi don murkushe bayanan. Ana iya rarraba maɓallin jama'a ga kowa. Ana amfani da wannan maɓallin don ɓoye bayanai. Don haka, kowane mai amfani zai iya ɓoye bayanan ta amfani da maɓalli na jama'a, amma mai keɓaɓɓen maɓalli ne kaɗai zai iya ɓata wannan bayanin.

Takaddun shaida takarda ce ta lantarki wacce ta ƙunshi bayanai game da mai amfani wanda ya mallaki takardar shaidar, da maɓalli na jama'a. Tare da takaddun shaida, mai amfani zai iya sanya hannu kan kowane bayanai kuma ya aika zuwa uwar garken, wanda zai iya tabbatar da sa hannun kuma ya lalata bayanan.

Domin sanya hannu daidai da saƙo tare da takaddun shaida, kuna buƙatar ƙirƙirar shi daidai. Don yin wannan, an fara ƙirƙirar maɓalli biyu akan Rutoken, sannan dole ne a haɗa takaddun shaida zuwa maɓallin jama'a na wannan maɓallin biyu. Dole ne takardar shaidar ta kasance tana da ainihin maɓallin jama'a wanda ke kan Rutoken, wannan yana da mahimmanci. Idan kawai muka ƙirƙiri maɓalli biyu da takaddun shaida nan da nan a gefen abokin ciniki na aikace-aikacen, to ta yaya uwar garken zata iya ɓoye wannan ɓoyayyen saƙon? Bayan haka, bai san komai ba game da ko dai maɓalli ko takaddun shaida.

Idan kuka zurfafa cikin wannan batu, zaku iya samun bayanai masu ban sha'awa akan Intanet. Akwai wasu hukumomin takaddun shaida waɗanda a fili muke dogara. Waɗannan hukumomin takaddun shaida na iya ba da takaddun shaida ga masu amfani; suna shigar da waɗannan takaddun shaida akan sabar su. Bayan haka, lokacin da abokin ciniki ya shiga wannan uwar garken, sai ya ga wannan takaddun shaida, kuma ya ga cewa wata hukuma ce ta ba da takardar shaida, wanda ke nufin wannan uwar garken za a iya amincewa da ita. Hakanan akwai bayanai da yawa akan Intanet game da yadda ake saita komai daidai. Misali, zaku iya farawa da wannan.

Idan muka koma ga matsalarmu, da alama mafita a bayyane take. Kuna buƙatar ƙirƙirar cibiyar takaddun shaida ta ko ta yaya. Amma kafin wannan, kuna buƙatar gano akan menene cibiyar ba da takaddun shaida ya kamata ta ba da takardar shaida ga mai amfani, saboda bai san komai game da shi ba. (Misali, sunansa na farko, sunansa na ƙarshe, da dai sauransu) Akwai irin wannan abu da ake kira buƙatar takardar shaida. Ana iya samun ƙarin bayani game da wannan ma'auni, misali, akan Wikipedia ru.wikipedia.org/wiki/PKCS
Za mu yi amfani da sigar 1.7 - PKCS#10.

Bari mu bayyana algorithm don ƙirƙirar takaddun shaida akan Rutoken (tushen asali: takardun shaida):

  1. Mun ƙirƙiri maɓalli biyu akan abokin ciniki kuma mu adana shi akan Rutoken. (ajiye yana faruwa ta atomatik)
  2. Mun ƙirƙiri buƙatun takaddun shaida akan abokin ciniki.
  3. Daga abokin ciniki muna aika wannan buƙatar zuwa uwar garken.
  4. Lokacin da muka karɓi buƙatun takaddun shaida akan sabar, muna ba da takaddun shaida daga ikon takaddun shaida.
  5. Mun aika wannan takardar shaidar ga abokin ciniki.
  6. Muna adana takaddun Rutoken akan abokin ciniki.
  7. Dole ne a ɗaure takardar shaidar zuwa maɓalli biyu waɗanda aka ƙirƙira a matakin farko.

Yanzu ya bayyana yadda uwar garken za ta iya warware sa hannun abokin ciniki, tunda ita da kanta ta ba shi takardar shaidar.

A kashi na gaba, za mu yi nazari sosai kan yadda ake kafa ikon takardar shaidarku bisa cikakken madaidaicin ɗakin karatu na buɗe SSL.

source: www.habr.com

Add a comment