aso lelei!
Ua fa'amanuiaina la tatou lava fa'ailoga nofoaga autu. E mafai faapefea ona aoga mo o tatou faamoemoega?
I le faʻaaogaina o se pulega faʻamaonia i le lotoifale, e mafai ona matou tuʻuina atu tusi pasi ma faʻamaonia saini i luga o nei tusi pasi.
A tu'uina atu se tusipasi i se tagata fa'aoga, e fa'aaoga e le pulega fa'amaonia se talosaga fa'apitoa mo tusi pasi Pkcs#10, o lo'o iai le '.csr' faila faila. O lenei talosaga o lo'o iai se fa'asologa fa'ailoga e iloa e le pulega fa'amaonia le fa'avasega sa'o. O le talosaga e aofia uma ai le tagata fa'aoga lautele ma fa'amaumauga mo le fatuina o se tusi faamaonia (se fa'asologa fa'atasi ma fa'amatalaga e uiga i le tagata fa'aoga).
O le a tatou vaʻavaʻai i le auala e maua ai se talosaga mo se tusi faamaonia i le isi tusiga, ma i lenei tusiga ou te manaʻo e tuʻuina atu tulafono autu a le pule faʻamaonia e fesoasoani ia i matou e faʻamaeʻa la matou galuega i le pito i tua.
Muamua la e tatau ona tatou faia se tusi faamaonia. Ina ia faia lenei mea matou te faʻaaogaina le poloaiga:
openssl ca -batch -in user.csr -out user.crt
ca o le openSSL poloaiga e fesoʻotaʻi ma le pule faʻamaonia,
-batch - fa'aleaogaina talosaga fa'amaonia pe a fa'atupuina se tusi pasi.
user.csr - talosaga e fatu se tusi faamaonia (faila i le faatulagaga .csr).
user.crt - tusi faamaonia (i'uga o le poloaiga).
Ina ia mafai ona galue lenei poloaiga, e tatau ona faʻatulagaina le pule faʻamaonia e pei ona faʻamatalaina . A leai, e tatau ona e fa'aopoopoina le nofoaga o le a'a tusi faamaonia o le pule fa'amaonia.
Poloaiga fa'amaonia tusi pasi:
openssl cms -verify -in authenticate.cms -inform PEM -CAfile /Users/……/demoCA/ca.crt -out data.filecms o se faʻatonuga openSSL e faʻaaogaina mo le sainia, faʻamaonia, faʻailogaina faʻamatalaga ma isi gaioiga faʻataʻitaʻiga e faʻaaoga ai le openSSL.
-faʻamaonia - i lenei tulaga, matou te faʻamaonia le tusi faamaonia.
authenticate.cms - o se faila o loʻo i ai faʻamaumauga na sainia ma le tusi faamaonia na tuʻuina atu e le poloaiga muamua.
-fa'ailoa PEM - fa'aogaina le fa'atulagaina PEM.
-CAfile /Users/……/demoCA/ca.crt - ala i le aʻa tusi faamaonia. (a aunoa ma lenei mea e le aoga le poloaiga ia te aʻu, e ui o auala i le ca.crt na tusia i le faila openssl.cfg)
-out data.file - Ou te auina atu faamatalaga decrypted i le faila data.file.
O le algorithm mo le faʻaaogaina o se pule faʻamaonia i le pito i tua e faʻapea:
- Resitala tagata fa'aoga:
- Matou te maua se talosaga e fai se tusi faamaonia ma sefe i le faila user.csr.
- Matou te faʻasaoina le poloaiga muamua o lenei tusiga i se faila ma le faʻaopoopoga .bat poʻo .cmd. Matou te faʻatautaia lenei faila mai le code, talu ai na faʻasaoina muamua le talosaga e fai se tusi faamaonia i le faila user.csr. Matou te mauaina se faila ma le user.crt tusi faamaonia.
- Matou te faitau le faila user.crt ma lafo i le kalani.
- Fa'atagaga mo tagata fa'aoga:
- Matou te mauaina fa'amaumauga saini mai le kalani ma teu i le faila authenticate.cms.
- Faasaoina le poloaiga lona lua o lenei tusiga i se faila ma le faʻaopoopoga .bat poʻo .cmd. Matou te faʻatautaia lenei faila mai le code, talu ai na faʻasaoina muamua faʻamaumauga saini mai le server i authenticate.cms. Matou te mauaina se faila o loʻo i ai faʻamatalaga faʻamatalaga faʻamaumauga.file.
- Matou te faitau i le data.file ma siaki nei faʻamatalaga mo le faʻamaonia. O le mea tonu e siaki o loʻo faʻamatalaina . Afai e fa'amaonia le fa'amaumauga, ona fa'apea loa lea o le fa'atagaina o tagata e fa'aoga manuia.
Ina ia faʻatinoina nei algorithms, e mafai ona e faʻaogaina soʻo se gagana polokalame e faʻaaogaina e tusi ai le pito i tua.
I le isi tusiga o le a tatou vaʻavaʻai i le auala e galue ai ma le Retoken plugin.
Faafetai mo lau gauai!
puna: www.habr.com