Good zuva!
Isu takabudirira kugadzira yedu certification centre. Inogona sei kubatsira kune zvinangwa zvedu?
Tichishandisa zvitupa zvemuno, tinogona kuburitsa zvitupa uye zvakare kuona masiginecha pazvitupa izvi.
Pakupa mushandisi chitupa, chiremera chinoshandisa chikumbiro chezvitupa Pkcs#10, chine '.csr' faira refomati. Chikumbiro ichi chine nhevedzano yakanyorwa iyo chiremera chechitupa chinoziva nzira yekuparura nemazvo. Chikumbiro chine ese ari maviri kiyi yeruzhinji yemushandisi uye data rekugadzira chitupa (yakabatana array ine data nezve mushandisi).
Isu tichatarisa maitiro ekugamuchira chikumbiro chechitupa mune inotevera chinyorwa, uye mune ino chinyorwa ndinoda kupa mirairo mikuru yechiremera chetifiketi iyo inotibatsira kupedzisa basa redu kudivi rekumashure.
Saka chekutanga tinofanirwa kugadzira chitupa. Kuti tiite izvi tinoshandisa murairo:
openssl ca -batch -in user.csr -out user.crt
ca ndiyo yakavhurikaSSL murairo ine chekuita nechiremera chetifiketi,
-batch - inodzima zvikumbiro zvekusimbisa paunenge uchigadzira chitupa.
user.csr β kukumbira kugadzira chitupa (faira iri mu.csr fomati).
user.crt - chitupa (mhedzisiro yemurairo).
Kuti murairo uyu ushande, chiremera chekupa chitupa chinofanirwa kugadzirwa sezvakatsanangurwa . Zvikasadaro, iwe uchafanirwa kuwedzera kutsanangura nzvimbo yemudzi wetiti yechiremera chetifiketi.
Certificate verification command:
openssl cms -verify -in authenticate.cms -inform PEM -CAfile /Users/β¦β¦/demoCA/ca.crt -out data.filecms murairo wakavhurika weSSL unoshandiswa kusaina, kuonesa, kuvharidzira data uye mamwe mabasa ecryptographic uchishandisa openSSL.
-verify - mune iyi kesi, isu tinosimbisa chitupa.
authenticate.cms - faira rine data rakasainwa nechitupa chakapihwa nemurairo wapfuura.
-zivisa PEM - PEM fomati inoshandiswa.
-CAfile /Users/β¦β¦/demoCA/ca.crt - nzira yekuenda kuchitupa. (pasina izvi murairo hauna kushanda kwandiri, kunyange nzira dze ca.crt dzakanyorwa mu openssl.cfg file)
-out data.file - Ini ndinotumira iyo data yakavharwa kune iyo faira data.file.
Iyo algorithm yekushandisa certification chiremera padivi rekumashure ndeiyi inotevera:
- Kunyoresa kwemushandisi:
- Isu tinogashira chikumbiro chekugadzira chitupa tochichengeta kumushandisi.csr faira.
- Tinochengetedza murairo wekutanga wechinyorwa ichi kune faira ine extension .bat kana .cmd. Isu tinomhanyisa faira iri kubva mukodhi, takambochengeta chikumbiro chekugadzira chitupa kune mushandisi.csr faira. Tinogashira faira rine user.crt certificate.
- Isu tinoverenga iyo user.crt faira uye tinoitumira kune mutengi.
- Mvumo yemushandisi:
- Isu tinogashira data rakasainwa kubva kumutengi uye torichengeta kune authenticate.cms faira.
- Chengetedza murairo wechipiri wechinyorwa chino kufaira ine extension .bat kana .cmd. Isu tinomhanyisa iyi faira kubva kune kodhi, takambochengeta iyo yakasainwa data kubva kune server mune authenticate.cms. Isu tinogashira faira rine decrypted data data.file.
- Isu tinoverenga data.file uye tarisa iyi data kuti ndeyechokwadi. Chii chaizvo chekutarisa chinotsanangurwa . Kana iyo data ichishanda, saka mvumo yemushandisi inoonekwa seyakabudirira.
Kuti uite aya algorithms, unogona kushandisa chero mutauro wechirongwa unoshandiswa kunyora backend.
Muchikamu chinotevera tichatarisa maitiro ekushanda neRetoken plugin.
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com