ProHoster > Блог > wararka internetka > Qoraaga GnuPG waxa uu aasaasay LibrePGP, fargeeto ah heerka OpenPGP

Qoraaga GnuPG waxa uu aasaasay LibrePGP, fargeeto ah heerka OpenPGP

Werner Koch, aasaasaha udub-dhexaadka iyo abuuraha mashruuca GnuPG (GNU Privacy Guard), ayaa aasaasay mashruuca LibrePGP, kaas oo diiradda saaraya horumarinta faahfaahinta la cusboonaysiiyay beddelka heerka OpenPGP. Fargeetada waxaa loo abuuray iyada oo laga jawaabayo isbeddelada ay soo jeediyeen kooxda shaqada ee IETF ee cusboonaysiinta soo socota ee qeexitaanka OpenPGP (RFC-4880), kaas oo Koch u arkay in su'aal la iska waydiin karo marka loo eego waafaqsanaanta iyo amniga. Horumarinta ka socota GnuPG, RNP (Thunderbird's OpenPGP fulinta), iyo Gpg4win oo taageeray fargeetada waxay ka baqayaan in isbeddellada la soo jeediyay ay waxyeello u geystaan ​​hirgelinta codsiyada OpenPGP ee hadda jira, kuwaas oo isticmaalayaashu ay ku tiirsan yihiin xasilloonida muddada dheer ee qeexitaanka oo aan dooneynin inay u dulqaataan isbeddelada jebiya waafaqsanaanta.

LibrePGP waxay ku daraysaa horumar waxtar leh oo la sameeyay sannadihii ugu dambeeyay nooca mustaqbalka ee qeexitaanka OpenPGP, laakiin waxay meesha ka saaraysaa isbeddelada si xun u saameeya wada shaqaynta. Tusaale ahaan, marka la barbar dhigo heerka RFC-4880 ee hadda, LibrePGP waxa ay qabataa sifooyinka soo socda:

  • Taageerida Camellia encryption algorithm (RFC-5581),
  • ECC (Elliptic Curve Cryptography) Kordhinta FuritaankaPGP (RFC-6637).
  • Taageerada qasabka ah ee SHA2-256 xashiishyada (SHA-1 iyo MD5 waa la baabi'iyay, iyo awoodda lagu kala saaro xogta iyada oo aan la hubin daacadnimada gabi ahaanba waa duugowday).
  • Kordhi cabbirka faraha ilaa 256 bits.
  • Taageerada nidaamka saxeexa dhijitaalka ah ee EdDSA iyo BrainpoolP256r1, BrainpoolP384r1, BrainpoolP512r1, Ed25519, Curve25519, Ed488, iyo X448 elliptic curves.
  • Taageerada algorithm ee CRYstals-Kyber, kaas oo u adkeysanaya in uu xoog u yeelo kombayutarada quantum.
  • Taageerada OCB (qaabka Buugga code-ka ee Offset) qaababka sirta ee la xaqiijiyay.
  • Hirgelinta nooca shanaad ee qaabka saxeexa dhijitaalka ah ee leh ilaalinta xogta badan.
  • Taageerada baakidh-hoosaadyo fidsan oo leh saxeexyo dhijitaal ah.

Qodobbada muhiimka ah ee dhaleeceynta qeexitaanka cusub ee OpenPGP:

  • Halkii si tartiib tartiib ah loo cusbooneysiin lahaa qeexitaanka, kooxda shaqada ee IETF waxay isku dayeen inay dib u soo nooleeyaan heerka oo ay soo bandhigaan isbeddello la taaban karo oo la wada shaqayn karo.
  • Ku qasbida taageerada qaabka sirta ah ee GCM (Galois/Counter Mode), kaas oo ay adagtahay in si sax ah loo fuliyo, iyada oo la iska indhatirayo OCB (qaabka codebook code), shatiyada kuwaas oo dhacay dhowr sano ka hor.
  • Ku darida baakado ikhtiyaari ah oo leh suuf random ah si looga ilaaliyo falanqaynta taraafikada. Sida laga soo xigtay hal-abuurayaasha LibrePGP, baakadaha noocaan ah ee leh suufka random bilowga ah ee aan la xaqiijin karin ayaa keenaya khatarta ah in laga faa'iidaysto si loo abuuro kanaalo gudbinta xogta qarsoon iyo in laga gudbo nidaamyada ka hortagga daadinta xogta. Markii hore, fikradda ku darista suufka ayaa loo diiday arrin ku saabsan lakabka codsiga, ee ma aha lakabka sirta ah.
  • Isticmaalka nidaamka sirta ah ee ECDH oo la beddelay (beddelka qaabka OID), beddelkii la isticmaali lahaa nooca hore loogu sharraxay RFC-6637 oo laga hirgeliyay PGP iyo GnuPG.
  • Ka saarida qaar ka mid ah sifooyinka loo isticmaalo ku celcelinta, sida habka kala noqoshada furaha ee caadiga ah, calanka "m" ee calaamadinta xogta MIME, iyo "t" calanka kala soocida xogta qoraalka iyo xogta binary (calanka "t" waxaa lagu bedelay calanka "u" ee qoraalka UTF-8).
  • Diidmada in lagu daro ilaalinta xogta badan ee faylka la saxeexay qaabka cusub ee saxeexa (tusaale ahaan, waa suurtogal in la beddelo magaca faylka iyada oo aan la jebin saxeexa).
  • Ikhtiyaarka la isweydiin karo ayaa ah in lagu daro "cusbo" saxiixyada (saxiixa milix leh) si kor loogu qaado ilaalinta weerarada isku dhaca ee horgale la bixiyay. Qiimaha cusbada leh waxaa loo isticmaali karaa sidii kanaal qarsoon oo aan naafo ahayn si loogu gudbiyo 32 bytes ee xogta saxiixa.
  • U wareejinta heerka isticmaalka aasaasiga ah ee isgaarsiinta khadka tooska ah, iyada oo la iska indhatirayo baahiyaha kaydinta xogta muddada-dheer.

Taageerayaasha OpenPGP ayaa horey u daabacay dhaleeceynta dhaleeceynta. Ugu dambeyntii, haddii tanaasul la heli waayo, kala qaybsanaantu waxay horseedi kartaa sii korodhka is-waafajin la'aanta hirgelinta OpenPGP/LibrePGP. Qayb ahaan si arrintan wax looga qabto, horumarinta OpenPGP waxay haystaan ​​nooca 5 ee qaabka saxeexa go'an oo la jaan qaadaya LibrePGP waxayna bilaabeen shaqada nooca 6.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster