Akuyona imfihlo ukuthi elinye lamathuluzi asizayo asetshenziswa kakhulu, ngaphandle kwalokho ukuvikelwa kwedatha kumanethiwekhi avulekile akunakwenzeka, ubuchwepheshe besitifiketi sedijithali. Kodwa-ke, akuyona imfihlo ukuthi i-drawback eyinhloko yobuchwepheshe ukuthembela okungenamibandela ezikhungweni ezikhipha izitifiketi zedijithali. Umqondisi Wezobuchwepheshe Nokusungula ENCRY U-Andrey Chmora uhlongoze indlela entsha yokuhlela ingqalasizinda ebalulekile yomphakathi (Ingqalasizinda Ebalulekile Yomphakathi, I-PKI), okuzosiza ukuqeda ukushiyeka kwamanje futhi esebenzisa ubuchwepheshe be-ledger (blockchain). Kodwa izinto zokuqala kuqala.
Uma ujwayelene nendlela ingqalasizinda yokhiye wakho womphakathi wamanje osebenza ngayo futhi wazi amaphutha ayo ayinhloko, ungeqa uye phambili kulokho esihlongoza ukukushintsha ngezansi.
Ayini amasiginesha nezitifiketi zedijithali?Ukusebenzisana ku-inthanethi kuhlala kuhilela ukudluliswa kwedatha. Sonke sinentshisekelo yokuqinisekisa ukuthi idatha idluliselwa ngokuphephile. Kodwa kuyini ukuvikeleka? Izinsizakalo zokuphepha ezifunwa kakhulu ziyimfihlo, ubuqotho kanye nobuqiniso. Ngale njongo, izindlela ze-cryptography asymmetric, noma i-cryptography enokhiye womphakathi, zisetshenziswa okwamanje.
Ake siqale ngeqiniso lokuthi ukusebenzisa lezi zindlela, izihloko zokusebenzelana kufanele zibe nokhiye ababili ababhanqiwe ngabanye - esidlangalaleni kanye nemfihlo. Ngosizo lwabo, izinsizakalo zokuphepha esizishilo ngenhla zinikezwa.
Kufinyelelwa kanjani ukugcinwa kuyimfihlo kolwazi? Ngaphambi kokuthumela idatha, obhalisile othumelayo ubhala ngemfihlo (uguqule ngokuyimfihlo) idatha evuliwe esebenzisa ukhiye osesidlangalaleni womamukeli, futhi umamukeli ususa ukubethela kombhalo oyimfihlo owamukelwe esebenzisa ukhiye oyimfihlo obhanqiwe.
Bufinyelelwa kanjani ubuqotho nobuqiniso bolwazi oludlulisiwe? Ukuxazulula le nkinga, kwakhiwe enye indlela. Idatha evuliwe ayibethelwe, kodwa umphumela wokusebenzisa umsebenzi we-cryptographic hash - isithombe "esicindezelwe" sokulandelana kwedatha yokufaka - sidluliselwa ngefomu elibethelwe. Umphumela we-hashing enjalo ubizwa ngokuthi “i-digest”, futhi ibethelwa kusetshenziswa ukhiye oyimfihlo wobhalisile othumelayo (“ufakazi”). Njengomphumela wokubethela inhlabamkhosi, kutholwa isiginesha yedijithali. Yona, kanye nombhalo ocacile, idluliselwa kumamukeli obhalisile ("isiqinisekisi"). Ususa ukubethela kwesiginesha yedijithali kukhiye womphakathi wofakazi futhi awuqhathanise nomphumela wokusebenzisa umsebenzi we-cryptographic hashi, lowo oqinisekisayo awubala ngokuzimela ngokusekelwe kudatha evuliwe etholiwe. Uma zifana, lokhu kukhombisa ukuthi idatha idluliswe ngefomu eliyiqiniso neliphelele ngobhalisile othumelayo, futhi ayilungiswanga umhlaseli.
Izinsiza eziningi ezisebenza ngedatha yomuntu siqu kanye nolwazi lokukhokha (amabhange, izinkampani zomshwalense, izindiza, izinhlelo zokukhokha, kanye nezingosi zikahulumeni ezifana nesevisi yentela) zisebenzisa ngenkuthalo izindlela ze-cryptography ze-asymmetric.
Isitifiketi sedijithali sihlobene ngani naso? Kulula. Kokubili izinqubo zokuqala nezesibili zibandakanya okhiye basesidlangalaleni, futhi njengoba bedlala indima ebalulekile, kubaluleke kakhulu ukuqinisekisa ukuthi okhiye empeleni abakamthumeli (ufakazi, esimweni sokuqinisekiswa kwesiginesha) noma umamukeli, futhi akuyena. kufakwe izikhiye zabahlaseli. Yingakho izitifiketi zedijithali zikhona ukuze kuqinisekiswe ubuqiniso nobuqotho bokhiye womphakathi.
Qaphela: ubuqiniso nobuqotho bokhiye womphakathi buqinisekiswa ngendlela efanayo ncamashi nobuqiniso nobuqotho bedatha yomphakathi, okungukuthi, kusetshenziswa isiginesha yedijithali ye-elekthronikhi (EDS).
Zivelaphi izitifiketi zedijithali?Iziphathimandla zezitifiketi ezethenjwayo, noma Iziphathimandla Zokunikeza Izitifiketi (CAs), zinesibopho sokukhipha nokugcina izitifiketi zedijithali. Umfakisicelo ucela ukukhishwa kwesitifiketi kwa-CA, uthola ukuhlonza esikhungweni sokubhalisa (CR) futhi uthola isitifiketi esivela kwa-CA. I-CA iqinisekisa ukuthi ukhiye osesidlangalaleni ophuma kusitifiketi ungowebhizinisi okhishelwe lona.
Uma ungaqinisekisi ubuqiniso bokhiye osesidlangalaleni, umhlaseli ngesikhathi sokudlulisa/ukugcinwa kwalo khiye angawushintsha afake owakhe. Uma ukushintshwa kwenzekile, umhlaseli uzokwazi ukususa ukubhala ngekhodi yonke into obhalisile oyithumelayo ayidlulisela kobhalisile owamukelayo, noma ashintshe idatha evuliwe ngokubona kwakhe.
Izitifiketi zedijithali zisetshenziswa noma kunini lapho i-cryptography ye-asymmetric itholakala khona. Esinye sezitifiketi ezijwayelekile zedijithali izitifiketi ze-SSL zokuxhumana okuphephile ngephrothokholi ye-HTTPS. Amakhulu ezinkampani ezibhaliswe ezindaweni ezehlukene ziyabandakanyeka ekukhipheni izitifiketi ze-SSL. Isabelo esikhulu siwela ezikhungweni ezithenjwayo ezinhlanu kuya kweziyishumi: IdenTrust, Comodo, GoDaddy, GlobalSign, DigiCert, CERTUM, Actalis, Secom, Trustwave.
I-CA ne-CR yizingxenye ze-PKI, ezihlanganisa:
- Vula uhla lwemibhalo – isizindalwazi somphakathi esihlinzeka ngokugcinwa okuphephile kwezitifiketi zedijithali.
- Uhlu lokuhoxiswa kwesitifiketi – isizindalwazi esisesidlangalaleni esihlinzeka ngokugcinwa okuvikelekile kwezitifiketi zedijithali zokhiye basesidlangalaleni abahoxisiwe (isibonelo, ngenxa yokuphazanyiswa kokhiye oyimfihlo obhanqiwe). Izifundo zengqalasizinda zingakwazi ukufinyelela kule datha ngokuzimela, noma zingasebenzisa i-Online Certification Status Protocol (OCSP), eyenza inqubo yokuqinisekisa ibe lula.
- Abasebenzisi besitifiketi - izifundo ze-PKI ezihlinzekwa ngesevisi ezingene esivumelwaneni somsebenzisi ne-CA futhi ziqinisekisa isiginesha yedijithali kanye/noma idatha yokubethela ngokusekelwe kukhiye womphakathi ophuma kusitifiketi.
- Abalandeli – siphakele izifundo ze-PKI eziphethe ukhiye oyimfihlo obhangqwe nokhiye wasesidlangalaleni ovela kusitifiketi, futhi abenze isivumelwano sokubhalisa ne-CA. Obhalisile angaba umsebenzisi wesitifiketi kanyekanye.
Ngakho-ke, izinhlangano ezithenjwayo zengqalasizinda yokhiye womphakathi, okufaka phakathi ama-CA, ama-CRs nezinkomba ezivulekile, zinesibopho salokhu:
1. Ukuqinisekiswa kobuqiniso bobunikazi bomfakisicelo.
2. Ukwenza iphrofayili yesitifiketi sikakhiye womphakathi.
3. Ukukhipha isitifiketi sikakhiye womphakathi somfakisicelo obunikazi bakhe buqinisekiswe ngokuthembekile.
4. Shintsha isimo sesitifiketi sikakhiye womphakathi.
5. Ukunikeza ulwazi mayelana nesimo samanje sesitifiketi sokhiye womphakathi.
Ukungalungi kwe-PKI, kuyini?Iphutha eliyisisekelo le-PKI ubukhona bezinhlangano ezithenjwayo.
Abasebenzisi kufanele bathembe ngaphandle kwemibandela i-CA ne-CR. Kodwa, njengoba umkhuba ubonisa, ukwethembana okungenamibandela kugcwele imiphumela emibi.
Kule minyaka eyishumi edlule, kube namahlazo amaningana amakhulu kule ndawo ahlobene nokuba sengozini kwengqalasizinda.
- ngo-2010, uhlelo olungayilungele ikhompuyutha lwe-Stuxnet lwaqala ukusabalala ku-inthanethi, lwasayinwa kusetshenziswa izitifiketi zedijithali ezebiwe kwa-RealTek kanye ne-JMicron.
- Ngo-2017, i-Google yasola i-Symantec ngokukhipha inombolo enkulu yezitifiketi ezingelona iqiniso. Ngaleso sikhathi, i-Symantec yayingelinye lama-CA amakhulu kakhulu ngokwemiqulu yokukhiqiza. Kusiphequluli se-Google Chrome 70, ukusekelwa kwezitifiketi ezikhishwe yile nkampani kanye nezikhungo zayo ezixhumene ne-GeoTrust ne-Thawte kumiswe ngaphambi komhla ka-1 Disemba 2017.
Ama-CA afakwa engozini, futhi ngenxa yalokho wonke umuntu wahlupheka—ama-CA ngokwawo, kanye nabasebenzisi nababhalisile. Ukuthenjwa kwengqalasizinda kucekeleke phansi. Ngaphezu kwalokho, izitifiketi zedijithali zingase zivinjelwe kumongo wezingxabano zezombangazwe, okuzophinde kuthinte ukusebenza kwezinsiza eziningi. Yilokho kanye okwakwesatshwa eminyakeni embalwa edlule ekuphathweni kukamongameli waseRussia, lapho ngo-2016 baxoxisana ngokuthi kungenzeka ukudala isikhungo sesitifiketi sombuso esizokhipha izitifiketi ze-SSL kumasayithi ku-RuNet. Isimo samanje sezindaba sinjalo kangangokuthi ngisho nezingosi zombuso eRussia izitifiketi zedijithali ezikhishwe izinkampani zaseMelika i-Comodo noma i-Thawte (inkampani ephethwe yi-Symantec).
Kukhona enye inkinga - umbuzo ukuqinisekiswa okuyisisekelo (ukuqinisekisa) kwabasebenzisi. Ungamhlonza kanjani umsebenzisi oxhumane ne-CA ngesicelo sokukhipha isitifiketi sedijithali ngaphandle kokuxhumana naye okuqondile? Manje lokhu kuxazululwa ngokwesimo kuye ngamakhono engqalasizinda. Okuthile kuthathwa kumarejista avuliwe (isibonelo, ulwazi mayelana nezinhlangano ezisemthethweni ezicela izitifiketi); ezimeni lapho abafake izicelo kungabantu ngabanye, amahhovisi asebhange noma amahhovisi eposi angasetshenziswa, lapho ubunikazi babo buqinisekiswa kusetshenziswa imibhalo kamazisi, isibonelo, ipasipoti.
Inkinga yokuqamba amanga ngenjongo yokuzenza ongeyena ibalulekile. Masiqaphele ukuthi asikho isixazululo esiphelele sale nkinga ngenxa yezizathu zethiyori yolwazi: ngaphandle kokuba nolwazi oluthembekile i-priori, akunakwenzeka ukuqinisekisa noma ukuphika ubuqiniso besihloko esithile. Njengomthetho, ukuze kuqinisekiswe kuyadingeka ukwethula iqoqo lamadokhumenti afakazela ukuthi ungubani umfakisicelo. Kunezindlela eziningi ezihlukene zokuqinisekisa, kodwa ayikho kuzo enikeza isiqinisekiso esigcwele sobuqiniso bemibhalo. Ngokunjalo, ubuqiniso bobunikazi bomfakisicelo nabo abukwazi ukuqinisekiswa.
Angaqedwa kanjani la maphutha?Uma izinkinga ze-PKI esimweni sayo samanje zingachazwa ngokufakwa endaweni eyodwa, khona-ke kunengqondo ukucabanga ukuthi ukusabalalisa kungasiza ekuqedeni ingxenye yamaphutha ahlonziwe.
Ukwahlukanisa akusho ukuba khona kwezinhlangano ezithenjwayo - uma udala ingqalasizinda eyisihluthulelo somphakathi esabelwe (Ingqalasizinda Ebalulekile Yomphakathi, I-DPKI), ngakho-ke akudingekile i-CA noma i-CR. Masilahle umqondo wesitifiketi sedijithali futhi sisebenzise ukubhaliswa okusabalalisiwe ukuze sigcine ulwazi olumayelana nokhiye basesidlangalaleni. Esimweni sethu, sibiza irejista ngokuthi i-linear database ehlanganisa amarekhodi ngamanye (amabhlogo) axhunywe kusetshenziswa ubuchwepheshe be-blockchain. Esikhundleni sesitifiketi sedijithali, sizokwethula umqondo "wesaziso".
Indlela inqubo yokuthola, yokuqinisekisa kanye nokukhansela izobukeka kanjani ku-DPKI ehlongozwayo:
1. Umfakisicelo ngamunye ufaka isicelo sesaziso ngokuzimela ngokugcwalisa ifomu ngesikhathi sokubhaliswa, ngemva kwalokho enze ukuthengiselana okugcinwe endaweni yokubhukuda ekhethekile.
2. Ulwazi olumayelana nokhiye osesidlangalaleni, kanye nemininingwane yomnikazi nenye imethadatha, kugcinwa kurejista esabalalisiwe, hhayi kusitifiketi sedijithali, ukuze sikhishwe ku-PKI emaphakathi i-CA ibophezelekile.
3. Ukuqinisekiswa kobuqiniso bobunikazi bomfakisicelo kwenziwa ngemva kweqiniso ngemizamo ehlanganyelwe yomphakathi wabasebenzisi be-DPKI, hhayi i-CR.
4. Umnikazi wesaziso esinjalo kuphela ongashintsha isimo sokhiye womphakathi.
5. Noma ubani angakwazi ukufinyelela i-ledger esabalalisiwe futhi ahlole isimo samanje sokhiye womphakathi.
Qaphela: Ukuqinisekiswa komphakathi kobunikazi bomfakisicelo kungase kubonakale kungathembeki ekuqaleni. Kodwa kufanele sikhumbule ukuthi namuhla bonke abasebenzisi bezinsizakalo zedijithali bashiya umkhondo wedijithali, futhi le nqubo izoqhubeka nokuthola umfutho. Vula amarejista kagesi ezinhlangano ezisemthethweni, amamephu, ukwenziwa kwedijithali kwezithombe zezwe, amanethiwekhi omphakathi - konke lokhu kungamathuluzi atholakala esidlangalaleni. Sezivele zisetshenziswe ngempumelelo phakathi nophenyo yizo zombili izintatheli nezikhungo zomthetho. Isibonelo, kwanele ukukhumbula uphenyo lweBellingcat noma ithimba labaphenyi elihlanganyelwe i-JIT, elifunda ngezimo zokuphahlazeka kweBoeing yaseMalaysia.
Ngakho-ke ingqalasizinda eyisihluthulelo somphakathi ehlukanisiwe ingasebenza kanjani? Ake sigxile encazelweni yobuchwepheshe uqobo, thina inikezwe ilungelo lobunikazi ngo-2018 futhi sikubheka ngokufanelekile njengokwazi kwethu.
Cabanga ukuthi kunomnikazi othile ongumnikazi wokhiye abaningi basesidlangalaleni, lapho ukhiye ngamunye kuwumsebenzi othile ogcinwa kurejista. Uma ingekho i-CA, ungaqonda kanjani ukuthi zonke izikhiye ngezalo mnikazi? Ukuxazulula le nkinga, kwenziwa ukuthengiselana kwe-zero, okuqukethe ulwazi mayelana nomnikazi kanye nesikhwama sakhe (lapho ikhomishana yokubeka ukuthengiselana erejistri idonswa khona). I-null transaction iwuhlobo "lwe-ancho" lapho imisebenzi elandelayo enedatha emayelana nokhiye basesidlangalaleni izonamathiselwa khona. Umsebenzi ngamunye onjalo uqukethe isakhiwo sedatha esikhethekile, noma ngamanye amazwi, isaziso.
Isaziso siyisethi ehlelekile yedatha ehlanganisa izinkambu zokusebenza futhi okuhlanganisa ulwazi mayelana nokhiye womnikazi womphakathi, ukuphikelela kwawo okuqinisekiswa ukubekwa kwelinye lamarekhodi ahlobene okubhaliswa okusabalalisiwe.
Umbuzo olandelayo ophusile ngowokuthi yenziwa kanjani i-zero transaction? I-null transaction—njengalezi ezilandelayo—iwukuhlanganiswa kwezinkambu zedatha eziyisithupha. Ngesikhathi sokwakhiwa kwe-zero transaction, i-key pair ye-wallet ihilelekile (okhiye basesidlangalaleni nababhanqiwe abayimfihlo). Lezi zihluthulelo zivela ngesikhathi lapho umsebenzisi ebhalisa isikhwama sakhe semali, lapho ikhomishini yokubeka i-zero transaction kurejista futhi, kamuva, imisebenzi enezaziso izodonswa.
Njengoba kuboniswe emfanekisweni, inhlabamkhosi yokhiye womphakathi wewalethi ikhiqizwa ngokulandelanisa imisebenzi ye-SHA256 kanye ne-RIPEMD160. Lapha i-RIPEMD160 inesibopho sokumelwa okuhlangene kwedatha, ububanzi bayo obungeqi amabhithi angu-160. Lokhu kubalulekile ngoba ukubhalisa akuyona isizindalwazi esishibhile. Ukhiye womphakathi ngokwawo ufakwe emkhakheni wesihlanu. Inkambu yokuqala iqukethe idatha esungula ukuxhumana kokwenziwe kwangaphambilini. Ngomsebenzi onguziro, le nkambu ayiqukethe lutho, eyihlukanisa nokwenziwe okulandelayo. Inkambu yesibili idatha yokuhlola ukuxhumana kokwenziwe. Ngobufushane, sizobiza idatha emkhakheni wokuqala nowesibili ngokuthi "isixhumanisi" kanye "nokuhlola", ngokulandelanayo. Okuqukethwe kwalezi zinkambu kukhiqizwa i-hashing ephindaphindayo, njengoba kuboniswa ngokuxhumanisa okwenziwayo kwesibili nokwesithathu esithombeni esingezansi.
Idatha evela ezinkambu ezinhlanu zokuqala iqinisekiswa isiginesha ye-elekthronikhi, eyenziwa kusetshenziswa ukhiye oyimfihlo wesikhwama semali.
Yilokho nje, ukuthengiselana okungenalutho kuthunyelwa echibini futhi ngemva kokuqinisekiswa okuphumelelayo kufakwa ebhukwini. Manje usungakwazi "ukuxhuma" imisebenzi elandelayo kuyo. Ake sicabangele ukuthi kwenziwa kanjani ukuthengiselana ngaphandle kukaziro.
Into yokuqala okungenzeka yabamba iso lakho ukuchichima kwamapheya ayisihluthulelo. Ngaphezu kwamapheya okhiye we-wallet ajwayelekile, amapheya okhiye besevisi ajwayelekile asetshenziswa.
Ukhiye osesidlangalaleni ojwayelekile yikho konke okwaqalwa ngakho. Lo khiye uhilelekile ezinqubweni nasezinqubweni ezehlukene ezenzeka emazweni angaphandle (amabhange nokunye ukuthengiselana, ukugeleza kwemibhalo, njll.). Isibonelo, ukhiye oyimfihlo ovela kumabhangqa ajwayelekile ungasetshenziswa ukwenza amasiginesha edijithali kumadokhumenti ahlukahlukene - ama-oda okukhokha, njll., futhi ukhiye osesidlangalaleni ungasetshenziswa ukuze kuqinisekiswe lesi siginesha yedijithali ngokusetshenziswa okulandelayo kwale miyalo, inqobo nje uma ivumelekile.
Ipheya yesevisi ikhishelwa esihlokweni se-DPKI esibhalisiwe. Igama laleli pheya lihambisana nenjongo yakho. Qaphela ukuthi uma wenza/ubheka umsebenzi onguziro, okhiye besevisi abasetshenziswa.
Ake sicacise inhloso yokhiye futhi:
- Okhiye be-Wallet basetshenziselwa ukukhiqiza/ukuqinisekisa kokubili okwenziwayo okuyize kanye nanoma yikuphi okunye okwenziwayo okungelona ize. Ukhiye wangasese wesikhwama waziwa kuphela umnikazi wesikhwama, ophinde abe ngumnikazi wezikhiye eziningi zomphakathi ezijwayelekile.
- Ukhiye osesidlangalaleni ojwayelekile ufana nenjongo nokhiye osesidlangalaleni lapho isitifiketi sikhishwa khona nge-PKI emaphakathi.
- Ipheya yokhiye wesevisi ingeye-DPKI. Ukhiye oyimfihlo ukhishelwa amabhizinisi abhalisiwe futhi usetshenziswa lapho kukhiqizwa amasiginesha edijithali okwenziwayo (ngaphandle kokuthenga okunguziro). Isesidlangalaleni sisetshenziselwa ukuqinisekisa isiginesha yedijithali yokwenziwe ngaphambi kokuthi ithunyelwe kurejista.
Ngakho, kukhona amaqembu amabili okhiye. Esokuqala sihlanganisa okhiye besevisi nokhiye besikhwama semali - benza umqondo kuphela kumongo we-DPKI. Iqembu lesibili lihlanganisa okhiye abajwayelekile - ububanzi bawo bungase buhluke futhi bunqunywa imisebenzi yohlelo lokusebenza olusetshenziswa kuyo. Ngesikhathi esifanayo, i-DPKI iqinisekisa ubuqotho nobuqiniso bokhiye bomphakathi abajwayelekile.
Qaphela: Ipheya yokhiye wesevisi ingaziwa emabhizinisini ahlukene e-DPKI. Ngokwesibonelo, kungase kufane kuwo wonke umuntu. Kungenxa yalesi sizathu ukuthi lapho kukhiqizwa isignesha yokuthengiselana ngakunye okungeyona i-zero, kusetshenziswa izikhiye ezimbili eziyimfihlo, enye yazo ingukhiye wesikhwama semali - yaziwa kuphela kumnikazi wesikhwama, obuye abe ngumnikazi wezinto eziningi ezijwayelekile. okhiye basesidlangalaleni. Bonke okhiye banencazelo yabo. Isibonelo, kuhlale kungenzeka ukufakazela ukuthi ukuthengiselana kufakwe ebhukwini ngesihloko esibhalisiwe se-DPKI, njengoba isiginesha nayo yakhiqizwa ngokhiye wesevisi oyimfihlo. Futhi angeke kube khona ukuhlukumeza, njengokuhlaselwa kwe-DOS, ngoba umnikazi ukhokhela ukuthengiselana ngakunye.
Konke ukuthengiselana okulandela i-zero eyodwa kwenziwa ngendlela efanayo: ukhiye womphakathi (hhayi isikhwama semali, njengasendabeni ye-zero transaction, kodwa kusukela ku-key pair evamile) uqhutshwa ngemisebenzi emibili ye-hashi SHA256 ne-RIPEMD160. Lena yindlela idatha yenkambu yesithathu eyakhiwe ngayo. Inkambu yesine iqukethe ulwazi oluhambisanayo (isibonelo, ulwazi mayelana nesimo samanje, izinsuku zokuphelelwa yisikhathi, isitembu sesikhathi, izihlonzi ze-crypto-algorithms esetshenzisiwe, njll.). Inkambu yesihlanu iqukethe ukhiye osesidlangalaleni ophuma epheya yokhiye wesevisi. Ngosizo lwayo, isiginesha yedijithali izobe isibhekwa, ngakho izophindwaphindwa. Ake sithethelele isidingo sendlela enjalo.
Khumbula ukuthi ukuthengiselana kufakwa echibini futhi kugcinwe lapho kuze kucutshungulwe. Ukugcina echibini kuhlotshaniswa nengcuphe ethile - idatha yokwenziwayo ingakhohlisa. Umnikazi uqinisekisa idatha yokwenziwe ngesiginesha yedijithali. Ukhiye osesidlangalaleni wokuqinisekisa lesi siginesha yedijithali ukhonjiswe ngokucacile kwenye yezinkambu zokwenziwe futhi ngemva kwalokho ufakwa kurejista. Okukhethekile kokucutshungulwa kokwenziwe kuwukuthi umhlaseli uyakwazi ukushintsha idatha ngokuthanda kwakhe abese eqinisekisa esebenzisa ukhiye wakhe oyimfihlo, futhi abonise ukhiye osesidlangalaleni obhanqiwe ukuze aqinisekise isiginesha yedijithali kumsebenzi. Uma ubuqiniso nobuqotho kuqinisekiswa ngokukhethekile ngesiginesha yedijithali, khona-ke ukukhohlisa okunjalo ngeke kuqashelwe. Kodwa-ke, uma, ngaphezu kwesiginesha yedijithali, kukhona indlela eyengeziwe eqinisekisa kokubili ukugcinwa kwengobo yomlando nokuphikelela kolwazi olugciniwe, khona-ke ukukhohlisa kungatholwa. Ukwenza lokhu, kwanele ukufaka ukhiye womphakathi wangempela womnikazi kurejista. Ake sichaze ukuthi lokhu kusebenza kanjani.
Vumela umhlaseli enze idatha yokwenziwe. Ngokombono wokhiye namasignesha edijithali, izinketho ezilandelayo zingenzeka:
1. Umhlaseli ubeka ukhiye wakhe osesidlangalaleni emsebenzini kuyilapho isiginesha yedijithali yomnikazi ihlala ingashintshile.
2. Umhlaseli udala isiginesha yedijithali kukhiye wakhe oyimfihlo, kodwa ushiya ukhiye osesidlangalaleni womnikazi ungashintshiwe.
3. Umhlaseli udala isiginesha yedijithali kukhiye wakhe oyimfihlo futhi ubeka ukhiye osesidlangalaleni obhangqiwe emsebenzini.
Ngokusobala, izinketho 1 kanye no-2 azisho lutho, njengoba zizohlala zitholwa ngesikhathi sokuqinisekiswa kwesiginesha yedijithali. Inketho yesi-3 kuphela enengqondo, futhi uma umhlaseli enza isiginesha yedijithali kukhiye wakhe oyimfihlo, khona-ke uyaphoqeleka ukuthi alondoloze ukhiye osesidlangalaleni obhanqiwe ekwenziweni, ohlukile kukhiye womphakathi womnikazi. Lena ukuphela kwendlela yokuthi umhlaseli abeke idatha engamanga.
Ake sicabange ukuthi umnikazi unokhiye abangashintshiwe - abayimfihlo nabasesidlangalaleni. Vumela idatha iqinisekiswe ngesiginesha yedijithali kusetshenziswa ukhiye oyimfihlo osuka kulokhu kubhanqwa, futhi ukhiye osesidlangalaleni ukhonjiswe ekwenziweni. Masiphinde sicabange ukuthi lo khiye osesidlangalaleni uke wafakwa kurejista futhi ubuqiniso bawo buqinisekiswe ngokuthembekile. Khona-ke inkohliso izokhonjiswa yiqiniso lokuthi ukhiye womphakathi ovela ekwenziweni awuhambisani nokhiye womphakathi ovela kurejista.
Fingqa. Lapho ucubungula idatha yokwenziwe yokuqala yomnikazi, kuyadingeka ukuthi uqinisekise ubuqiniso bokhiye osesidlangalaleni ofakwe kurejista. Ukuze wenze lokhu, funda ukhiye ovela kurejista bese uwuqhathanisa nokhiye wasesidlangalaleni wangempela womnikazi ngaphakathi kwepherimitha yokuvikela (indawo yokungabi sengozini okuhlobene). Uma ubuqiniso bokhiye buqinisekisiwe futhi ukuphikelela kwawo kuqinisekiswa lapho ubekwa, khona-ke ubuqiniso bokhiye ovela ekwenziweni okulandelayo kungaqinisekiswa kalula/kuphikiswe ngokuwuqhathanisa nokhiye ovela kurejista. Ngamanye amazwi, ukhiye ovela kurejista usetshenziswa njengesampula yereferensi. Yonke eminye imisebenzi yomnikazi icutshungulwa ngendlela efanayo.
Ukuthengiselana kuqinisekiswa isiginesha yedijithali ye-elekthronikhi - yilapho okhiye abayimfihlo badingeka khona, hhayi oyedwa, kodwa ababili ngesikhathi esisodwa - ukhiye wesevisi kanye nokhiye wesikhwama. Ngenxa yokusetshenziswa kokhiye ababili abayimfihlo, izinga elidingekayo lokuphepha liqinisekisiwe - emva kwakho konke, ukhiye oyimfihlo wesevisi ungaziwa kwabanye abasebenzisi, kuyilapho ukhiye oyimfihlo wesikhwama waziwa kuphela kumnikazi webhangqa lokhiye ojwayelekile. Sibize isiginesha yokhiye ababili kanjalo ngokuthi "isiginesha ehlanganisiwe" yedijithali.
Ukuqinisekiswa kokwenziwe okungelona ize kwenziwa kusetshenziswa okhiye ababili basesidlangalaleni: isikhwama semali kanye nokhiye wesevisi. Inqubo yokuqinisekisa ingahlukaniswa ngezigaba ezimbili eziyinhloko: eyokuqala ihlola ukugaywa kokhiye womphakathi wesikhwama semali, kanti eyesibili ihlola isiginesha yedijithali yokuthengiselana, yona efanayo ehlanganisiwe eyakhiwa kusetshenziswa okhiye ababili abayimfihlo ( isikhwama semali kanye nesevisi). Uma ukufaneleka kwesiginesha yedijithali kuqinisekiswa, khona-ke ngemva kokuqinisekisa okwengeziwe ukuthengiselana kufakwa kurejista.
Kungase kuphakame umbuzo onengqondo: kanjani ukuhlola ukuthi ukuthengiselana kungokwamaketanga athile "ngempande" ngendlela ye-zero transaction? Ngale njongo, inqubo yokuqinisekisa yengezwe ngesinye isigaba - ukuhlolwa kokuxhumana. Yilapho sizodinga khona idatha evela ezinkambini ezimbili zokuqala, esingakaze sizibe kuze kube manje.
Ake sicabange ukuthi sidinga ukuhlola ukuthi umsebenzi No. 3 uza ngempela yini ngemva kokuthenga No. 2. Ukwenza lokhu, kusetshenziswa indlela ye-hashing ehlanganisiwe, inani lomsebenzi we-hashi libalwa kudatha kusukela kumkhakha wesithathu, wesine nowesihlanu womsebenzi No. 2. Bese ukuhlanganiswa kwedatha evela kumkhakha wokuqala wokuthengiselana No. 3 kanye nenani elihlanganisiwe le-hashi elitholwe ngaphambilini ledatha evela kumkhakha wesithathu, wesine nowesihlanu wokuthengiselana No. 2 kwenziwa. Konke lokhu futhi kuqhutshwa ngemisebenzi emibili yama-hashi i-SHA256 ne-RIPEMD160. Uma inani elitholiwe lifana nedatha emkhakheni wesibili wokuthengiselana No. 2, khona-ke isheke liyaphasiswa futhi uxhumano luqinisekisiwe. Lokhu kuboniswa ngokucacile kule zibalo ezingezansi.
Ngokuvamile, ubuchwepheshe bokukhiqiza nokufaka isaziso kurejista bubukeka kanjena. Umfanekiso obonakalayo wenqubo yokwenza uchungechunge lwezaziso uvezwa esithombeni esilandelayo:
Kulo mbhalo, ngeke sigxile emininingwaneni, ekhona ngokungangabazeki, futhi sibuyela ekuxoxeni wona kanye umqondo wengqalasizinda eyisihluthulelo somphakathi.
Ngakho-ke, njengoba umfakisicelo ngokwakhe ehambisa isicelo sokubhaliswa kwezaziso, ezingagcinwanga ku-database ye-CA, kodwa kurejista, izingxenye eziyinhloko ze-DPKI kufanele zicatshangelwe:
1. Irejista yezaziso ezisebenzayo (RDN).
2. Irejista yezaziso ezichithiwe (RON).
3. Irejista yezaziso ezimisiwe (RPN).
Ulwazi olumayelana nokhiye basesidlangalaleni lugcinwa ku-RDN/RON/RPN ngendlela yamanani okusebenza kwe-hashi. Kuyafaneleka futhi ukuqaphela ukuthi lezi zingaba amarejistri ahlukene, noma amaketanga ahlukene, noma iketango elilodwa njengengxenye yokubhalisa okukodwa, lapho ulwazi mayelana nesimo sokhiye ojwayelekile womphakathi (ukuchithwa, ukumiswa, njll.) kufakwa kuhlu Inkambu yesine yesakhiwo sedatha ngendlela yenani lekhodi elihambisanayo. Kunezinketho eziningi ezahlukene zokuqaliswa kwezakhiwo ze-DPKI, futhi ukukhethwa kweyodwa noma okunye kuncike ezintweni eziningi, isibonelo, lezo zindlela zokuthuthukisa njengezindleko zememori yesikhathi eside yokugcina okhiye basesidlangalaleni, njll.
Ngakho-ke, i-DPKI ingase ibe, uma ingelula, okungenani iqhathaniswe nesixazululo esimaphakathi ngokuya ngobunkimbinkimbi bezakhiwo.
Umbuzo obalulekile usasele - Iyiphi indawo yokubhalisa efaneleka ukusebenzisa ubuchwepheshe?
Imfuneko eyinhloko yokubhalisa yikhono lokukhiqiza ukuthengiselana kwanoma yiluphi uhlobo. Isibonelo esidume kakhulu se-ledger yinethiwekhi ye-Bitcoin. Kodwa lapho kusetshenziswa ubuchwepheshe obuchazwe ngenhla, kuvela ubunzima obuthile: imikhawulo yolimi olukhona lokubhala, ukuntuleka kwezindlela ezidingekayo zokucubungula amasethi edatha angafanele, izindlela zokukhiqiza ukuthengiselana kohlobo oluthile, nokunye okuningi.
Thina kwa-ENCRY sizamile ukuxazulula izinkinga ezibhalwe ngenhla futhi sathuthukisa ukubhalisa, okuthi, ngokubona kwethu, kunezinzuzo eziningi, okuyilezi:
- isekela izinhlobo ezimbalwa zokuthengiselana: ingakwazi kokubili ukushintshanisa izimpahla (okungukuthi, ukwenza imisebenzi yezezimali) futhi idale ukuthengiselana ngesakhiwo esingenangqondo,
- Abathuthukisi banokufinyelela olimini lokuhlela lobunikazi iPrismLang, olunikeza ukuguquguquka okudingekayo lapho kuxazulula izinkinga ezahlukahlukene zobuchwepheshe,
- kuhlinzekwe indlela yokucubungula amasethi edatha angenasizathu.
Uma sithatha indlela elula, ukulandelana kwezenzo okulandelayo kwenzeka:
- Umfakisicelo ubhalisa ne-DPKI futhi athole isikhwama semali yedijithali. Ikheli le-wallet inani le-hashi lokhiye osesidlangalaleni we-wallet. Ukhiye oyimfihlo wesikhwama waziwa ngumfakisicelo kuphela.
- Isihloko esibhalisiwe sinikezwa ukufinyelela kukhiye oyimfihlo wesevisi.
- Isihloko sikhiqiza i-zero transaction futhi siqinisekisa ngesiginesha yedijithali kusetshenziswa ukhiye oyimfihlo wesikhwama semali.
- Uma umsebenzi ongeyena uziro kwakhiwa, ugunyazwa isiginesha yedijithali kusetshenziswa okhiye ababili abayimfihlo: isikhwama semali kanye nesevisi.
- Isihloko sihambisa okwenziwayo endaweni yokubhukuda.
- Inodi yenethiwekhi ye-ENCRY ifunda okwenziwayo endaweni yokubhukuda futhi ihlola isiginesha yedijithali, kanye nokuxhumana kokwenziwe.
- Uma isiginesha yedijithali ivumelekile futhi ukuxhumana kuqinisekisiwe, khona-ke ilungiselela ukuthengiselana ukuze kungene kwirejista.
Lapha ukubhaliswa kusebenza njengesizindalwazi esabalalisiwe esigcina ulwazi mayelana nezaziso ezivumelekile, ezikhanseliwe nezimisiwe.
Kunjalo, ukunwetshwa kwabantu ezindaweni akusona i-panacea. Inkinga eyisisekelo yokuqinisekisa komsebenzisi oyinhloko ayishabalali noma kuphi: uma okwamanje ukuqinisekiswa komfakisicelo kwenziwa yi-CR, khona-ke ku-DPKI kuhlongozwa ukuthi ukuqinisekiswa kudluliselwe kumalungu omphakathi, futhi kusetshenziswe ugqozi lwezezimali ukuze kuvuswe umsebenzi. Ubuchwepheshe bokuqinisekisa umthombo ovulekile baziwa kahle. Ukusebenza kokuqinisekisa okunjalo kuqinisekisiwe ekusebenzeni. Ake siphinde sikhumbule uphenyo oluseqophelweni eliphezulu olwenziwe yi-Bellingcat online.
Kodwa ngokuvamile, isithombe esilandelayo siyavela: I-DPKI iyithuba lokulungisa, uma kungenjalo, khona-ke eziningi zokushiyeka kwe-PKI emaphakathi.
Bhalisela i-Habrablog yethu, sihlela ukuqhubeka nokufaka ucwaningo nentuthuko yethu, futhi silandele , uma ungafuni ukuphuthelwa ezinye izindaba mayelana namaphrojekthi we-ENCRY.
Source: www.habr.com