信息安全 - DHE_DSS 与 DHE_RSA - 吾爱随笔录

DHE_DSS 与 DHE_RSA

信息安全 tls 密码选择

2021-08-27 04:55:55

我一直在学习以了解各种密码套件及其性能；我想知道DHE_DSS_AES256_CBC密码套件和DHE_RSA_AES256_CBC密码套件之间的区别。我收集到与 RSA 相比，DSS 是有效的。这是正确的，任何人都可以更详细地解释差异是什么以及它们的表现如何？

1个回答

DSS是 NSA 发布（但不是发明）的数字签名方案。在 TLS ( TLS1.0 , PKIX ) 中，它的功能与 RSA 和 ECDSA 相同：数字签名证明您正在与之交谈的服务器具有与证书中的公钥相对应的私钥以及证书中的信息 (包括服务器的公钥）正是 CA 审查和批准的内容。

由于我不知道的原因，在实践中，TLS 中的 DSS 在与 RSA 的人气竞赛中输掉了并且灭绝了。我找不到销售 DSS 证书的 CA。OpenSSL（包括 Android）、MSIE 和 Java 仍然支持 TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)，但 Chrome、Firefox 和 Safari（桌面和移动）不支持，所以它相当无用。

算法 DSA 很有效，但现在它与椭圆曲线一起使用，在这种情况下它被称为ECDSA。出于性能原因，它比 RSA 更受欢迎，如果客户端支持，它会被 Google 和 CloudFlare 使用。CA 会向您出售 ECDSA 证书。

DSA 和 ECDSA 有一个缺陷，它们需要为每个签名操作提供一个新的随机 nonce，如果它不够随机，则签名会暴露私钥（！）。确定性数字签名被开发为不需要良好的随机值来进行签名操作。

一种称为 EdDSA 的快速且安全的确定性数字签名算法，特别是 ed25519，最近变得流行（用于较新版本的 openssh 和一堆新的加密工具）。CFRG最终应该推荐用于 TLS的EdDSA 密钥和证书，以及 Curve25519 密钥交换，以便 TLS_CURVE25519_ED25519_CHACHA20_POLY1305 将成为 TLS 1.3 的推荐密码套件，DJB 将能够宣布胜利并退出。

我说过Qualys SSL 服务器测试说“DHE_DSS 不能用于 PFS，因为它们需要 DSS 密钥，实际上限制为 1024 位”。

对于实验，我已将 Apache 2.4.7 与 OpenSSL 1.0.1f 配置为使用 DHE_DSS_AES128_CBC 和 DHE_RSA_AES128_CBC。RSA 证书是真实的，而 DSS 证书是自签名的，但这与本练习的目的无关。我已经使用 OpenSSL 1.0.1m (openssl s_client) 从 192.168.1.101 连接到在 192.168.1.103 上运行的服务器，记录握手并使用 WireShark 导出解剖。

两种配置都有效，因此至少在两个 OpenSSL 1.0.1、2048 位 DSA 密钥之间有效。这当然并不意味着您想为网站使用 DSS 证书，即使您可以购买。

（5年后编辑：我不想改变这个答案，这没有错，但我确实想在crypto.SE上链接到更多关于这个的信息：https ://crypto.stackexchange.com/a/50260 /24949 )

DHE RSA 握手剖析：

Internet 协议版本 4，Src：192.168.1.101 (192.168.1.101)，Dst：192.168.1.103 (192.168.1.103) 安全套接字层

TLSv1.2 Record Layer: Handshake Protocol: Client Hello

    Content Type: Handshake (22)

    Version: TLS 1.0 (0x0301)

    Length: 94

    Handshake Protocol: Client Hello

        Handshake Type: Client Hello (1)

        Length: 90

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suites Length: 4

        Cipher Suites (2 suites)

            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

        Compression Methods Length: 1

        Compression Methods (1 method)

        Extensions Length: 45

        Extension: SessionTicket TLS

        Extension: signature_algorithms

        Extension: Heartbeat

Internet 协议版本 4，Src：192.168.1.103 (192.168.1.103)，Dst：192.168.1.101 (192.168.1.101)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Server Hello

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 58

    Handshake Protocol: Server Hello

        Handshake Type: Server Hello (2)

        Length: 54

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

        Compression Method: null (0)

        Extensions Length: 14

        Extension: renegotiation_info

        Extension: SessionTicket TLS

        Extension: Heartbeat

Internet 协议版本 4，Src：192.168.1.103 (192.168.1.103)，Dst：192.168.1.101 (192.168.1.101)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Certificate

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 1630

    Handshake Protocol: Certificate

        Handshake Type: Certificate (11)

        Length: 1626

        Certificates Length: 1623

        Certificates (1623 bytes)

            Certificate Length: 1620

            Certificate (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect,id-at-commonName=www.zeev.pw,id-at-countryName=IL)

                signedCertificate

                    version: v3 (2)

                    serialNumber: 1127576

                    signature (sha256WithRSAEncryption)

                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)

                    issuer: rdnSequence (0)

                        rdnSequence: 4 items (id-at-commonName=StartCom Class 1 Primary Intermediate Server C,id-at-organizationalUnitName=Secure Digital Certificate Signing,id-at-organizationName=StartCom Ltd.,id-at-countryName=IL)

                            RDNSequence item: 1 item (id-at-countryName=IL)

                                RelativeDistinguishedName item (id-at-countryName=IL)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: IL

                            RDNSequence item: 1 item (id-at-organizationName=StartCom Ltd.)

                                RelativeDistinguishedName item (id-at-organizationName=StartCom Ltd.)

                                    Id: 2.5.4.10 (id-at-organizationName)

                                    DirectoryString: printableString (1)

                                        printableString: StartCom Ltd.

                            RDNSequence item: 1 item (id-at-organizationalUnitName=Secure Digital Certificate Signing)

                                RelativeDistinguishedName item (id-at-organizationalUnitName=Secure Digital Certificate Signing)

                                    Id: 2.5.4.11 (id-at-organizationalUnitName)

                                    DirectoryString: printableString (1)

                                        printableString: Secure Digital Certificate Signing

                            RDNSequence item: 1 item (id-at-commonName=StartCom Class 1 Primary Intermediate Server C)

                                RelativeDistinguishedName item (id-at-commonName=StartCom Class 1 Primary Intermediate Server CA)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: printableString (1)

                                        printableString: StartCom Class 1 Primary Intermediate Server CA

                    validity

                        notBefore: utcTime (0)

                        notAfter: utcTime (0)

                    subject: rdnSequence (0)

                        rdnSequence: 3 items (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect,id-at-commonName=www.zeev.pw,id-at-countryName=IL)

                            RDNSequence item: 1 item (id-at-countryName=IL)

                                RelativeDistinguishedName item (id-at-countryName=IL)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: IL

                            RDNSequence item: 1 item (id-at-commonName=www.zeev.pw)

                                RelativeDistinguishedName item (id-at-commonName=www.zeev.pw)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: printableString (1)

                                        printableString: www.zeev.pw

                            RDNSequence item: 1 item (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect)

                                RelativeDistinguishedName item (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect@whoisguard.com)

                                    Id: 1.2.840.113549.1.9.1 (pkcs-9-at-emailAddress)

                                    IA5String: 5b2ca5a024054a47bfcc565a8737db21.protect@whoisguard.com

                    subjectPublicKeyInfo

                        algorithm (rsaEncryption)

                            Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)

                        Padding: 0

                        subjectPublicKey: 3082010a0282010100c1c8ada6e3526a74da3f873b2352be...

                    extensions: 10 items

                algorithmIdentifier (sha256WithRSAEncryption)

                    Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)

                Padding: 0

                encrypted: 54980c6f342bc4de5641df814fe88634ec110461e260e212...

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 783

    Handshake Protocol: Server Key Exchange

        Handshake Type: Server Key Exchange (12)

        Length: 779

        Diffie-Hellman Server Params

            p Length: 256

            p: ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd1...

            g Length: 1

            g: 02

            Pubkey Length: 256

            Pubkey: 606134278d8b25b3367d3e15b2b46a3419cbe596721d446d...

            Signature Hash Algorithm: 0x0601

                Signature Hash Algorithm Hash: SHA512 (6)

                Signature Hash Algorithm Signature: RSA (1)

            Signature Length: 256

            Signature: 48b69b547860511e36830041f7e7aee3d97ced1144f190d4...

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 4

    Handshake Protocol: Server Hello Done

        Handshake Type: Server Hello Done (14)

        Length: 0

Internet 协议版本 4，Src：192.168.1.101 (192.168.1.101)，Dst：192.168.1.103 (192.168.1.103)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 262

    Handshake Protocol: Client Key Exchange

        Handshake Type: Client Key Exchange (16)

        Length: 258

        Diffie-Hellman Client Params

            Pubkey Length: 256

            Pubkey: 020621c1846fa567392b2fa1b55868a65389400ee80f3594...

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message

Internet 协议版本 4，Src：192.168.1.103 (192.168.1.103)，Dst：192.168.1.101 (192.168.1.101)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 202

    Handshake Protocol: New Session Ticket

        Handshake Type: New Session Ticket (4)

        Length: 198

        TLS Session Ticket

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message

DHE DSS 握手剖析：

Internet 协议版本 4，Src：192.168.1.101 (192.168.1.101)，Dst：192.168.1.103 (192.168.1.103)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Client Hello

    Content Type: Handshake (22)

    Version: TLS 1.0 (0x0301)

    Length: 94

    Handshake Protocol: Client Hello

        Handshake Type: Client Hello (1)

        Length: 90

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suites Length: 4

        Cipher Suites (2 suites)

            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)

            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

        Compression Methods Length: 1

        Compression Methods (1 method)

        Extensions Length: 45

        Extension: SessionTicket TLS

        Extension: signature_algorithms

        Extension: Heartbeat

Internet 协议版本 4，Src：192.168.1.103 (192.168.1.103)，Dst：192.168.1.101 (192.168.1.101)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Server Hello

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 58

    Handshake Protocol: Server Hello

        Handshake Type: Server Hello (2)

        Length: 54

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)

        Compression Method: null (0)

        Extensions Length: 14

        Extension: renegotiation_info

        Extension: SessionTicket TLS

        Extension: Heartbeat

TLSv1.2 Record Layer: Handshake Protocol: Certificate

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 1180

    Handshake Protocol: Certificate

        Handshake Type: Certificate (11)

        Length: 1176

        Certificates Length: 1173

        Certificates (1173 bytes)

            Certificate Length: 1170

            Certificate (id-at-commonName=zeev.pw,id-at-organizationName=Internet Widgits Pty Ltd,id-at-stateOrProvinceName=Some-State,id-at-countryName=US)

                signedCertificate

                    serialNumber: -5833175930474264775

                    signature (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                        Algorithm Id: 2.16.840.1.101.3.4.3.2 (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                    issuer: rdnSequence (0)

                        rdnSequence: 4 items (id-at-commonName=zeev.pw,id-at-organizationName=Internet Widgits Pty Ltd,id-at-stateOrProvinceName=Some-State,id-at-countryName=US)

                            RDNSequence item: 1 item (id-at-countryName=US)

                                RelativeDistinguishedName item (id-at-countryName=US)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: US

                            RDNSequence item: 1 item (id-at-stateOrProvinceName=Some-State)

                                RelativeDistinguishedName item (id-at-stateOrProvinceName=Some-State)

                                    Id: 2.5.4.8 (id-at-stateOrProvinceName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Some-State

                            RDNSequence item: 1 item (id-at-organizationName=Internet Widgits Pty Ltd)

                                RelativeDistinguishedName item (id-at-organizationName=Internet Widgits Pty Ltd)

                                    Id: 2.5.4.10 (id-at-organizationName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Internet Widgits Pty Ltd

                            RDNSequence item: 1 item (id-at-commonName=zeev.pw)

                                RelativeDistinguishedName item (id-at-commonName=zeev.pw)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: zeev.pw

                    validity

                        notBefore: utcTime (0)

                        notAfter: utcTime (0)

                    subject: rdnSequence (0)

                        rdnSequence: 4 items (id-at-commonName=zeev.pw,id-at-organizationName=Internet Widgits Pty Ltd,id-at-stateOrProvinceName=Some-State,id-at-countryName=US)

                            RDNSequence item: 1 item (id-at-countryName=US)

                                RelativeDistinguishedName item (id-at-countryName=US)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: US

                            RDNSequence item: 1 item (id-at-stateOrProvinceName=Some-State)

                                RelativeDistinguishedName item (id-at-stateOrProvinceName=Some-State)

                                    Id: 2.5.4.8 (id-at-stateOrProvinceName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Some-State

                            RDNSequence item: 1 item (id-at-organizationName=Internet Widgits Pty Ltd)

                                RelativeDistinguishedName item (id-at-organizationName=Internet Widgits Pty Ltd)

                                    Id: 2.5.4.10 (id-at-organizationName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Internet Widgits Pty Ltd

                            RDNSequence item: 1 item (id-at-commonName=zeev.pw)

                                RelativeDistinguishedName item (id-at-commonName=zeev.pw)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: zeev.pw

                    subjectPublicKeyInfo

                        algorithm (id-dsa)

                            Algorithm Id: 1.2.840.10040.4.1 (id-dsa)

                            DSS-Params

                                p : 0x009f922489033a4317d074675e70a4573184f810a441e7c373ea2562dcadb93f636393453bc144c57e773a8f66e58274663cf3fd5c2588aee86d36104e83a81cbc47704d623662e7b48d620315c3145ed0313397b58bd84494ad2b02c2c3124648ca29e490bb81a5a2d1fc52900ccc1c511256690

                                q : 0x00dac80ee885e74b0e56d9cac7d9a6e0efaaf5155bfb2e1426d99a0d4235d60359

                                g : 0x55234ba34d71468ff4c90a06c74ddebc0b882f0f77efadf45e1fc5ede292d31b19457746555616318755e5fdc5819041c16c6c2cbd8d9af9eca62046d533e232591596b9e74adb05662f66f72009e6f7742f81c35bdbf7c2ebb249a6aa9cf20a6c330b8dd214835d6aa2e330cb2b4a866a74ff438

                        Padding: 0

                        subjectPublicKey: 028201001fea1029b1edbbb83e8b92a56f4c34926a617fcd...

                algorithmIdentifier (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                    Algorithm Id: 2.16.840.1.101.3.4.3.2 (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                Padding: 0

                encrypted: 304402201d495bb07b7e000bd5c4b4f0a9b6a9183cbef0cf...

Internet 协议版本 4，Src：192.168.1.103 (192.168.1.103)，Dst：192.168.1.101 (192.168.1.101)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 598

    Handshake Protocol: Server Key Exchange

        Handshake Type: Server Key Exchange (12)

        Length: 594

        Diffie-Hellman Server Params

            p Length: 256

            p: ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd1...

            g Length: 1

            g: 02

            Pubkey Length: 256

            Pubkey: da0d4624e78f6f72d08f973ff3482bc92c758b6cb86b1812...

            Signature Hash Algorithm: 0x0602

                Signature Hash Algorithm Hash: SHA512 (6)

                Signature Hash Algorithm Signature: DSA (2)

            Signature Length: 71

            Signature: 3045022057fc39446c326c9b3e5f3f0f08e161daa45823a1...

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 4

    Handshake Protocol: Server Hello Done

        Handshake Type: Server Hello Done (14)

        Length: 0

Internet 协议版本 4，Src：192.168.1.101 (192.168.1.101)，Dst：192.168.1.103 (192.168.1.103)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 262

    Handshake Protocol: Client Key Exchange

        Handshake Type: Client Key Exchange (16)

        Length: 258

        Diffie-Hellman Client Params

            Pubkey Length: 256

            Pubkey: 8060234a6b4dee8a815d648df47b020b5f24ab800b20bd4b...

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message

Internet 协议版本 4，Src：192.168.1.103 (192.168.1.103)，Dst：192.168.1.101 (192.168.1.101)

安全链路层

TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 202

    Handshake Protocol: New Session Ticket

        Handshake Type: New Session Ticket (4)

        Length: 198

        TLS Session Ticket

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message

其它你可能感兴趣的问题

上一篇Apache 是否容易受到 CVE-2015-1781 的攻击？下一篇当我通过 http 下载文件时校验和不匹配