📄 key-index.htm
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>GT 4.0 Security: Key Concepts</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="start" href="../index.html" title="GT 4.0: Security: Delegation Service"><link rel="up" href="../index.html" title="GT 4.0: Security: Delegation Service"><link rel="prev" href="../index.html" title="GT 4.0: Security: Delegation Service"><link rel="next" href="../WS_AA_Delegation_Service_Release_Notes.html" title="GT4 Delegation Service Release Notes"><link href="http://www.globus.org//toolkit/css/default.css" rel="stylesheet" type="text/css"><link rel="stylesheet" type="text/css" href="http://www.globus.org//toolkit/css/print.css" media="print"><link rel="alternate" title="Globus Toolkit RSS" href="http://www.globus.org//toolkit/rss/downloadNews/downloadNews.xml" type="application/rss+xml"><script><!-- function GlobusSubmit() { var f=document.GlobusSearchForm; f.action="http://www.google.com/custom"; if (f.elements[0].checked) { f.q.value = f.qinit.value + " -inurl:mail_archive " ; } else { f.q.value = f.qinit.value + " inurl:mail_archive " ; } } --></script></head><body class="section-3"><div id="headerlinks"><br /><a href="http://www.globus.org/faq.php">FAQ</a><br /><a href="http://www.globus.org/site_map.php">Site Map</a><br /><a href="http://dev.globus.org/wiki/Mailing_Lists">Contact Us</a></div><div id="header"> <div align="left"> <img src="http://www.globus.org/toolkit/images/globustoolkit.gif" alt="The Globus Toolkit" width="160" height="76" /></div><ul id="menu"><li id="nav-1"><a href="http://www.globus.org/">Home</a></li><li id="nav-2"><a href="http://www.globus.org/alliance/">Globus Alliance</a></li><li id="nav-3"><a href="http://www.globus.org/toolkit/">Globus Toolkit</a></li><li id="nav-4"><a href="http://www.globus.org/grid_software/">Grid Software</a></li><li id="nav-5"><a href="http://www.globus.org/solutions/">Grid Solutions</a></li><li id="nav-6"><a href="https://dev.globus.org/wiki/Welcome">dev.globus</a></li><!-- end of navigation list --></ul><table class="navbartable" width="100%"><tr><th> <a href='/'>Home</a> -> <a href='/toolkit/'>Toolkit</a> -> <a href='/toolkit/docs/'>Docs</a> -> <a href='/toolkit/docs/4.0/'>4.0</a> -> <a href='/toolkit/docs/4.0/security/'>Security</a> </th><td><form method="GET" name="GlobusSearchForm" onSubmit="GlobusSubmit()"><input type="radio" name="domain" value="nomail" checked> Website <input type="radio" name="domain" value="mail"> Email Lists Search: <input type="text" name="qinit" size="20" maxlength="200" value="" /><input type="hidden" name="cof" VALUE="S:http://www.globus.org/;VLC:#cccccc;AH:center;BGC:#ffffff;LH:76;LC:#003390;L:http://www.globus.org/img/globusalliance-nourl.gif;ALC:#003390;LW:170;T:#000000;AWFID:fb67b77f3237ebb9;"><input type="hidden" name="domains" value="www.globus.org"><br /><input type="hidden" name="sitesearch" value="www.globus.org"><input type="hidden" name="q" value=""></form></td></tr></table></div><div id="wrapper"><div id="container"><div id="content"><!-- content STARTS here --><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="c-delegation-key"></a>GT 4.0 Security: Key Concepts</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="key-index.html#s-security-key-overview">1. Overview</a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-concepts">2. Conceptual Details</a></span></dt><dd><dl><dt><span class="section"><a href="key-index.html#s-security-key-publickey">2.1. Public Key Cryptography </a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-digitalsig">2.2. Digital Signatures </a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-certificates">2.3. Certificates</a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-mutualauthentication">2.4. Mutual Authentication </a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-confcommunication">2.5. Confidential Communication </a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-securingprivatekeys">2.6. Securing Private Keys </a></span></dt><dt><span class="section"><a href="key-index.html#s-security-key-delegation">2.7. Delegation, Single Sign-On and Proxy Certificates </a></span></dt></dl></dd><dt><span class="section"><a href="key-index.html#s-security-key-relateddocs">3. Related Documents</a></span></dt><dt><span class="glossary"><a href="key-index.html#id2523258">GT 4.0 Security Glossary</a></span></dt></dl></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="s-security-key-overview"></a>1.燨verview</h2></div></div></div><p>GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the terms and concepts used in this description of GSI come from its use of public key cryptography. </p><p>For a good overview of GSI contained in the Web Services-based components of GT4, see <a href="GT4-GSI-Overview.pdf" target="_top">Globus Toolkit Version 4 GridSecurity Infrastructure: A Standards Perspective</a>.</p><p>A reference for detailed information about public key cryptography is available in the book <a href="http://www.cacr.math.uwaterloo.ca/hac/" target="_top">Handbook of Applied Cryptography </a>, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. <a href="http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf" target="_top">Chapter 8 </a> of this book deals exclusively with public key cryptography. </p><p>The primary motivations behind GSI are: </p><div class="itemizedlist"><ul type="disc"><li>The need for secure communication (authenticated and perhaps confidential) between elements of a computational Grid.</li><li>The need to support security across organizational boundaries, thus prohibiting a centrally-managed security system. </li><li>The need to support "single sign-on" for users of the Grid, including delegation of credentials for computations that involve multiple resources and/or sites. </li></ul></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="s-security-key-concepts"></a>2.燙onceptual Details</h2></div></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="s-security-key-publickey"></a>2.1.燩ublic Key Cryptography </h3></div></div></div><p>The most important thing to know about public key cryptography is that, unlike earlier cryptographic systems, it relies not on a single key (a password or a secret "code"), but on two keys. These keys are numbers that are mathematically related in such a way that if either key is used to encrypt a message, the other key must be used to decrypt it. Also important is the fact that it is next to impossible (with our current knowledge of mathematics and available computing power) to obtain the second key from the first one and/or any messages encoded with the first key. </p><p>By making one of the keys available publicly (a public key) and keeping the other key private (a <a href="#priv-key" target="_top">private key</a>), a person can prove that he or she holds the private key simply by encrypting a message. If the message can be decrypted using the public key, the person must have used the private key to encrypt the message. </p><p><span class="emphasis"><em>Important:</em></span> It is critical that private keys be kept private!⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -