CRIPTOGRAFIA - FESP

More documents

Recommendations

Info

[ pkcs11_section ] engine_id = pkcs11 #dynamic_path = /usr/lib/engines/engine_pkcs11.so dynamic_path = /usr/lib/openssl/engines/engine_pkcs11.so #MODULE_PATH = $ENV::PKCS11_MODULE_PATH MODULE_PATH = /usr/lib/opensc-pkcs11.so #PIN = $ENV::PKCS11_PIN init = 0 Do not forget to comment out pkcs11 = pkcs11_section as shown above. Now, do as with the normal pki (as described previously), but from /etc/openvpn/easy-rsa/2.0/ instead of /etc/openvpn/easy-rsa/ or /etc/openvpn/easy-rsa/1.0/. If you wish to create a certificate directly in a usb token, use the --pkcs11 option to the easy-rsa scripts. But I'd recommend to build certificates localy, and to place the keys in the usb token manualy. To do so, do as follows: Initialise the usb token if it has not been done: pkcs15-init --erase-card -T pkcs15-init --create-pkcs15 -T pkcs15-init --store-pin --auth-id 0 --label "YourLabelToTheKey" To store a CA do as follows: pkcs15-init --store-certificate keys/ca.crt --authority --label "Mandriva CA" --id "D1:FB:AF:27:EB:B7:34:99:52:20:D2:33:19:C0:E8:69:51:7A:ED:B6" --auth-id 0 In the above example, I decided to use the key's fingerprint as an id, but you can use omit this and automatic default id's will be set (i.e. id "46" is a standard). The --auth-id 0 is compulsary parameter. How did I previously read the id of my CA? Well with this command: openssl x509 -noout -text -in keys/ca.crt | less Do the same the read the other certificates ids. To store a public key do as follows: pkcs15-init --store-certificate keys/client1.crt --label "Client1" --id "DC:EF:ED:19:74:73:DA:44:B6:A4:EE:F5:8B:1F:C5:43:33:2D:1F:A0" --auth-id 0 To store a private key, first store the public key as explained above, and then store the private key as follows: pkcs15-init --store-private-key keys/client1.key --public-key-label "Client1" -- label "Client1 Private Key" --id "DC:EF:ED:19:74:73:DA:44:B6:A4:EE:F5:8B:1F:C5:43:33:2D:1F:A0" --auth-id 0
Important : the --id has to be the exact same as the one you used to store the client1.crt (here:DC:EF:ED:19:74:73:DA:44:B6:A4:EE:F5:8B:1F:C5:43:33:2D:1F:A0) Now, to access the key with openvpn you can use the following commands: openvpn --show-pkcs11-slots /usr/lib/opensc-pkcs11.so openvpn --show-pkcs11-objects /usr/lib/opensc-pkcs11.so 0 Note this part of the output (example from my test key): You can access this token using --pkcs11-slot-type "label" --pkcs11-slot "OpenSC Card (PKyves)" options. And note also the subject for the client1 keyring. which in my example is: Object Type: Certificate CKA_ID: dc ef ed 19 74 73 da 44 b6 a4 ee f5 8b 1f c5 43 33 2d 1f a0 CKA_LABEL: Client1 subject: /C=FR/ST=Ile-de- France/L=Paris/O=Mandriva/CN=client1/emailAddress=ybourhis@mandriva.com serialNumber: 03 notBefore: 060621144856Z after having noted these down, I will modifie the client's configuratin file (/etc/openvpn.client.conf) by removing the cert and key lines, and I'll replace them with what follows: pkcs11-providers /usr/lib/opensc-pkcs11.so pkcs11-slot-type "label" pkcs11-slot "OpenSC Card (PKyves)" pkcs11-id-type subject pkcs11-id "/C=FR/ST=Ile-de- France/L=Paris/O=Mandriva/CN=client1/emailAddress=ybourhis@mandriva.com" Now, each time the client is started, the PIN key will be asked before connection. Next, Configure Shorewall or go back to the Table of contents Client (PC2) Configuration: urpmi openvpn cd /etc/openvpn/ cp -r /usr/share/openvpn/sample-config-files/client.conf /etc/openvpn/ in case of self build rpm, replace the last command from above by: cp -r /usr/share/doc/openvpn-2.x.x/sample-config-files/client.conf /etc/openvpn/
Page 1 and 2:
CRIPTOGRAFIA A história da criptol
Page 3 and 4:
O computador tem um impacto ainda m
Page 5 and 6:
Políbio. ± 130 a.C. Em Uruk, na r
Page 7 and 8:
esteganográfica na qual cada letra
Page 9 and 10:
CARACTERÍSTICAS • Origem: Usada
Page 11 and 12:
predeterminado de nucleotídeos, na
Page 13 and 14:
CBC - Cipher-block chaining No modo
Page 15 and 16:
O modo output feedback gera o próx
Page 17 and 18:
Em 15 de Maio de 1973, durante o re
Page 19 and 20:
Para provar a falta de segurança d
Page 21 and 22:
6F 61 0D 0A Note que os primeiros 5
Page 23 and 24:
7 62 54 46 38 30 22 14 6 61 53 45 3
Page 25 and 26:
D 12 = 0001111010101010110011001111
Page 27 and 28:
é "1" e torna-se o segundo bit de
Page 29 and 30:
K n + E(R n-1 ) = B1B2B3B4B5B6B7B8
Page 31 and 32:
A permutação P é definida pela t
Page 33 and 34:
chaves cada um" por segundo e estim
Page 35 and 36:
9c1f41ef 1001 1100 0001 1111 0100 0
Page 37 and 38:
Colisão: procura de dois textos qu
Page 39 and 40:
mensagem que produza o mesmo hash.
Page 41 and 42:
calcula um valor assinatura SA ( h(
Page 43 and 44:
padrão da estatística. Quantas pe
Page 45 and 46:
O SHA-1 foi considerado seguro porq
Page 47 and 48:
número de bytes / 3 dá resto 2 ->
Page 49 and 50:
na criptologia, quem batizou esta r
Page 51 and 52:
Com este tipo de cilindros é poss
Page 53 and 54:
que ocorre da seguinte maneira: •
Page 55 and 56:
18 Z I J K R Q A B S V D W Y O T M
Page 57 and 58:
IPSEC IPsec is a suite of protocols
Page 59 and 60:
ver This is the version of the prot
Page 61 and 62:
This AH header contains just five i
Page 63 and 64:
Tunnel Mode Tunnel Mode forms the m
Page 65 and 66:
Any other value (TCP, UDP, ICMP, et
Page 67 and 68:
NAT is used to map a range of priva
Page 69 and 70:
serve the same purpose as in AH, bu
Page 71 and 72:
ESP in Tunnel Mode Our final look o
Page 73 and 74:
The obvious solution of wrapping ES
Page 75 and 76:
• IPsec Protocol (ESP or AH) •
Page 77 and 78:
NAT Com o crescimento exponencial d
Page 79 and 80:
B C 172.16.0.0 - 172.31.255.255 192
Page 81 and 82:
Figura 4: Funcionamento do NAT sain
Page 83 and 84:
Figura 6: Funcionamento do NAT rece
Page 85 and 86:
Figura 8: um exemplo de NAT Dinâmi
Page 87 and 88:
(roteáveis) pois a tradução é f
Page 89 and 90:
caso, ocorre a coincidência de 2 m
Page 91 and 92:
Com a utilização da tradução, f
Page 93 and 94:
Figura 12: um usuário acessa a por
Page 95 and 96:
1) Commer, Douglas E. Internetworki
Page 97 and 98:
Diretrizes do design FIREWALL Este
Page 99 and 100:
Orçamento Qual é o orçamento dis
Page 101 and 102:
o hacker poderá tentar um ataque m
Page 103 and 104:
edes. Os dispositivos de firewall c
Page 105 and 106:
uma tabela de estado. Quando o trá
Page 107 and 108:
As diversas classes são as seguint
Page 109 and 110:
Atributo do firewall Suporte do fab
Page 111 and 112:
Atributo do firewall Valor Proteç
Page 113 and 114:
Tabela 3 Classe 3—Firewall de har
Page 115 and 116:
A resistência é alcançada adicio
Page 117 and 118:
Desvantagens As desvantagens dos fi
Page 119 and 120:
Atributo do firewall Valor Faixa de
Page 121 and 122:
Questão Características típicas
Page 123 and 124:
Requisitos do hardware Os requisito
Page 125 and 126:
Firewall único com componentes red
Page 127 and 128:
Firewalls tolerantes a falhasVantag
Page 129 and 130:
Desvantagens As desvantagens de um
Page 131 and 132:
disponíveis na Internet. Você dev
Page 133 and 134:
oteadores poderá ajudar a limitar
Page 135 and 136:
VPN 1. Histórico O termo VPN estev
Page 137 and 138:
transmissão VPN um túnel é o fat
Page 139 and 140:
trocadas periodicamente. O período
Page 141 and 142:
coincidirem, então é assumido que
Page 143 and 144:
Acesso remoto após as VPNs Usuári
Page 145 and 146:
para redes pequenas e com baixo vol
Page 147 and 148:
2. Funcionamento Nesta seção, ana
Page 149 and 150:
Encapsulamento L2TP O L2TP comporta
Page 151 and 152:
ede, certificação digital e auten
Page 153 and 154: Pessoas não autorizadas podem bisb
Page 155 and 156: SSL (Secure Sockets Layer, que simu
Page 157 and 158: 4.4 Detalhes do IPSec Na realidade,
Page 159 and 160: do IPSec sem que sistemas operacion
Page 161 and 162: Utilizando o IKE com o IPSec A aute
Page 163 and 164: VPN - Virtual Private Network Rede
Page 165 and 166: Acesso Remoto VPN Intranet VPN Em u
Page 167 and 168: Somente usuários e equipamentos qu
Page 169 and 170: Triple-DES O Triple-DES é uma vari
Page 171 and 172: (Encapsulated Security Payload), qu
Page 173 and 174: cidades, estados e países - se uti
Page 175 and 176: TCPDUMP TCPDUMP(1) NOME tcpdump- ca
Page 177 and 178: ether broadcast'. -q Saída rápida
Page 179 and 180: ether, fddi, tr, ip, ip6, arp, rarp
Page 181 and 182: net net/len Verdadeiro se o endere
Page 183 and 184: O tcpdump assumirá, enquanto filtr
Page 185 and 186: Negação deve ser precedida. Alter
Page 187 and 188: Introducing tcpdump packet capture
Page 189 and 190: lie within the first 20 chunks of h
Page 191 and 192: 3. what traffic to capture (packet
Page 193 and 194: text file (called net_1.0.txt.dump)
Page 195 and 196: find where the flags are located in
Page 197 and 198: # cat > filterfile dst host spider
Page 199 and 200: OPENVPN TUTORIAL Server (PC1) Confi
Page 201 and 202: Now, you may desire to configure th
Page 203: Now, start the server: service open
Page 207 and 208: vpn. References : Official Shorewal
Page 209 and 210: service openvpn restart Then, the c
Page 211 and 212: where $USER is your username on the
Page 213 and 214: NOTAS DE AULAS CRIPTOGRAFIA Existem
Page 215 and 216: Podemos melhorar o algoritmo. Em ve
Page 217 and 218: TIPOS DE CIFRAGEM. Cifragem por Blo
Page 219 and 220: - A descoberta de uma chave deve se
Page 221: Uma vez que os algoritmos simétric
show all

CRIPTOGRAFIA - FESP

Create successful ePaper yourself

Delete template?

Save as template?