| <?xml version="1.0" encoding="EUC-JP"?> |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head><!-- |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| This file is generated from xml source: DO NOT EDIT |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| --> |
| <title>SSL/TLS °Å¹æ²½: ¤Ï¤¸¤á¤Ë - Apache HTTP ¥µ¡¼¥Ð</title> |
| <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> |
| <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> |
| <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> |
| <link href="../images/favicon.ico" rel="shortcut icon" /></head> |
| <body id="manual-page"><div id="page-header"> |
| <p class="menu"><a href="../mod/">¥â¥¸¥å¡¼¥ë</a> | <a href="../mod/directives.html">¥Ç¥£¥ì¥¯¥Æ¥£¥Ö</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">ÍѸì</a> | <a href="../sitemap.html">¥µ¥¤¥È¥Þ¥Ã¥×</a></p> |
| <p class="apache">Apache HTTP ¥µ¡¼¥Ð ¥Ð¡¼¥¸¥ç¥ó 2.1</p> |
| <img alt="" src="../images/feather.gif" /></div> |
| <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> |
| <div id="path"> |
| <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP ¥µ¡¼¥Ð</a> > <a href="http://httpd.apache.org/docs-project/">¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó</a> > <a href="../">¥Ð¡¼¥¸¥ç¥ó 2.1</a> > <a href="./">SSL/TLS</a></div><div id="page-content"><div id="preamble"><h1>SSL/TLS °Å¹æ²½: ¤Ï¤¸¤á¤Ë</h1> |
| <div class="toplang"> |
| <p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> | |
| <a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p> |
| </div> |
| |
| <blockquote> |
| <p>ɸ½àµ¬³Ê¤ÎÎɤ¤½ê¤Ï¡¢¤¿¤¯¤µ¤ó¤Îµ¬³Ê¤«¤éÁª¤Ù¤ë¤È¤¤¤¦¤³¤È¤À¡£ |
| ¤½¤·¤Æ¡¢¤â¤·ËÜÅö¤Ë¤É¤Îµ¬³Ê¤âµ¤¤ËÆþ¤é¤Ê¤±¤ì¤Ð¡¢ |
| °ìǯÂԤĤÀ¤±¤Çõ¤·¤Æ¤¤¤¿µ¬³Ê¤¬¸½¤ì¤ë¡£</p> |
| |
| <p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to |
| Computer Networks"</p> |
| </blockquote> |
| |
| <p> |
| ÆþÌç¤È¤¤¤¦¤³¤È¤Ç¡¢¤³¤Î¾Ï¤Ï Web¡¢HTTP¡¢Apache ¤ËÄ̤¸¤Æ¤¤¤ë |
| ÆɼԸþ¤±¤Ç¤¹¤¬¡¢¥»¥¥å¥ê¥Æ¥£ÀìÌç²È¸þ¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ |
| SSL ¥×¥í¥È¥³¥ë¤Î·èÄêŪ¤Ê¼ê°ú¤¤Ç¤¢¤ë¤Ä¤â¤ê¤Ï¤¢¤ê¤Þ¤»¤ó¡£ |
| ¤Þ¤¿¡¢ÁÈ¿¥Æâ¤Îǧ¾Ú´ÉÍý¤Î¤¿¤á¤ÎÆÃÄê¤Î¥Æ¥¯¥Ë¥Ã¥¯¤ä¡¢ |
| Æõö¤äÍ¢½Ðµ¬À©¤Ê¤É¤Î½ÅÍפÊˡŪ¤ÊÌäÂê¤Ë¤Ä¤¤¤Æ¤â°·¤¤¤Þ¤»¤ó¡£ |
| ¤à¤·¤í¡¢¹¹¤Ê¤ë¸¦µæ¤Ø¤Î½ÐȯÅÀ¤È¤·¤Æ¿§¡¹¤Ê³µÇ°¡¢ÄêµÁ¡¢Îã¤òʤ٤뤳¤È¤Ç |
| mod_ssl ¤Î¥æ¡¼¥¶¤Ë´ðÁÃÃ챤òÄ󶡤¹¤ë»ö¤òÌÜŪ¤È¤·¤Æ¤¤¤Þ¤¹¡£</p> |
| |
| <p>¤³¤³¤Ë¼¨¤µ¤ì¤¿ÆâÍƤϼç¤Ë¡¢¸¶Ãø¼Ô¤Îµö²Ä¤Î²¼ |
| The Open Group Research Institute ¤Î <a href="http://home.earthlink.net/~fjhirsch/">Frederick J. Hirsch</a> |
| »á¤Îµ»ö <a href="http://home.earthlink.net/~fjhirsch/Papers/wwwj/article.html"> |
| Introducing SSL and Certificates using SSLeay</a> ¤ò´ð¤Ë¤·¤Æ¤¤¤Þ¤¹¡£ |
| »á¤Îµ»ö¤Ï <a href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of |
| Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997 |
| ¤Ë·ÇºÜ¤µ¤ì¤Þ¤·¤¿¡£ |
| ¹ÎÄêŪ¤Ê°Õ¸«¤Ï <a href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> »á |
| (¸µµ»ö¤ÎÃø¼Ô) ¤ØÁ´¤Æ¤Î¶ì¾ð¤Ï <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> ( |
| <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ¤Îºî¼Ô) ¤Ø¤ª´ê¤¤¤·¤Þ¤¹¡£ |
| [ÌõÃí: Ìõ¤Ë¤Ä¤¤¤Æ¤Ï <a href="mailto:apache-docs@ml.apache.or.jp"> |
| Apache ¥É¥¥å¥á¥ó¥ÈËÝÌõ¥×¥í¥¸¥§¥¯¥È</a> |
| ¤Ø¤ª´ê¤¤¤·¤Þ¤¹¡£]</p> |
| </div> |
| <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#cryptographictech">°Å¹æ²½µ»½Ñ</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#certificates">¾ÚÌÀ½ñ</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#ssl">Secure Sockets Layer (SSL)</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#references">»²¹Íʸ¸¥</a></li> |
| </ul></div> |
| <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="cryptographictech" id="cryptographictech">°Å¹æ²½µ»½Ñ</a></h2> |
| |
| <p>SSL ¤òÍý²ò¤¹¤ë¤Ë¤Ï¡¢°Å¹æ¥¢¥ë¥´¥ê¥º¥à¡¢ |
| ¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È´Ø¿ô(ÊÌ̾: °ìÊý¸þ´Ø¿ô¡¢¥Ï¥Ã¥·¥å´Ø¿ô)¡¢ |
| ÅŻҽð̾¤Ê¤É¤Ø¤ÎÍý²ò¤¬É¬ÍפǤ¹¡£ |
| ¤³¤ì¤é¤Îµ»½Ñ¤ÏËܤ¬´Ý¤´¤ÈɬÍפÊÂêÌÜ¤Ç |
| (Î㤨¤Ð [<a href="#AC96">AC96</a>] ¤ò»²¾È)¡¢ |
| ¥×¥é¥¤¥Ð¥·¡¼¡¢¿®ÍÑ¡¢Ç§¾Ú¤Ê¤É¤Îµ»½Ñ¤Î´ðÁäȤʤäƤ¤¤Þ¤¹¡£</p> |
| |
| <h3><a name="cryptographicalgo" id="cryptographicalgo">°Å¹æ¥¢¥ë¥´¥ê¥º¥à</a></h3> |
| |
| <p>Î㤨¤Ð¡¢¥¢¥ê¥¹¤¬Á÷¶â¤Î¤¿¤á¤Ë¶ä¹Ô¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ê¤¿¤¤¤È¤·¤Þ¤¹¡£ |
| ¸ýºÂÈÖ¹æ¤äÁ÷¶â¤Î¶â³Û¤¬´Þ¤Þ¤ì¤ë¤¿¤á¡¢ |
| ¥¢¥ê¥¹¤Ï¤½¤Î¥á¥Ã¥»¡¼¥¸¤òÈëÌ©¤Ë¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£ |
| ²ò·èÊýË¡¤Î°ì¤Ä¤Ï°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤ò»È¤Ã¤Æ¡¢¥á¥Ã¥»¡¼¥¸¤ò |
| Æɤޤ»¤¿¤¤¿Í°Ê³°¤ÏÆɤळ¤È¤¬¤Ç¤¤Ê¤¤°Å¹æ²½¤µ¤ì¤¿ |
| ·ÁÂÖ¤ËÊѤ¨¤Æ¤·¤Þ¤¦¤³¤È¤Ç¤¹¡£ |
| ¤½¤Î·ÁÂ֤ˤʤë¤È¡¢ |
| ¥á¥Ã¥»¡¼¥¸¤ÏÈëÌ©¤Î¸°¤Ë¤è¤Ã¤Æ¤Î¤ß²ò¼á¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| ¸°¤Ê¤·¤Ç¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤ÏÌò¤ËΩ¤Á¤Þ¤»¤ó¡£ |
| Îɤ¤°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢¿¯Æþ¼Ô¤¬¸µ¤Î¥Æ¥¥¹¥È¤ò²òÆɤ¹¤ë¤³¤È¤ò |
| Èó¾ï¤ËÆñ¤·¤¯¤¹¤ë¤¿¤á¡¢ÅØÎϤ¬³ä¤Ë¹ç¤ï¤Ê¤¯¤µ¤»¤Þ¤¹¡£</p> |
| |
| <p>°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ë¤Ï |
| ½¾Íè·¿¤È¸ø³«¸°¤ÎÆó¤Ä¤Î¼ïÎब¤¢¤ê¤Þ¤¹¡£</p> |
| |
| <dl> |
| <dt>½¾Íè·¿°Å¹æ</dt> |
| <dd>ÂоΰŹæ¤È¤·¤Æ¤âÃΤé¤ì¡¢ |
| Á÷¿®¼Ô¤È¼õ¿®¼Ô¤¬¸°¤ò¶¦Í¤¹¤ë¤³¤È¤¬É¬ÍפǤ¹¡£ |
| ¸°¤È¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤ò°Å¹æ²½¤·¤¿¤êÉü¹æ¤¹¤ë¤Î¤Ë»È¤ï¤ì¤ëÈëÌ© |
| ¤Î¾ðÊó¤Î¤³¤È¤Ç¤¹¡£ |
| ¤â¤·¡¢¤³¤Î¸°¤¬ÈëÌ©¤Ê¤é¡¢Á÷¿®¼Ô¤È¼õ¿®¼Ô°Ê³°¤Ïï¤â¥á¥Ã¥»¡¼¥¸¤òÆÉ |
| ¤à¤³¤È¤¬¤Ç¤¤Þ¤»¤ó¡£ |
| ¤â¤·¤â¡¢¥¢¥ê¥¹¤È¶ä¹Ô¤¬ÈëÌ©¤Î¸°¤òÃΤäƤ¤¤ë¤Ê¤é¡¢ |
| Èà¤é¤Ï¤ª¸ß¤¤¤ËÈëÌ©¤Î¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ë¤³¤È¤¬¤Ç¤¤ë¤Ç¤·¤ç¤¦¡£ |
| ¤¿¤À¤·¡¢»öÁ°¤ËÆâÌ©¤Ë¸°¤òÁª¤Ö¤È¤¤¤¦»Å»ö¤ÏÌäÂê¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£</dd> |
| |
| <dt>¸ø³«¸°°Å¹æ</dt> |
| <dd>ÈóÂоΰŹæ¤È¤·¤Æ¤âÃΤé¤ì¡¢ |
| ¥á¥Ã¥»¡¼¥¸¤ò°Å¹æ²½¤¹¤ë¤³¤È¤Î¤Ç¤¤ëÆó¤Ä¤Î¸° |
| ¤ò»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤òÄêµÁ¤¹¤ë¤³¤È¤Ç¸°¤Î¤ä¤ê¼è¤ê¤ÎÌäÂê¤ò²ò·è |
| ¤·¤Þ¤¹¡£ |
| ¤â¤·¡¢¤¢¤ë¸°¤¬°Å¹æ²½¤Ë»È¤ï¤ì¤¿¤Ê¤é¡¢ |
| ¤â¤¦ÊÒÊý¤Î¸°¤ÇÉü¹æ¤·¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£ |
| ¤³¤ÎÊý¼°¤Ë¤è¤Ã¤Æ¡¢°ì¤Ä¤Î¸°¤ò¸øɽ¤·¤Æ(¸ø³«¸°)¡¢ |
| ¤â¤¦ÊÒÊý¤òÈëÌ©¤Ë¤·¤Æ¤ª¤¯(ÈëÌ©¸°)¤À¤±¤Ç¡¢ |
| °ÂÁ´¤Ê¥á¥Ã¥»¡¼¥¸¤ò¼õ¤±¼è¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</dd> |
| </dl> |
| |
| <p>ï¤â¤¬°Å¹æ²½¤µ¤ì¤¿¥á¥Ã¥»¡¼¥¸¤ò¸ø³«¸°¤Ë¤è¤Ã¤Æ°Å¹æ²½ |
| ¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¤¬¡¢ÈëÌ©¸°¤Î»ý¤Á¼ç¤À¤±¤¬¤½¤ì¤òÆɤळ¤È¤¬ |
| ¤Ç¤¤Þ¤¹¡£ |
| ¤³¤ÎÊýË¡¤Ç¡¢¶ä¹Ô¤Î¸ø³«¸°¤ò»È¤Ã¤Æ°Å¹æ²½¤¹¤ë¤³¤È¤Ç¡¢ |
| ¥¢¥ê¥¹¤ÏÈëÌ©¤Î¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| ¶ä¹Ô¤Î¤ß¤¬Éü¹æ¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</p> |
| |
| |
| <h3><a name="messagedigests" id="messagedigests">¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È</a></h3> |
| |
| <p>¥¢¥ê¥¹¤Ï¥á¥Ã¥»¡¼¥¸¤òÈëÌ©¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¤¬¡¢ |
| 狼¤¬Î㤨¤Ð¼«Ê¬¤ËÁ÷¶â¤¹¤ë¤è¤¦¤Ë¥á¥Ã¥»¡¼¥¸¤òÊѹ¹¤·¤¿¤ê¡¢ |
| Ê̤Τâ¤Î¤ËÃÖ¤´¹¤¨¤Æ¤·¤Þ¤¦¤«¤â¤·¤ì¤Ê¤¤¤È¤¤¤¦ÌäÂ꤬¤¢¤ê¤Þ¤¹¡£ |
| ¥¢¥ê¥¹¤Î¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤòÊݾڤ¹¤ëÊýË¡¤Î°ì¤Ä¤Ï¡¢ |
| ¥á¥Ã¥»¡¼¥¸¤Î´Ê·é¤Ê¥À¥¤¥¸¥§¥¹¥È¤òºî¤Ã¤Æ¡¢¤½¤ì¤â¶ä¹Ô¤ËÁ÷¤ë¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£ |
| ¥á¥Ã¥»¡¼¥¸¤ò¼õ¤±¼è¤ë¤È¶ä¹Ô¤â¥À¥¤¥¸¥§¥¹¥È¤òºîÀ®¤·¡¢ |
| ¥¢¥ê¥¹¤¬Á÷¤Ã¤¿¤â¤Î¤ÈÈæ¤Ù¤Þ¤¹¡£¤â¤·°ìÃפ·¤¿¤Ê¤é¡¢ |
| ¼õ¤±¼è¤Ã¤¿¥á¥Ã¥»¡¼¥¸¤Ï̵½ý¤À¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</p> |
| |
| <p>¤³¤Î¤è¤¦¤ÊÍ×Ìó¤Ï<dfn>¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È</dfn>¡¢ |
| <em>°ìÊý¹Ô´Ø¿ô</em>¡¢¤Þ¤¿¤Ï<em>¥Ï¥Ã¥·¥å´Ø¿ô</em>¤È¸Æ¤Ð¤ì¤Þ¤¹¡£ |
| ¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È¤ÏŤ¤²ÄÊÑĹ¤Î¥á¥Ã¥»¡¼¥¸¤«¤é |
| û¤¤¸ÇÄêŤÎɽ¸½¤òºî¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£ |
| ¥À¥¤¥¸¥§¥¹¥È¥¢¥ë¥´¥ê¥º¥à¤Ï¥á¥Ã¥»¡¼¥¸¤«¤é |
| °ì°Õ¤Ê¥À¥¤¥¸¥§¥¹¥È¤òÀ¸À®¤¹¤ë¤è¤¦¤Ëºî¤é¤ì¤Æ¤¤¤Þ¤¹¡£ |
| ¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È¤Ï¥À¥¤¥¸¥§¥¹¥È¤«¤é¸µ¤Î¥á¥Ã¥»¡¼¥¸¤ò |
| ȽÄꤹ¤ë¤Î¤¬¤È¤Æ¤âÆñ¤·¤¤¤è¤¦¤Ë¤Ç¤¤Æ¤¤¤Þ¤¹¡£ |
| ¤Þ¤¿¡¢Æ±¤¸Í×Ìó¤òºîÀ®¤¹¤ëÆó¤Ä¤Î¥á¥Ã¥»¡¼¥¸¤òõ¤¹¤Î¤ÏÉÔ²Äǽ¤Ç¤¹¡£ |
| ¤è¤Ã¤Æ¡¢Æ±¤¸Í×Ìó¤ò»È¤Ã¤Æ¥á¥Ã¥»¡¼¥¸¤òÃÖ¤´¹¤¨¤ë¤È¤¤¤¦ |
| ²ÄǽÀ¤òÇÓ½ü¤·¤Æ¤¤¤Þ¤¹¡£</p> |
| |
| <p>¥¢¥ê¥¹¤Ø¤Î¤â¤¦°ì¤Ä¤ÎÌäÂê¤Ï¡¢¤³¤Î¥À¥¤¥¸¥§¥¹¥È¤ò°ÂÁ´¤ËÁ÷¤ëÊýË¡¤òõ¤¹¤³¤È¤Ç¤¹¡£ |
| ¤³¤ì¤¬¤Ç¤¤ì¤Ð¡¢¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤ¬Êݾڤµ¤ì¤Þ¤¹¡£ |
| °ì¤Ä¤ÎÊýË¡¤Ï¤³¤Î¥À¥¤¥¸¥§¥¹¥È¤ËÅŻҽð̾¤ò´Þ¤à¤³¤È¤Ç¤¹¡£</p> |
| |
| |
| <h3><a name="digitalsignatures" id="digitalsignatures">ÅŻҽð̾</a></h3> |
| <p>¥¢¥ê¥¹¤¬¶ä¹Ô¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤Ã¤¿¤È¤¡¢¶ä¹Ô¤Ï¡¢ |
| ¿¯Æþ¼Ô¤¬Èà½÷¤Ë¤Ê¤ê¤¹¤Þ¤·¤ÆÈà½÷¤Î¸ýºÂ¤Ø¤Î¼è°ú¤ò¿½ÀÁ¤·¤Æ¤¤¤Ê¤¤¤«¡¢ |
| ¥á¥Ã¥»¡¼¥¸¤¬ËÜÅö¤ËÈà½÷¤«¤é¤Î¤â¤Î¤«³Î¼Â¤Ëʬ¤«¤é¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£ |
| ¥¢¥ê¥¹¤Ë¤è¤Ã¤ÆºîÀ®¤µ¤ì¡¢¥á¥Ã¥»¡¼¥¸¤Ë´Þ¤Þ¤ì¤¿ |
| <em>ÅŻҽð̾</em>¤¬¤³¤³¤ÇÌò¤ËΩ¤Á¤Þ¤¹¡£</p> |
| |
| <p>ÅŻҽð̾¤Ï¥á¥Ã¥»¡¼¥¸¤Î¥À¥¤¥¸¥§¥¹¥È¤ä¤½¤Î¾¤Î¾ðÊó(½èÍýÈÖ¹æ¤Ê¤É)¤ò |
| Á÷¿®¼Ô¤ÎÈëÌ©¸°¤Ç°Å¹æ²½¤¹¤ë¤³¤È¤Çºî¤é¤ì¤Þ¤¹¡£ |
| ï¤â¤¬¸ø³«¸°¤ò»È¤Ã¤Æ½ð̾¤ò<em>Éü¹æ</em>¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¤¬¡¢ |
| ½ð̾¼Ô¤Î¤ß¤¬ÈëÌ©¸°¤òÃΤäƤ¤¤Þ¤¹¡£ |
| ¤³¤ì¤Ï¡¢Èà¤é¤Î¤ß¤¬½ð̾¤·¤¨¤¿¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ |
| ¥À¥¤¥¸¥§¥¹¥È¤òÅŻҽð̾¤Ë´Þ¤à¤³¤È¤Ï¡¢ |
| ¤½¤Î½ð̾¤¬¤½¤Î¥á¥Ã¥»¡¼¥¸¤Î¤ß¤Ë͸ú¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ |
| ¤³¤ì¤Ï¡¢Ã¯¤â¥À¥¤¥¸¥§¥¹¥È¤òÊѤ¨¤Æ½ð̾¤ò¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¤¿¤á¡¢ |
| ¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤâÊݾڤ·¤Þ¤¹¡£</p> |
| |
| <p>¿¯Æþ¼Ô¤¬½ð̾¤ò˵¼õ¤·¤Æ¸åÆü¤ËºÆÍøÍѤ¹¤ë¤Î¤òËɤ°¤¿¤á |
| ÅŻҽð̾¤Ë¤Ï°ì°Õ¤Ê½èÍýÈֹ椬´Þ¤Þ¤ì¤Þ¤¹¡£ |
| ¤³¤ì¤Ï¡¢¥¢¥ê¥¹¤¬¤½¤ó¤Ê¥á¥Ã¥»¡¼¥¸¤ÏÁ÷¤Ã¤Æ¤¤¤Ê¤¤¤È¸À¤¦º¾µ½ |
| ¤«¤é¶ä¹Ô¤ò¼é¤ê¤Þ¤¹¡£ |
| Èà½÷¤À¤±¤¬½ð̾¤·¤¨¤¿¤«¤é¤Ç¤¹¡£(ÈÝǧËÉ»ß)</p> |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="certificates" id="certificates">¾ÚÌÀ½ñ</a></h2> |
| |
| <p>¥¢¥ê¥¹¤ÏÈëÌ©¤Î¥á¥Ã¥»¡¼¥¸¤ò¶ä¹Ô¤ËÁ÷¤ê¡¢ |
| ½ð̾¤ò¤·¤Æ¡¢¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤòÊݾڤ¹¤ë¤³¤È¤¬¤Ç¤¤ë¤ª¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¤¬¡¢ |
| ÄÌ¿®¤·¤Æ¤¤¤ëÁê¼ê¤¬ËÜÅö¤Ë¶ä¹Ô¤Ê¤Î¤«³Î¤«¤á¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£ |
| ¤³¤ì¤Ï¡¢Èà½÷¤¬»È¤¦¸ø³«¸°¤¬¶ä¹Ô¤ÎÈëÌ©¸°¤ÈÂФˤʤäƤ¤¤ë¤â¤Î¤«¡¢ |
| Èà½÷¤Ï³Î¤«¤á¤Ê¤¯¤Æ¤Ï¤¤¤±¤Ê¤¤¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ |
| ƱÍͤˡ¢¶ä¹Ô¤Ï¥á¥Ã¥»¡¼¥¸¤Î½ð̾¤¬ËÜÅö¤Ë¥¢¥ê¥¹¤Î½ð̾¤«³Îǧ¤¹¤ëɬÍפ¬ |
| ¤¢¤ê¤Þ¤¹¡£</p> |
| |
| <p>¤â¤·Î¾¼Ô¤Ë¿È¸µ¤ò¾ÚÌÀ¤·¡¢¸ø³«¸°¤ò³Îǧ¤·¡¢¤Þ¤¿¿®Íꤵ¤ì¤¿µ¡´Ø¤¬½ð̾ |
| ¤·¤¿¾ÚÌÀ½ñ¤¬¤¢¤ì¤Ð¡¢Î¾¼Ô¤È¤âÄÌ¿®Áê¼ê¤Ë¤Ä¤¤¤ÆÀµ¤·¤¤Áê¼ê¤À¤È |
| ³Î¿®¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| ¤½¤Î¤è¤¦¤Ê¿®Íꤵ¤ì¤¿µ¡´Ø¤Ï<em>ǧ¾Ú¶É</em> |
| (Certificate Authority ¤Þ¤¿¤Ï CA) ¤È¸Æ¤Ð¤ì¡¢ |
| ¾ÚÌÀ½ñ (certificate) ¤¬Ç§¾Ú (authentication) ¤Ë»È¤ï¤ì¤Þ¤¹¡£</p> |
| |
| <h3><a name="certificatecontents" id="certificatecontents">¾ÚÌÀ½ñ¤ÎÆâÍÆ</a></h3> |
| |
| <p>¾ÚÌÀ½ñ¤Ï¸ø³«¸°¤È¸Ä¿Í¡¢¥µ¡¼¥Ð¡¢¤½¤Î¾¤Î¼çÂΤμºߤοȸµ¤ò |
| ´ØÏ¢ÉÕ¤±¤Þ¤¹¡£ |
| <a href="#table1">ɽ1</a>¤Ë¼¨¤µ¤ì¤ë¤è¤¦¤Ë¾ÚÌÀÂоݤξðÊó¤Ï |
| ¿È¸µ¾ÚÌÀ¤Î¾ðÊó(¼±ÊÌ̾)¤È¸ø³«¸°¤¬´Þ¤Þ¤ì¤Þ¤¹¡£ |
| ¾ÚÌÀ½ñ¤Ï¤Þ¤¿¡¢Ç§¾Ú¶É¤Î¿È¸µ¾ÚÌÀ¤È½ð̾¡¢¤½¤·¤Æ¾ÚÌÀ½ñ¤Î͸ú´ü´Ö¤ò |
| ´Þ¤ß¤Þ¤¹¡£ |
| ¥·¥ê¥¢¥ë¥Ê¥ó¥Ð¡¼¤Ê¤É¤Îǧ¾Ú¶É¤Î´ÉÍý¾å¤Î¾ðÊó¤ä |
| ¤½¤Î¾¤ÎÄɲäξðÊ󤬴ޤޤì¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</p> |
| |
| <h4><a name="table1" id="table1">ɽ1: ¾ÚÌÀ½ñ¾ðÊó</a></h4> |
| |
| <table> |
| |
| <tr><th>¾ÚÌÀÂоÝ</th> |
| <td>¼±ÊÌ̾¡¢¸ø³«¸°</td></tr> |
| <tr><th>ȯ¹Ô¼Ô</th> |
| <td>¼±ÊÌ̾¡¢¸ø³«¸°</td></tr> |
| <tr><th>͸ú´ü´Ö</th> |
| <td>³«»ÏÆü¡¢¼º¸úÆü</td></tr> |
| <tr><th>´ÉÍý¾ðÊó</th> |
| <td>¥Ð¡¼¥¸¥ç¥ó¡¢¥·¥ê¥¢¥ë¥Ê¥ó¥Ð¡¼</td></tr> |
| <tr><th>³ÈÄ¥¾ðÊó</th> |
| <td>´ðËÜŪ¤ÊÀ©Ì󡢥ͥåȥ¹¥±¡¼¥×¥Õ¥é¥Ã¥°¡¢¤½¤Î¾</td></tr> |
| </table> |
| |
| |
| <p>¼±ÊÌ̾(¥Ç¥£¥¹¥Æ¥£¥ó¥°¥¤¥Ã¥·¥å¡¦¥Í¡¼¥à)¤ÏÆÃÄê¤Î¾õ¶·¤Ë¤ª¤±¤ë |
| ¿Èʬ¾ÚÌÀ¤òÄ󶡤¹¤ë¤Î¤Ë»È¤ï¤ì¤Æ¤¤¤Þ¤¹¡£Î㤨¤Ð¡¢¤¢¤ë¿Í¤Ï |
| »äÍѤȲñ¼Ò¤È¤ÇÊÌ¡¹¤Î¿Èʬ¾ÚÌÀ¤ò»ý¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¡£ |
| |
| ¼±ÊÌ̾¤Ï X.509 ɸ½àµ¬³Ê [<a href="#X509">X509</a>] ¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ |
| X.509 ɸ½àµ¬³Ê¤Ï¡¢¹àÌÜ¡¢¹àÌÜ̾¡¢¤½¤·¤Æ¹àÌܤÎά¾Î¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£(<a href="#table2">ɽ |
| 2</a> »²¾È)</p> |
| |
| <h4><a name="table2" id="table2">ɽ 2: ¼±ÊÌ̾¾ðÊó</a></h4> |
| |
| <table class="bordered"> |
| |
| <tr><th>¼±ÊÌ̾¹àÌÜ</th> |
| <th>ά¾Î</th> |
| <th>ÀâÌÀ</th> |
| <th>Îã</th></tr> |
| <tr><td>Common Name (¥³¥â¥ó¥Í¡¼¥à)</td> |
| <td>CN</td> |
| <td>ǧ¾Ú¤µ¤ì¤ë̾Á°<br /> |
| SSLÀܳ¤¹¤ëURL</td> |
| <td>CN=www.example.com</td></tr> |
| <tr><td>Organization or Company (ÁÈ¿¥Ì¾)</td> |
| <td>O</td> |
| <td>ÃÄÂΤÎÀµ¼°±Ñ¸ìÁÈ¿¥Ì¾</td> |
| <td>O=Example Japan K.K.</td></tr> |
| <tr><td>Organizational Unit (ÉôÌç̾)</td> |
| <td>OU</td> |
| <td>Éô½ð̾¤Ê¤É</td> |
| <td>OU=Customer Service</td></tr> |
| <tr><td>City/Locality (»Ô¶èĮ¼)</td> |
| <td>L</td> |
| <td>½êºß¤·¤Æ¤ë»Ô¶èĮ¼</td> |
| <td>L=Sapporo</td></tr> |
| <tr><td>State/Province (ÅÔÆ»Éܸ©)</td> |
| <td>ST</td> |
| <td>½êºß¤·¤Æ¤ëÅÔÆ»Éܸ©</td> |
| <td>ST=Hokkaido</td></tr> |
| <tr><td>Country(¹ñ)</td> |
| <td>C</td> |
| <td>½êºß¤·¤Æ¤¤¤ë¹ñ̾¤Î ISO ¥³¡¼¥É<br /> |
| ÆüËܤξì¹ç JP |
| </td> |
| <td>C=JP</td></tr> |
| </table> |
| |
| |
| <p>ǧ¾Ú¶É¤Ï¤É¤Î¹àÌܤ¬¾Êά²Äǽ¤Ç¤É¤ì¤¬É¬¿Ü¤«¤ÎÊý¿Ë¤òÄêµÁ¤¹¤ë |
| ¤«¤â¤·¤ì¤Þ¤»¤ó¡£¹àÌܤÎÆâÍƤˤĤ¤¤Æ¤âǧ¾Ú¶É¤ä¾ÚÌÀ½ñ¤Î¥æ¡¼¥¶¤«¤é¤Î |
| Í׷郎¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£ |
| Î㤨¤Ð¡¢¥Í¥Ã¥È¥¹¥±¡¼¥×¤Î¥Ö¥é¥¦¥¶¤Ï¥µ¡¼¥Ð¤Î¾ÚÌÀ½ñ¤Î |
| Common Name (¥³¥â¥ó¥Í¡¼¥à)¤¬¥µ¡¼¥Ð¤Î¥É¥á¥¤¥ó̾¤Î |
| <code>*.example.com</code> |
| ¤È¤¤¤¦¤è¤¦¤Ê¥ï¥¤¥ë¥É¥«¡¼¥É¤Î¥Ñ¥¿¡¼¥ó¤Ë¥Þ¥Ã¥Á¤¹¤ë¤³¤È |
| ¤òÍ׵ᤷ¤Þ¤¹¡£</p> |
| |
| <p>¥Ð¥¤¥Ê¥ê·Á¼°¤Î¾ÚÌÀ½ñ¤Ï ASN.1 ɽµË¡ |
| [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>] ¤Ç |
| ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ |
| ¤³¤ÎɽµË¡¤ÏÆâÍƤò¤É¤Î¤è¤¦¤Ëµ½Ò¤¹¤ë¤«¤òÄêµÁ¤·¡¢ |
| Éä¹æ²½¤Îµ¬Ä꤬¤³¤Î¾ðÊ󤬤ɤΤ褦¤Ë¥Ð¥¤¥Ê¥ê·Á¼°¤ËÊÑ´¹¤µ¤ì¤ë¤«¤ò |
| ÄêµÁ¤·¤Þ¤¹¡£ |
| ¾ÚÌÀ½ñ¤Î¥Ð¥¤¥Ê¥êÉä¹æ²½¤Ï Distinguished Encoding |
| Rules (DER) ¤ÇÄêµÁ¤µ¤ì¡¢¤½¤ì¤Ï¤è¤ê°ìÈÌŪ¤Ê Basic Encoding Rules |
| (BER) ¤Ë´ð¤Å¤¤¤Æ¤¤¤Þ¤¹¡£ |
| ¥Ð¥¤¥Ê¥ê·Á¼°¤ò°·¤¦¤³¤È¤Î¤Ç¤¤Ê¤¤Á÷¿®¤Ç¤Ï¡¢ |
| ¥Ð¥¤¥Ê¥ê·Á¼°¤Ï Base64 Éä¹æ²½ [<a href="#MIME">MIME</a>] ¤Ç |
| ASCII ·Á¼°¤ËÊÑ´¹¤µ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ |
| ¤³¤Î¤è¤¦¤ËÉä¹æ²½¤µ¤ì¡¢°Ê²¼¤ÎÎã¤Ë¼¨¤µ¤ì¤ë¤è¤¦¤Ë¶èÀÚ¤ê¹Ô¤Ë |
| ¶´¤Þ¤ì¤¿¤â¤Î¤Ï PEM Éä¹æ²½¤µ¤ì¤¿¤È¸À¤¤¤Þ¤¹¡£ |
| (PEM ¤Î̾Á°¤Ï "Privacy Enhanced Mail" ¤ËͳÍ褷¤Þ¤¹)</p> |
| |
| <div class="example"><h3>PEM Éä¹æ²½¤µ¤ì¤¿¾ÚÌÀ½ñ¤ÎÎã (example.crt)</h3><pre>-----BEGIN CERTIFICATE----- |
| MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx |
| FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG |
| A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv |
| cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz |
| bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL |
| MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h |
| a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl |
| cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN |
| AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
| gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b |
| vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa |
| lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV |
| HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB |
| gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt |
| 2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7 |
| dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ== |
| -----END CERTIFICATE-----</pre></div> |
| |
| |
| <h3><a name="certificateauthorities" id="certificateauthorities">ǧ¾Ú¶É</a></h3> |
| |
| <p>¤Þ¤º¾ÚÌÀ½ñ¤Î¿½ÀÁ¤Î¾ðÊó¤ò³Îǧ¤¹¤ë¤³¤È¤Ç¡¢ |
| ǧ¾Ú¶É¤ÏÈëÌ©¸°¤Î»ý¤Á¼ç¤Î¿È¸µ¤òÊݾڤ·¤Þ¤¹¡£ |
| Î㤨¤Ð¡¢¥¢¥ê¥¹¤¬¸Ä¿Í¾ÚÌÀ½ñ¤ò¿½ÀÁ¤·¤¿¤È¤¹¤ë¤È¡¢ |
| ǧ¾Ú¶É¤Ï¥¢¥ê¥¹¤¬¾ÚÌÀ½ñ¤Î¿½ÀÁ¤¬¼çÄ¥¤¹¤ëÄ̤ê¤Î |
| ¿Íʪ¤À¤È¤¤¤¦¤³¤È¤ò³Îǧ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£</p> |
| |
| <h4><a name="certificatechains" id="certificatechains">¾ÚÌÀ½ñ³¬Áع½Â¤</a></h4> |
| |
| <p>ǧ¾Ú¶É¤Ï¾¤Îǧ¾Ú¶É¤Ø¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| ̤ÃΤξÚÌÀ½ñ¤òÄ´¤Ù¤ë»þ¤Ë¡¢¥¢¥ê¥¹¤Ï¤½¤Î¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô |
| ¤Ë¼«¿®¤¬»ý¤Æ¤ë¤Þ¤Ç¡¢È¯¹Ô¼Ô¤Î¾ÚÌÀ½ñ¤ò |
| ¤½¤Î¾å°Ì³¬ÁؤÎǧ¾Ú¶É¤ò¤¿¤É¤Ã¤ÆÄ´¤Ù¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ |
| ¡Ö°¼Á¤Ê¡×¾ÚÌÀ½ñ¤Î´í¸±À¤ò¸º¤é¤¹¤¿¤á¡¢ |
| Èà½÷¤Ï¸Â¤é¤ì¤¿Ï¢º¿¤Îȯ¹Ô¼Ô¤Î¤ß¿®Íꤹ¤ë¤è¤¦¤Ë |
| ·è¤á¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</p> |
| |
| |
| <h4><a name="rootlevelca" id="rootlevelca">ºÇ¾å°Ìǧ¾Ú¶É¤ÎºîÀ®</a></h4> |
| |
| <p>Á°¤Ë½Ò¤Ù¤¿¤è¤¦¤Ë¡¢Á´¤Æ¤Î¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤Æ¡¢ |
| ºÇ¾å°Ì¤Îǧ¾Ú¶É(CA)¤Þ¤Ç¤½¤ì¤¾¤ì¤Îȯ¹Ô¼Ô¤¬ |
| Âоݤοȸµ¾ÚÌÀ¤Î͸úÀ¤òÌÀ¤é¤«¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ |
| ÌäÂê¤Ï¡¢Ã¯¤¬¤½¤ÎºÇ¾å°Ì¤Îǧ¾Úµ¡´Ø¤Î¾ÚÌÀ½ñ¤òÊݾڤ¹¤ë¤Î¤«¡¢ |
| ¤È¤¤¤¦¤³¤È¤Ç¤¹¡£ |
| ¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¸Â¤ê¡¢¾ÚÌÀ½ñ¤Ï¡Ö¼«¸Ê½ð̾¡×¤µ¤ì¤Þ¤¹¡£ |
| ¤Ä¤Þ¤ê¡¢¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô¤È¾ÚÌÀÂоݤ¬Æ±¤¸¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£ |
| ¤½¤Î·ë²Ì¡¢¼«¸Ê½ð̾¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò¿®ÍѤ¹¤ë¤Ë¤Ï |
| ºÙ¿´¤ÎÃí°Õ¤¬É¬ÍפǤ¹¡£ |
| ºÇ¾å°Ìǧ¾Ú¶É¤¬¸ø³«¸°¤ò¹¤¯¸øɽ¤¹¤ë¤³¤È¤Ç¡¢ |
| ¤½¤Î¸°¤ò¿®Íꤹ¤ë¥ê¥¹¥¯¤òÄ㤯¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| ¤â¤·¡¢Â¾¿Í¤¬¤½¤Îǧ¾Ú¶É¤Ë¤Ê¤ê¤¹¤Þ¤·¤¿»þ¤Ë¡¢¤½¤ì¤¬Ïª¸«¤·¤ä |
| ¤¹¤¤¤«¤é¤Ç¤¹¡£ |
| ¿¤¯¤Î¥Ö¥é¥¦¥¶¤ÏÍ̾¤Êǧ¾Ú¶É¤ò¿®Íꤹ¤ë¤è¤¦¤Ë |
| ÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£</p> |
| |
| <p><a href="http://www.thawte.com/">Thawte</a> |
| ¤ä <a href="http://www.verisign.com/">VeriSign</a> |
| ¤Î¤è¤¦¤Ê¿¤¯¤Î²ñ¼Ò¤¬Ç§¾Ú¶É¤È¤·¤Æ³«Àߤ·¤Þ¤·¤¿¡£ |
| ¤³¤Î¤è¤¦¤Ê²ñ¼Ò¤Ï°Ê²¼¤Î¥µ¡¼¥Ó¥¹¤òÄ󶡤·¤Þ¤¹:</p> |
| |
| <ul> |
| <li>¾ÚÌÀ½ñ¿½ÀÁ¤Î³Îǧ</li> |
| <li>¾ÚÌÀ½ñ¿½ÀÁ¤Î½èÍý</li> |
| <li>¾ÚÌÀ½ñ¤Îȯ¹Ô¤È´ÉÍý</li> |
| </ul> |
| |
| <p>¼«Ê¬¤Çǧ¾Ú¶É¤òºî¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£ |
| ¥¤¥ó¥¿¡¼¥Í¥Ã¥È´Ä¶¤Ç¤Ï´í¸±¤Ç¤¹¤¬¡¢ |
| ¸Ä¿Í¤ä¥µ¡¼¥Ð¤Î¿È¸µ¾ÚÌÀ¤¬´Êñ¤Ë¹Ô¤¨¤ëÁÈ¿¥¤Î |
| ¥¤¥ó¥È¥é¥Í¥Ã¥ÈÆâ¤Ç¤ÏÌò¤ËΩ¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¡£</p> |
| |
| |
| <h4><a name="certificatemanagement" id="certificatemanagement">¾ÚÌÀ½ñ´ÉÍý</a></h4> |
| |
| <p>ǧ¾Ú¶É¤Î³«ÀߤÏÅ°Ä줷¤¿´ÉÍý¡¢µ»½Ñ¡¢±¿ÍѤÎÂÎÀ©¤òɬÍפȤ¹¤ë |
| ÀÕǤ¤Î¤¢¤ë»Å»ö¤Ç¤¹¡£ |
| ǧ¾Ú¶É¤Ï¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤À¤±¤Ç¤Ê¤¯¡¢ |
| ´ÉÍý¤â¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ |
| ¶ñÂÎŪ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤¬¤¤¤Ä¤Þ¤Ç͸ú¤«¤ò·èÄꤷ¡¢¹¹¿·¤·¡¢ |
| ¤Þ¤¿´û¤Ëȯ¹Ô¤µ¤ì¤¿¤¬¼º¸ú¤·¤¿¾ÚÌÀ½ñ¤Î¥ê¥¹¥È |
| (Certificate Revocation Lists ¤Þ¤¿¤Ï CRL) |
| ¤ò´ÉÍý¤·¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£ |
| Î㤨¤Ð¡¢¥¢¥ê¥¹¤¬²ñ¼Ò¤«¤é¼Ò°÷¤È¤·¤Æ¾ÚÌÀ½ñ¤òÍ¿¤¨¤é¤ì¤¿¤È¤·¤Þ¤¹¡£ |
| ¤½¤·¤Æ¡¢¥¢¥ê¥¹¤¬²ñ¼Ò¤ò¼¤á¤ë¤È¤¤Ë¤Ï¾ÚÌÀ½ñ¤ò¼è¤ê¾Ã¤µ¤Ê¤±¤ì¤Ð |
| ¤¤¤±¤Ê¤¤¤È¤·¤Þ¤¹¡£ |
| ¾ÚÌÀ½ñ¤Ï¼¡¡¹¤È¿Í¤ËÅϤµ¤ì¤Æ¤¤¤¯¤â¤Î¤Ê¤Î¤Ç¡¢ |
| ¾ÚÌÀ½ñ¤½¤Î¤â¤Î¤«¤é¡¢¤½¤ì¤¬¼è¤ê¾Ã¤µ¤ì¤¿¤«È½ÃǤ¹¤ë¤³¤È¤Ï |
| ÉÔ²Äǽ¤Ç¤¹¡£ |
| ¤è¤Ã¤Æ¡¢¾ÚÌÀ½ñ¤Î͸úÀ¤òÄ´¤Ù¤ë¤È¤¤Ë¤Ï¡¢ |
| ǧ¾Ú¶É¤ËÏ¢Íí¤·¤Æ CRL ¤ò¾È¹ç¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ |
| ÉáÄ̤³¤Î²áÄø¤Ï¼«Æ°²½¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</p> |
| |
| <div class="note"><h3>Ãí°Õ</h3> |
| <p>¥Ç¥Õ¥©¥ë¥È¤Ç¥Ö¥é¥¦¥¶¤ËÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤Ç§¾Ú¶É¤ò»È¤Ã¤¿¾ì¹ç¡¢ |
| ǧ¾Ú¶É¤Î¾ÚÌÀ½ñ¤ò¥Ö¥é¥¦¥¶¤ËÆɤ߹þ¤ó¤Ç¡¢ |
| ¥Ö¥é¥¦¥¶¤¬¤½¤Îǧ¾Ú¶É¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¥µ¡¼¥Ð¤Î¾ÚÌÀ½ñ¤ò |
| ͸ú²½¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ |
| °ìÅÙÆɤ߹þ¤Þ¤ì¤ë¤È¡¢¤½¤Îǧ¾Ú¶É¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿Á´¤Æ¤Î |
| ¾ÚÌÀ½ñ¤ò¼õ¤±Æþ¤ì¤ë¤¿¤á¡¢´í¸±¤òȼ¤¤¤Þ¤¹¡£</p> |
| </div> |
| |
| |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="ssl" id="ssl">Secure Sockets Layer (SSL)</a></h2> |
| |
| <p>Secure Sockets Layer ¥×¥í¥È¥³¥ë¤Ï¿®ÍêÀ¤Î¤¢¤ë¥³¥Í¥¯¥·¥ç¥ó·¿¤Î |
| ¥Í¥Ã¥È¥ï¡¼¥¯ÁؤΥץí¥È¥³¥ë(Î㤨¤Ð¡¢TCP/IP)¤È |
| ¥¢¥×¥ê¥±¡¼¥·¥ç¥óÁؤΥץí¥È¥³¥ë(Î㤨¤Ð¡¢HTTP) |
| ¤Î´Ö¤ËÃÖ¤¯¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| SSL ¤Ï¡¢Áê¸ßǧ¾Ú¤Ë¤è¤Ã¤Æ¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È´Ö¤Î°ÂÁ´¤ÊÄÌ¿®¤ò¡¢ |
| ÅŻҽð̾¤Ë¤è¤Ã¤Æ¥Ç¡¼¥¿¤Î´°Á´À¤ò¡¢ |
| ¤½¤·¤Æ°Å¹æ²½¤Ë¤è¤Ã¤Æ¥×¥é¥¤¥Ð¥·¤òÄ󶡤·¤Þ¤¹¡£</p> |
| |
| <p>SSL ¥×¥í¥È¥³¥ë¤Ï°Å¹æ²½¡¢¥À¥¤¥¸¥§¥¹¥È¡¢ÅŻҽð̾¤Ë¤Ä¤¤¤Æ¡¢ |
| ÍÍ¡¹¤Ê¥¢¥ë¥´¥ê¥º¥à¤ò¥µ¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¤Ç¤¤Æ¤¤¤Þ¤¹¡£ |
| ¤³¤¦¤¹¤ë¤³¤È¤Ç¡¢Ë¡¤äÍ¢½Ð¤Îµ¬À©¤ò¹Íθ¤ËÆþ¤ì¤Æ¡¢¥µ¡¼¥Ð¤Ë¹ç¤ï¤»¤¿ |
| ¥¢¥ë¥´¥ê¥º¥à¤òÁª¤Ö¤³¤È¤¬¤Ç¤¡¢¤Þ¤¿¡¢¿·¤·¤¤¥¢¥ë¥´¥ê¥º¥à¤ò |
| ÍøÍѤ·¤Æ¤¤¤¯¤³¤È¤â²Äǽ¤Ë¤·¤Æ¤¤¤Þ¤¹¡£ |
| ¥¢¥ë¥´¥ê¥º¥à¤ÎÁªÂò¤Ï¥×¥í¥È¥³¥ë¥»¥Ã¥·¥ç¥ó³«»Ï»þ¤Ë |
| ¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È´Ö¤Ç¼è¤ê·è¤á¤é¤ì¤Þ¤¹¡£</p> |
| |
| <h3><a name="table4" id="table4">ɽ4: SSL ¥×¥í¥È¥³¥ë¤Î¥Ð¡¼¥¸¥ç¥ó</a></h3> |
| |
| <table class="bordered"> |
| |
| <tr><th>¥Ð¡¼¥¸¥ç¥ó</th> |
| <th>½Ðŵ</th> |
| <th>ÀâÌÀ</th> |
| <th>¥Ö¥é¥¦¥¶¤Î¥µ¥Ý¡¼¥È</th></tr> |
| <tr><td>SSL v2.0</td> |
| <td>Vendor Standard (Netscape Corp. ¤è¤ê) [<a href="#SSL2">SSL2</a>]</td> |
| <td>¼ÂÁõ¤¬¸½Â¸¤¹¤ë½é¤á¤Æ¤Î SSL ¥×¥í¥È¥³¥ë</td> |
| <td>- NS Navigator 1.x/2.x<br /> |
| - MS IE 3.x<br /> |
| - Lynx/2.8+OpenSSL</td></tr> |
| <tr><td>SSL v3.0</td> |
| <td>Expired Internet Draft (Netscape Corp. ¤è¤ê) [<a href="#SSL3">SSL3</a>]</td> |
| <td>ÆÃÄê¤Î¥»¥¥å¥ê¥Æ¥£¹¶·â¤òËɤ°¤¿¤á¤Î²þÄû¡¢ |
| ÈóRSA °Å¹æ¤ÎÄɲᢾÚÌÀ½ñ³¬Áع½Â¤¤Î¥µ¥Ý¡¼¥È</td> |
| <td>- NS Navigator 2.x/3.x/4.x<br /> |
| - MS IE 3.x/4.x<br /> |
| - Lynx/2.8+OpenSSL</td></tr> |
| <tr><td>TLS v1.0</td> |
| <td>Proposed Internet Standard (IETF ¤è¤ê) [<a href="#TLS1">TLS1</a>]</td> |
| <td>MAC ¥ì¥¤¥ä¤ò HMAC ¤Ø¹¹¿·¡¢¥Ö¥í¥Ã¥¯°Å¹æ¤Î block |
| padding¡¢¥á¥Ã¥»¡¼¥¸½ç½ø¤Îɸ½à²½¡¢·Ù¹ðʸ¤Î½¼¼Â¤Ê¤É¤Î¤¿¤á |
| SSL 3.0 ¤ò²þÄû¡£</td> |
| <td>- Lynx/2.8+OpenSSL</td></tr> |
| </table> |
| |
| |
| <p><a href="#table4">ɽ4</a>¤Ë¼¨¤µ¤ì¤ë¤È¤ª¤ê¡¢SSL ¥×¥í¥È¥³¥ë¤Ë¤Ï |
| ¤¤¤¯¤Ä¤â¤Î¥Ð¡¼¥¸¥ç¥ó¤¬¤¢¤ê¤Þ¤¹¡£ |
| ɽ¤Ë¤â½ñ¤«¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢SSL 3.0 ¤ÎÍøÅÀ¤Î°ì¤Ä¤Ï |
| ¾ÚÌÀ½ñ³¬Áع½Â¤¤ò¥µ¥Ý¡¼¥È¤¹¤ë¤³¤È¤Ç¤¹¡£ |
| ¤³¤Îµ¡Ç½¤Ë¤è¤Ã¤Æ¡¢¥µ¡¼¥Ð¤Ï¼«Ê¬¤Î¾ÚÌÀ½ñ¤Ë²Ã¤¨¤Æ¡¢ |
| ȯ¹Ô¼Ô¤Î¾ÚÌÀ½ñ¤ò¥Ö¥é¥¦¥¶¤ËÅϤ¹¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| ¾ÚÌÀ½ñ³¬Áع½Â¤¤Ë¤è¤Ã¤Æ¡¢ |
| ¥Ö¥é¥¦¥¶¤Ëȯ¹Ô¼Ô¤Î¾ÚÌÀ½ñ¤¬Ä¾ÀÜÅÐÏ¿¤µ¤ì¤Æ¤¤¤Ê¤¯¤Æ¤â¡¢ |
| ³¬ÁؤÎÃæ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ì¤Ð¡¢ |
| ¥Ö¥é¥¦¥¶¤Ï¥µ¡¼¥Ð¤Î¾ÚÌÀ½ñ¤ò͸ú²½¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| SSL 3.0 ¤Ï¸½ºß Internet Engineering Task Force (IETF) |
| ¤Ë¤è¤Ã¤Æ³«È¯¤µ¤ì¤Æ¤¤¤ë Transport Layer Security |
| [<a href="#TLS1">TLS</a>] ¥×¥í¥È¥³¥ëɸ½àµ¬³Ê¤Î´ðÁäȤʤäƤ¤¤Þ¤¹¡£</p> |
| |
| <h3><a name="session" id="session">¥»¥Ã¥·¥ç¥ó¤Î³ÎΩ</a></h3> |
| |
| <p><a href="#figure1">¿Þ1</a>¤Ç¼¨¤µ¤ì¤ë¤è¤¦¤Ë¡¢ |
| ¥»¥Ã¥·¥ç¥ó¤Î³ÎΩ¤Ï¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Î |
| ¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¤Ë¤è¤Ã¤Æ¹Ô¤Ê¤ï¤ì¤Þ¤¹¡£ |
| ¥µ¡¼¥Ð¤¬¾ÚÌÀ½ñ¤òÄ󶡤¹¤ë¤«¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¾ÚÌÀ½ñ¤ò¥ê¥¯¥¨¥¹¥È¤¹¤ë¤« |
| ¤È¤¤¤¦¥µ¡¼¥Ð¤ÎÀßÄê¤Ë¤è¤ê¡¢¤³¤Î¥·¡¼¥¯¥¨¥ó¥¹¤Ï°Û¤Ê¤ë¤â¤Î¤È¤Ê¤ê¤Þ¤¹¡£ |
| °Å¹æ¾ðÊó¤Î´ÉÍý¤Î¤¿¤á¤Ë¡¢ÄɲäΥϥó¥É¥·¥§¡¼¥¯²áÄø¤¬É¬Íפˤʤë |
| ¾ì¹ç¤â¤¢¤ê¤Þ¤¹¤¬¡¢¤³¤Îµ»ö¤Ç¤Ï |
| ¤è¤¯¤¢¤ë¥·¥Ê¥ê¥ª¤ò¼êû¤ËÀâÌÀ¤·¤Þ¤¹¡£ |
| Á´¤Æ¤Î²ÄǽÀ¤Ë¤Ä¤¤¤Ï¡¢SSL »ÅÍͽñ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</p> |
| |
| <div class="note"><h3>Ãí°Õ</h3> |
| <p>°ìÅÙ SSL ¥»¥Ã¥·¥ç¥ó¤¬³ÎΩ¤¹¤ë¤È¡¢¥»¥Ã¥·¥ç¥ó¤òºÆÍøÍѤ¹¤ë¤³¤È¤Ç¡¢ |
| ¥»¥Ã¥·¥ç¥ó¤ò³«»Ï¤¹¤ë¤¿¤á¤Î¿¤¯¤Î²áÄø¤ò·«¤êÊÖ¤¹¤È¤¤¤¦ |
| ¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤Î»¼º¤òËɤ®¤Þ¤¹¡£ |
| ¤½¤Î¤¿¤á¡¢¥µ¡¼¥Ð¤ÏÁ´¤Æ¤Î¥»¥Ã¥·¥ç¥ó¤Ë°ì°Õ¤Ê¥»¥Ã¥·¥ç¥ó¼±ÊÌ̾¤ò |
| ³ä¤êÅö¤Æ¡¢¥µ¡¼¥Ð¤Ë¥¥ã¥Ã¥·¥å¤·¡¢¥¯¥é¥¤¥¢¥ó¥È¤Ï¼¡²ó¤«¤é |
| (¼±ÊÌ̾¤¬¥µ¡¼¥Ð¤Î¥¥ã¥Ã¥·¥å¤Ç´ü¸ÂÀÚ¤ì¤Ë¤Ê¤ë¤Þ¤Ç¤Ï) |
| ¥Ï¥ó¥É¥·¥§¡¼¥¯¤Ê¤·¤ÇÀܳ¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</p> |
| </div> |
| |
| <p class="figure"> |
| <img src="ssl_intro_fig1.gif" alt="" width="423" height="327" /><br /> |
| <a id="figure1" name="figure1"><dfn>¿Þ1</dfn></a>: SSL |
| ¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹³µÎ¬</p> |
| |
| <p>¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤Ç»È¤ï¤ì¤ë |
| ¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¤ÎÍ×ÁǤò°Ê²¼¤Ë¼¨¤·¤Þ¤¹:</p> |
| |
| <ol> |
| <li>¥Ç¡¼¥¿ÄÌ¿®¤Ë»È¤ï¤ì¤ë°Å¹æ¥¹¥¤¡¼¥È¤Î¼è¤ê·è¤á</li> |
| <li>¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Ç¤Î¥»¥Ã¥·¥ç¥ó¸°¤Î³ÎΩ¤È¶¦Í</li> |
| <li>¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ¹¤ë¥µ¡¼¥Ð¤Îǧ¾Ú</li> |
| <li>¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥µ¡¼¥Ð¤ËÂФ¹¤ë¥¯¥é¥¤¥¢¥ó¥È¤Îǧ¾Ú</li> |
| </ol> |
| |
| <p>Âè°ì¥¹¥Æ¥Ã¥×¤Î°Å¹æ¥¹¥¤¡¼¥È¼è¤ê·è¤á¤Ë¤è¤Ã¤Æ¡¢ |
| ¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤Ï¤½¤ì¤¾¤ì¤Ë¤¢¤Ã¤¿ |
| °Å¹æ¥¹¥¤¡¼¥È¤òÁª¤Ö¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| SSL3.0 ¥×¥í¥È¥³¥ë¤Î»ÅÍͽñ¤Ï 31 ¤Î°Å¹æ¥¹¥¤¡¼¥È¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£ |
| °Å¹æ¥¹¥¤¡¼¥È¤Ï°Ê²¼¤Î¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ë¤è¤êÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹:</p> |
| |
| <ul> |
| <li>¸°¤Î¸ò´¹¼êÃÊ</li> |
| <li>¥Ç¡¼¥¿ÄÌ¿®¤Î°Å¹æ½Ñ</li> |
| <li>Message Authentication Code (MAC) ºîÀ®¤Î¤¿¤á¤Î |
| ¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È</li> |
| </ul> |
| |
| <p>¤³¤ì¤é¤Î»°¤Ä¤ÎÍ×ÁǤϰʲ¼¤Î¥»¥¯¥·¥ç¥ó¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</p> |
| |
| |
| <h3><a name="keyexchange" id="keyexchange">¸°¤Î¸ò´¹¼êÃÊ</a></h3> |
| |
| <p>¸°¤Î¸ò´¹¼êÃʤϥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿ÄÌ¿®¤Ë»È¤ï¤ì¡¢ |
| ¶¦Í¤µ¤ì¤ëÂоΰŹ渰¤ò¤É¤Î¤è¤¦¤Ë¤¬¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð¤Ç |
| ¼è¤ê·è¤á¤ë¤«¤òÄêµÁ¤·¤Þ¤¹¡£ |
| SSL 2.0 ¤Ï RSA ¸°¸ò´¹¤·¤«»È¤¤¤Þ¤»¤ó¤¬¡¢ |
| SSL 3.0 ¤Ï¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤ë¤È¤¤Ï RSA ¸°¸ò´¹¤ò»È¤¤¡¢ |
| ¾ÚÌÀ½ñ¤¬Ìµ¤¯¡¢¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð¤Î»öÁ°¤ÎÄÌ¿®¤¬Ìµ¤¤¾ì¹ç¤Ï |
| Diffie-Hellman ¸°¸ò´¹¤ò»È¤¦ |
| ¤Ê¤ÉÍÍ¡¹¤Ê¸°¸ò´¹¥¢¥ë¥´¥ê¥º¥à¤ò¥µ¥Ý¡¼¥È¤·¤Þ¤¹¡£</p> |
| |
| <p>¸°¤Î¸ò´¹ÊýË¡¤Ë¤ª¤±¤ë°ì¤Ä¤ÎÁªÂò»è¤ÏÅŻҽð̾¤Ç¤¹¡£ |
| ÅŻҽð̾¤ò»È¤¦¤«¤É¤¦¤«¡¢¤Þ¤¿¡¢ |
| ¤É¤Î¼ïÎà¤Î½ð̾¤ò»È¤¦¤«¤È¤¤¤¦ÁªÂò¤¬¤¢¤ê¤Þ¤¹¡£ |
| ÈëÌ©¸°¤Ç½ð̾¤¹¤ë¤³¤È¤Ç¶¦Í¸°¤òÀ¸À®¤¹¤·¡¢¾ðÊó¸ò´¹¤¹¤ë»þ¤Î |
| ¥Þ¥ó¡¦¥¤¥ó¡¦¥¶¡¦¥ß¥É¥ë¹¶·â¤òËɤ°¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ |
| [<a href="#AC96">AC96</a>, p516]</p> |
| |
| |
| <h3><a name="ciphertransfer" id="ciphertransfer">¥Ç¡¼¥¿ÄÌ¿®¤Î°Å¹æ½Ñ</a></h3> |
| |
| <p>SSL ¤Ï¥»¥Ã¥·¥ç¥ó¤Î¥á¥Ã¥»¡¼¥¸¤Î°Å¹æ²½¤ËÁ°½Ò¤·¤¿ |
| ½¾Íè·¿°Å¹æ(ÂоΰŹæ)¤òÍѤ¤¤Þ¤¹¡£ |
| °Å¹æ²½¤·¤Ê¤¤¤È¤¤¤¦ÁªÂò»è¤â´Þ¤á¶å¤Ä¤ÎÁªÂò»è¤¬¤¢¤ê¤Þ¤¹:</p> |
| |
| <ul> |
| <li>°Å¹æ²½¤Ê¤·</li> |
| <li>¥¹¥È¥ê¡¼¥à°Å¹æ |
| <ul> |
| <li>40-bit ¸°¤Ç¤Î RC4</li> |
| <li>128-bit ¸°¤Ç¤Î RC4</li> |
| </ul></li> |
| <li>CBC ¥Ö¥í¥Ã¥¯°Å¹æ |
| <ul><li>40 bit ¸°¤Ç¤Î RC2</li> |
| <li>40 bit ¸°¤Ç¤Î DES</li> |
| <li>56 bit ¸°¤Ç¤Î DES</li> |
| <li>168 bit ¸°¤Ç¤Î Triple-DES</li> |
| <li>Idea (128 bit ¸°)</li> |
| <li>Fortezza (96 bit ¸°)</li> |
| </ul></li> |
| </ul> |
| |
| <p>¤³¤³¤Ç¤Î CBC ¤È¤Ï°Å¹æ¥Ö¥í¥Ã¥¯Ï¢º¿ (Cipher Block Chaining) |
| ¤Îά¤Ç¡¢°ì¤ÄÁ°¤Î°Å¹æ²½¤µ¤ì¤¿°Å¹æʸ¤Î°ìÉô¤¬ |
| ¥Ö¥í¥Ã¥¯¤Î°Å¹æ²½¤Ë»È¤ï¤ì¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ |
| DES ¤Ï¥Ç¡¼¥¿°Å¹æ²½É¸½àµ¬³Ê (Data Encryption Standard) |
| [<a href="#AC96">AC96</a>, ch12] ¤Îά¤Ç¡¢ |
| DES40 ¤ä 3DES_EDE ¤ò´Þ¤à¤¤¤¯¤Ä¤â¤Î¼ïÎब¤¢¤ê¤Þ¤¹¡£ |
| Idea ¤ÏºÇ¹â¤Ê¤â¤Î¤Î°ì¤Ä¤Ç¡¢°Å¹æ½ÑŪ¤Ë¤Ï¸½ºß¤¢¤ëÃæ¤Ç |
| ºÇ¤â¶¯ÎϤʤâ¤Î¤Ç¤¹¡£ |
| RC2 ¤Ï RSA DSI ¤Ë¤è¤ëÆÈÀêŪ¤Ê¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£ |
| [<a href="#AC96">AC96</a>, |
| ch13]</p> |
| |
| |
| <h3><a name="digestfuntion" id="digestfuntion">¥À¥¤¥¸¥§¥¹¥È´Ø¿ô</a></h3> |
| |
| <p> |
| ¥À¥¤¥¸¥§¥¹¥È´Ø¿ô¤ÎÁªÂò¤Ï¥ì¥³¡¼¥É¥æ¥Ë¥Ã¥È¤«¤é¤É¤Î¤è¤¦¤Ë¥À¥¤¥¸¥§¥¹¥È¤¬À¸À®¤µ¤ì¤ë¤«¤ò·èÄꤷ¤Þ¤¹¡£ |
| SSL ¤Ï°Ê²¼¤ò¥µ¥Ý¡¼¥È¤·¤Þ¤¹:</p> |
| |
| <ul> |
| <li>¥À¥¤¥¸¥§¥¹¥È¤Ê¤·</li> |
| <li>MD5 (128-bit ¥Ï¥Ã¥·¥å)</li> |
| <li>Secure Hash Algorithm (SHA-1) (160-bit ¥Ï¥Ã¥·¥å)</li> |
| </ul> |
| |
| <p>¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È¤Ï Message Authentication Code (MAC) |
| ¤ÎÀ¸À®¤Ë»È¤ï¤ì¡¢¥á¥Ã¥»¡¼¥¸¤È¶¦¤Ë°Å¹æ²½¤µ¤ì¡¢¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤò |
| Ä󶡤·¡¢¥ê¥×¥ì¥¤¹¶·â¤òËɤ®¤Þ¤¹¡£</p> |
| |
| |
| <h3><a name="handshake" id="handshake">¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¥×¥í¥È¥³¥ë</a></h3> |
| |
| <p>¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¤Ï»°¤Ä¤Î¥×¥í¥È¥³¥ë¤ò»È¤¤¤Þ¤¹:</p> |
| |
| <ul> |
| <li><dfn>SSL ¥Ï¥ó¥É¥·¥§¡¼¥¯¥×¥í¥È¥³¥ë</dfn>¤Ï |
| ¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Ç¤Î SSL ¥»¥Ã¥·¥ç¥ó¤Î³ÎΩ¤Ë»È¤ï¤ì¤Þ¤¹¡£</li> |
| <li><dfn>SSL °Å¹æ»ÅÍÍÊѹ¹¥×¥í¥È¥³¥ë</dfn>¤Ï |
| ¥»¥Ã¥·¥ç¥ó¤Ç¤Î°Å¹æ¥¹¥¤¡¼¥È¤Î¼è¤ê·è¤á¤Ë»È¤ï¤ì¤Þ¤¹¡£</li> |
| <li><dfn>SSL ·Ù¹ð¥×¥í¥È¥³¥ë</dfn>¤Ï |
| ¥¯¥é¥¤¥¢¥ó¥È¥µ¡¼¥Ð´Ö¤Ç SSL ¥¨¥é¡¼¤òÅÁ㤹¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£</li> |
| </ul> |
| |
| <p>»°¤Ä¤Î¥×¥í¥È¥³¥ë¤Ï¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥×¥í¥È¥³¥ë¥Ç¡¼¥¿¤È¤È¤â¤Ë¡¢ |
| <a href="#figure2">¿Þ2</a>¤Ë¼¨¤¹¤È¤ª¤ê <dfn>SSL ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë</dfn> |
| ¤Ç¥«¥×¥»¥ë²½¤µ¤ì¤Þ¤¹¡£ |
| ¥«¥×¥»¥ë²½¤µ¤ì¤¿¥×¥í¥È¥³¥ë¤Ï¥Ç¡¼¥¿¤ò¸¡ºº¤·¤Ê¤¤ |
| ²¼ÁؤΥץí¥È¥³¥ë¤Ë¤è¤Ã¤Æ¥Ç¡¼¥¿¤È¤·¤ÆÅÁ㤵¤ì¤Þ¤¹¡£ |
| ¥«¥×¥»¥ë²½¤µ¤ì¤¿¥×¥í¥È¥³¥ë¤Ï²¼ÁؤΥץí¥È¥³¥ë¤Ë´Ø¤·¤Æ°ìÀÚ´ØÃΤ·¤Þ¤»¤ó¡£</p> |
| |
| <p class="figure"> |
| <img src="ssl_intro_fig2.gif" alt="" width="428" height="217" /><br /> |
| <a id="figure2" name="figure2"><dfn>¿Þ2</dfn></a>: SSL ¥×¥í¥È¥³¥ë¥¹¥¿¥Ã¥¯ |
| </p> |
| |
| <p> |
| ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë¤Ë¤è¤ë SSL ¥³¥ó¥È¥í¡¼¥ë¥×¥í¥È¥³¥ë¤Î¥«¥×¥»¥ë²½¤Ï¡¢ |
| ¥¢¥¯¥Æ¥£¥Ö¤Ê¥»¥Ã¥·¥ç¥ó¤ÎÆó²óÌܤÎÄÌ¿®¤¬¤¢¤Ã¤¿¾ì¹ç¡¢ |
| ¥³¥ó¥È¥í¡¼¥ë¥×¥í¥È¥³¥ë¤¬°ÂÁ´¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ |
| ´û¤Ë¥»¥Ã¥·¥ç¥ó¤¬Ìµ¤¤¾ì¹ç¤Ï¡¢Null °Å¹æ¥¹¥¤¡¼¥È¤¬»È¤ï¤ì¡¢ |
| °Å¹æ²½¤Ï¹Ô¤Ê¤ï¤ì¤º¡¢¥»¥Ã¥·¥ç¥ó¤¬³ÎΩ¤¹¤ë¤Þ¤Ç¤Ï |
| ¥À¥¤¥¸¥§¥¹¥È¤â̵¤¤¾õÂ֤Ȥʤê¤Þ¤¹¡£</p> |
| |
| |
| <h3><a name="datatransfer" id="datatransfer">¥Ç¡¼¥¿ÄÌ¿®</a></h3> |
| |
| <p><a href="#figure3">¿Þ3</a>¤Ë¼¨¤µ¤ì¤ë SSL ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë |
| ¤Ï¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ä |
| SSL ¥³¥ó¥È¥í¡¼¥ë¥Ç¡¼¥¿¤ÎÄÌ¿®¤Ë»È¤ï¤ì¤Þ¤¹¡£ |
| ¤³¤Î¥Ç¡¼¥¿¤Ï¤è¤ê¾®¤µ¤¤¥æ¥Ë¥Ã¥È¤Ëʬ¤±¤é¤ì¤¿¤ê¡¢ |
| ¤¤¤¯¤Ä¤«¤Î¹âµé¥×¥í¥È¥³¥ë¤ò¤Þ¤È¤á¤Æ°ì¥æ¥Ë¥Ã¥È¤È¤·¤ÆÄÌ¿®¤¬ |
| ¹Ô¤Ê¤ï¤ì¤ë¤³¤È¤â¤¢¤ê¤Þ¤¹¡£ |
| ¥Ç¡¼¥¿¤ò°µ½Ì¤·¡¢¥À¥¤¥¸¥§¥¹¥È½ð̾¤òźÉÕ¤·¤Æ¡¢ |
| ¤³¤ì¤é¤Î¥æ¥Ë¥Ã¥È¤ò°Å¹æ²½¤·¤¿¤Î¤Á¡¢¥Ù¡¼¥¹¤È¤Ê¤Ã¤Æ¤¤¤ë |
| ¿®ÍêÀ¤Î¤¢¤ë¥È¥é¥ó¥¹¥Ý¡¼¥È¥×¥í¥È¥³¥ë¤òÍѤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£ |
| (Ãí°Õ: ¸½ºß¥á¥¸¥ã¡¼¤Ê SLL ¼ÂÁõ¤Ç°µ½Ì¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¤â¤Î¤Ï¤¢¤ê¤Þ¤»¤ó)</p> |
| |
| <p class="figure"> |
| <img src="ssl_intro_fig3.gif" alt="" width="423" height="323" /><br /> |
| <a id="figure3" name="figure3"><dfn>¿Þ 3</dfn></a>: SSL ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë |
| </p> |
| |
| |
| <h3><a name="securehttp" id="securehttp">HTTP ÄÌ¿®¤Î°ÂÁ´²½</a></h3> |
| |
| <p>¤è¤¯¤¢¤ë SSL ¤Î»È¤¤Êý¤Ï¥Ö¥é¥¦¥¶¤È¥¦¥§¥Ö¥µ¡¼¥Ð´Ö¤Î HTTP ÄÌ¿® |
| ¤Î°ÂÁ´²½¤Ç¤¹¡£ |
| ¤³¤ì¤Ï¡¢½¾Íè¤Î°ÂÁ´¤Ç¤Ï¤Ê¤¤ HTTP ¤Î»ÈÍѤò½ü³°¤¹¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ |
| °ÂÁ´²½¤µ¤ì¤¿¤â¤Î¤Ï¼ç¤Ë SSH ¾å¤ÎÉáÄ̤ΠHTTP ¤Ç¡¢HTTPS ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£ |
| Â礤ʰ㤤¤Ï¡¢URL ¥¹¥¡¼¥à¤Ë <code>http</code> ¤ÎÂå¤ï¤ê¤Ë <code>https</code> |
| ¤òÍѤ¤¡¢¥µ¡¼¥Ð¤¬Ê̤Υݡ¼¥È¤ò»È¤¦¤³¤È¤Ç¤¹ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï443)¡£ |
| ¤³¤ì¤¬¼ç¤Ë <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ¤¬ Apache ¥¦¥§¥Ö¥µ¡¼¥Ð¤ËÄ󶡤¹¤ëµ¡Ç½¤Ç¤¹¡£</p> |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="references" id="references">»²¹Íʸ¸¥</a></h2> |
| |
| <dl> |
| <dt><a id="AC96" name="AC96">[AC96]</a></dt> |
| <dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley, |
| 1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce |
| Schneier.</dd> |
| |
| <dt><a id="X208" name="X208">[X208]</a></dt> |
| <dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation |
| One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>. |
| </dd> |
| |
| <dt><a id="X509" name="X509">[X509]</a></dt> |
| <dd>ITU-T Recommendation X.509, <q>The Directory - Authentication |
| Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>. |
| </dd> |
| |
| <dt><a id="PKCS" name="PKCS">[PKCS]</a></dt> |
| <dd><q>Public Key Cryptography Standards (PKCS)</q>, |
| RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd> |
| |
| <dt><a id="MIME" name="MIME">[MIME]</a></dt> |
| <dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions |
| (MIME) Part One: Format of Internet Message Bodies</q>, RFC2045. |
| See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd> |
| |
| <dt><a id="SSL2" name="SSL2">[SSL2]</a></dt> |
| <dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd> |
| |
| <dt><a id="SSL3" name="SSL3">[SSL3]</a></dt> |
| <dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol |
| Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd> |
| |
| <dt><a id="TLS1" name="TLS1">[TLS1]</a></dt> |
| <dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>, |
| 1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd> |
| </dl> |
| </div></div> |
| <div class="bottomlang"> |
| <p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> | |
| <a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p> |
| </div><div id="footer"> |
| <p class="apache">Copyright 1999-2004 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> |
| <p class="menu"><a href="../mod/">¥â¥¸¥å¡¼¥ë</a> | <a href="../mod/directives.html">¥Ç¥£¥ì¥¯¥Æ¥£¥Ö</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">ÍѸì</a> | <a href="../sitemap.html">¥µ¥¤¥È¥Þ¥Ã¥×</a></p></div> |
| </body></html> |