Google Git
Sign in
apache / httpd / e3ef65c808091b7f52cd559a5ba10d4048931f7a / . / docs / manual / ssl / ssl_intro.html.ja.euc-jp
blob: d75c135920e23e57dadd44d52987726dfc217535 [file] [log] [blame]
<?xml version="1.0" encoding="EUC-JP"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>SSL/TLS °Å¹æ²½: ¤Ï¤¸¤á¤Ë - Apache HTTP ¥µ¡¼¥Ð</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="../mod/">¥â¥¸¥å¡¼¥ë</a> | <a href="../mod/directives.html">¥Ç¥£¥ì¥¯¥Æ¥£¥Ö</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">ÍѸì</a> | <a href="../sitemap.html">¥µ¥¤¥È¥Þ¥Ã¥×</a></p>
<p class="apache">Apache HTTP ¥µ¡¼¥Ð ¥Ð¡¼¥¸¥ç¥ó 2.1</p>
<img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP ¥µ¡¼¥Ð</a> &gt; <a href="http://httpd.apache.org/docs-project/">¥É¥­¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó</a> &gt; <a href="../">¥Ð¡¼¥¸¥ç¥ó 2.1</a> &gt; <a href="./">SSL/TLS</a></div><div id="page-content"><div id="preamble"><h1>SSL/TLS °Å¹æ²½: ¤Ï¤¸¤á¤Ë</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
<a href="../ja/ssl/ssl_intro.html" title="Japanese">&nbsp;ja&nbsp;</a></p>
</div>
<blockquote>
<p>ɸ½àµ¬³Ê¤ÎÎɤ¤½ê¤Ï¡¢¤¿¤¯¤µ¤ó¤Îµ¬³Ê¤«¤éÁª¤Ù¤ë¤È¤¤¤¦¤³¤È¤À¡£
¤½¤·¤Æ¡¢¤â¤·ËÜÅö¤Ë¤É¤Îµ¬³Ê¤âµ¤¤ËÆþ¤é¤Ê¤±¤ì¤Ð¡¢
°ìǯÂԤĤÀ¤±¤Çõ¤·¤Æ¤¤¤¿µ¬³Ê¤¬¸½¤ì¤ë¡£</p>
<p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to
Computer Networks"</p>
</blockquote>
<p>
ÆþÌç¤È¤¤¤¦¤³¤È¤Ç¡¢¤³¤Î¾Ï¤Ï Web¡¢HTTP¡¢Apache ¤ËÄ̤¸¤Æ¤¤¤ë
ÆɼԸþ¤±¤Ç¤¹¤¬¡¢¥»¥­¥å¥ê¥Æ¥£ÀìÌç²È¸þ¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
SSL ¥×¥í¥È¥³¥ë¤Î·èÄêŪ¤Ê¼ê°ú¤­¤Ç¤¢¤ë¤Ä¤â¤ê¤Ï¤¢¤ê¤Þ¤»¤ó¡£
¤Þ¤¿¡¢ÁÈ¿¥Æâ¤Îǧ¾Ú´ÉÍý¤Î¤¿¤á¤ÎÆÃÄê¤Î¥Æ¥¯¥Ë¥Ã¥¯¤ä¡¢
Æõö¤äÍ¢½Ðµ¬À©¤Ê¤É¤Î½ÅÍפÊˡŪ¤ÊÌäÂê¤Ë¤Ä¤¤¤Æ¤â°·¤¤¤Þ¤»¤ó¡£
¤à¤·¤í¡¢¹¹¤Ê¤ë¸¦µæ¤Ø¤Î½ÐȯÅÀ¤È¤·¤Æ¿§¡¹¤Ê³µÇ°¡¢ÄêµÁ¡¢Îã¤òʤ٤뤳¤È¤Ç
mod_ssl ¤Î¥æ¡¼¥¶¤Ë´ðÁÃÃ챤òÄ󶡤¹¤ë»ö¤òÌÜŪ¤È¤·¤Æ¤¤¤Þ¤¹¡£</p>
<p>¤³¤³¤Ë¼¨¤µ¤ì¤¿ÆâÍƤϼç¤Ë¡¢¸¶Ãø¼Ô¤Îµö²Ä¤Î²¼
The Open Group Research Institute ¤Î <a href="http://home.earthlink.net/~fjhirsch/">Frederick J. Hirsch</a>
»á¤Îµ­»ö <a href="http://home.earthlink.net/~fjhirsch/Papers/wwwj/article.html">
Introducing SSL and Certificates using SSLeay</a> ¤ò´ð¤Ë¤·¤Æ¤¤¤Þ¤¹¡£
»á¤Îµ­»ö¤Ï <a href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of
Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997
¤Ë·ÇºÜ¤µ¤ì¤Þ¤·¤¿¡£
¹ÎÄêŪ¤Ê°Õ¸«¤Ï <a href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> »á
(¸µµ­»ö¤ÎÃø¼Ô) ¤ØÁ´¤Æ¤Î¶ì¾ð¤Ï <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ¤Îºî¼Ô) ¤Ø¤ª´ê¤¤¤·¤Þ¤¹¡£
[ÌõÃí: Ìõ¤Ë¤Ä¤¤¤Æ¤Ï <a href="mailto:apache-docs@ml.apache.or.jp">
Apache ¥É¥­¥å¥á¥ó¥ÈËÝÌõ¥×¥í¥¸¥§¥¯¥È</a>
¤Ø¤ª´ê¤¤¤·¤Þ¤¹¡£]</p>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#cryptographictech">°Å¹æ²½µ»½Ñ</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#certificates">¾ÚÌÀ½ñ</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ssl">Secure Sockets Layer (SSL)</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#references">»²¹Íʸ¸¥</a></li>
</ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="cryptographictech" id="cryptographictech">°Å¹æ²½µ»½Ñ</a></h2>
<p>SSL ¤òÍý²ò¤¹¤ë¤Ë¤Ï¡¢°Å¹æ¥¢¥ë¥´¥ê¥º¥à¡¢
¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È´Ø¿ô(ÊÌ̾: °ìÊý¸þ´Ø¿ô¡¢¥Ï¥Ã¥·¥å´Ø¿ô)¡¢
ÅŻҽð̾¤Ê¤É¤Ø¤ÎÍý²ò¤¬É¬ÍפǤ¹¡£
¤³¤ì¤é¤Îµ»½Ñ¤ÏËܤ¬´Ý¤´¤ÈɬÍפÊÂêÌܤÇ
(Î㤨¤Ð [<a href="#AC96">AC96</a>] ¤ò»²¾È)¡¢
¥×¥é¥¤¥Ð¥·¡¼¡¢¿®ÍÑ¡¢Ç§¾Ú¤Ê¤É¤Îµ»½Ñ¤Î´ðÁäȤʤäƤ¤¤Þ¤¹¡£</p>
<h3><a name="cryptographicalgo" id="cryptographicalgo">°Å¹æ¥¢¥ë¥´¥ê¥º¥à</a></h3>
<p>Î㤨¤Ð¡¢¥¢¥ê¥¹¤¬Á÷¶â¤Î¤¿¤á¤Ë¶ä¹Ô¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ê¤¿¤¤¤È¤·¤Þ¤¹¡£
¸ýºÂÈÖ¹æ¤äÁ÷¶â¤Î¶â³Û¤¬´Þ¤Þ¤ì¤ë¤¿¤á¡¢
¥¢¥ê¥¹¤Ï¤½¤Î¥á¥Ã¥»¡¼¥¸¤òÈëÌ©¤Ë¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
²ò·èÊýË¡¤Î°ì¤Ä¤Ï°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤ò»È¤Ã¤Æ¡¢¥á¥Ã¥»¡¼¥¸¤ò
Æɤޤ»¤¿¤¤¿Í°Ê³°¤ÏÆɤळ¤È¤¬¤Ç¤­¤Ê¤¤°Å¹æ²½¤µ¤ì¤¿
·ÁÂÖ¤ËÊѤ¨¤Æ¤·¤Þ¤¦¤³¤È¤Ç¤¹¡£
¤½¤Î·ÁÂ֤ˤʤë¤È¡¢
¥á¥Ã¥»¡¼¥¸¤ÏÈëÌ©¤Î¸°¤Ë¤è¤Ã¤Æ¤Î¤ß²ò¼á¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
¸°¤Ê¤·¤Ç¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤ÏÌò¤ËΩ¤Á¤Þ¤»¤ó¡£
Îɤ¤°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢¿¯Æþ¼Ô¤¬¸µ¤Î¥Æ¥­¥¹¥È¤ò²òÆɤ¹¤ë¤³¤È¤ò
Èó¾ï¤ËÆñ¤·¤¯¤¹¤ë¤¿¤á¡¢ÅØÎϤ¬³ä¤Ë¹ç¤ï¤Ê¤¯¤µ¤»¤Þ¤¹¡£</p>
<p>°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ë¤Ï
½¾Íè·¿¤È¸ø³«¸°¤ÎÆó¤Ä¤Î¼ïÎब¤¢¤ê¤Þ¤¹¡£</p>
<dl>
<dt>½¾Íè·¿°Å¹æ</dt>
<dd>ÂоΰŹæ¤È¤·¤Æ¤âÃΤé¤ì¡¢
Á÷¿®¼Ô¤È¼õ¿®¼Ô¤¬¸°¤ò¶¦Í­¤¹¤ë¤³¤È¤¬É¬ÍפǤ¹¡£
¸°¤È¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤ò°Å¹æ²½¤·¤¿¤êÉü¹æ¤¹¤ë¤Î¤Ë»È¤ï¤ì¤ëÈëÌ©
¤Î¾ðÊó¤Î¤³¤È¤Ç¤¹¡£
¤â¤·¡¢¤³¤Î¸°¤¬ÈëÌ©¤Ê¤é¡¢Á÷¿®¼Ô¤È¼õ¿®¼Ô°Ê³°¤Ïï¤â¥á¥Ã¥»¡¼¥¸¤òÆÉ
¤à¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£
¤â¤·¤â¡¢¥¢¥ê¥¹¤È¶ä¹Ô¤¬ÈëÌ©¤Î¸°¤òÃΤäƤ¤¤ë¤Ê¤é¡¢
Èà¤é¤Ï¤ª¸ß¤¤¤ËÈëÌ©¤Î¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ë¤³¤È¤¬¤Ç¤­¤ë¤Ç¤·¤ç¤¦¡£
¤¿¤À¤·¡¢»öÁ°¤ËÆâÌ©¤Ë¸°¤òÁª¤Ö¤È¤¤¤¦»Å»ö¤ÏÌäÂê¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£</dd>
<dt>¸ø³«¸°°Å¹æ</dt>
<dd>ÈóÂоΰŹæ¤È¤·¤Æ¤âÃΤé¤ì¡¢
¥á¥Ã¥»¡¼¥¸¤ò°Å¹æ²½¤¹¤ë¤³¤È¤Î¤Ç¤­¤ëÆó¤Ä¤Î¸°
¤ò»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤òÄêµÁ¤¹¤ë¤³¤È¤Ç¸°¤Î¤ä¤ê¼è¤ê¤ÎÌäÂê¤ò²ò·è
¤·¤Þ¤¹¡£
¤â¤·¡¢¤¢¤ë¸°¤¬°Å¹æ²½¤Ë»È¤ï¤ì¤¿¤Ê¤é¡¢
¤â¤¦ÊÒÊý¤Î¸°¤ÇÉü¹æ¤·¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£
¤³¤ÎÊý¼°¤Ë¤è¤Ã¤Æ¡¢°ì¤Ä¤Î¸°¤ò¸øɽ¤·¤Æ(¸ø³«¸°)¡¢
¤â¤¦ÊÒÊý¤òÈëÌ©¤Ë¤·¤Æ¤ª¤¯(ÈëÌ©¸°)¤À¤±¤Ç¡¢
°ÂÁ´¤Ê¥á¥Ã¥»¡¼¥¸¤ò¼õ¤±¼è¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</dd>
</dl>
<p>ï¤â¤¬°Å¹æ²½¤µ¤ì¤¿¥á¥Ã¥»¡¼¥¸¤ò¸ø³«¸°¤Ë¤è¤Ã¤Æ°Å¹æ²½
¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¤¬¡¢ÈëÌ©¸°¤Î»ý¤Á¼ç¤À¤±¤¬¤½¤ì¤òÆɤळ¤È¤¬
¤Ç¤­¤Þ¤¹¡£
¤³¤ÎÊýË¡¤Ç¡¢¶ä¹Ô¤Î¸ø³«¸°¤ò»È¤Ã¤Æ°Å¹æ²½¤¹¤ë¤³¤È¤Ç¡¢
¥¢¥ê¥¹¤ÏÈëÌ©¤Î¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
¶ä¹Ô¤Î¤ß¤¬Éü¹æ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</p>
<h3><a name="messagedigests" id="messagedigests">¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È</a></h3>
<p>¥¢¥ê¥¹¤Ï¥á¥Ã¥»¡¼¥¸¤òÈëÌ©¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¤¬¡¢
狼¤¬Î㤨¤Ð¼«Ê¬¤ËÁ÷¶â¤¹¤ë¤è¤¦¤Ë¥á¥Ã¥»¡¼¥¸¤òÊѹ¹¤·¤¿¤ê¡¢
Ê̤Τâ¤Î¤ËÃÖ¤­´¹¤¨¤Æ¤·¤Þ¤¦¤«¤â¤·¤ì¤Ê¤¤¤È¤¤¤¦ÌäÂ꤬¤¢¤ê¤Þ¤¹¡£
¥¢¥ê¥¹¤Î¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤòÊݾڤ¹¤ëÊýË¡¤Î°ì¤Ä¤Ï¡¢
¥á¥Ã¥»¡¼¥¸¤Î´Ê·é¤Ê¥À¥¤¥¸¥§¥¹¥È¤òºî¤Ã¤Æ¡¢¤½¤ì¤â¶ä¹Ô¤ËÁ÷¤ë¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£
¥á¥Ã¥»¡¼¥¸¤ò¼õ¤±¼è¤ë¤È¶ä¹Ô¤â¥À¥¤¥¸¥§¥¹¥È¤òºîÀ®¤·¡¢
¥¢¥ê¥¹¤¬Á÷¤Ã¤¿¤â¤Î¤ÈÈæ¤Ù¤Þ¤¹¡£¤â¤·°ìÃפ·¤¿¤Ê¤é¡¢
¼õ¤±¼è¤Ã¤¿¥á¥Ã¥»¡¼¥¸¤Ï̵½ý¤À¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</p>
<p>¤³¤Î¤è¤¦¤ÊÍ×Ìó¤Ï<dfn>¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È</dfn>¡¢
<em>°ìÊý¹Ô´Ø¿ô</em>¡¢¤Þ¤¿¤Ï<em>¥Ï¥Ã¥·¥å´Ø¿ô</em>¤È¸Æ¤Ð¤ì¤Þ¤¹¡£
¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È¤ÏŤ¤²ÄÊÑĹ¤Î¥á¥Ã¥»¡¼¥¸¤«¤é
û¤¤¸ÇÄêŤÎɽ¸½¤òºî¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£
¥À¥¤¥¸¥§¥¹¥È¥¢¥ë¥´¥ê¥º¥à¤Ï¥á¥Ã¥»¡¼¥¸¤«¤é
°ì°Õ¤Ê¥À¥¤¥¸¥§¥¹¥È¤òÀ¸À®¤¹¤ë¤è¤¦¤Ëºî¤é¤ì¤Æ¤¤¤Þ¤¹¡£
¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È¤Ï¥À¥¤¥¸¥§¥¹¥È¤«¤é¸µ¤Î¥á¥Ã¥»¡¼¥¸¤ò
ȽÄꤹ¤ë¤Î¤¬¤È¤Æ¤âÆñ¤·¤¤¤è¤¦¤Ë¤Ç¤­¤Æ¤¤¤Þ¤¹¡£
¤Þ¤¿¡¢Æ±¤¸Í×Ìó¤òºîÀ®¤¹¤ëÆó¤Ä¤Î¥á¥Ã¥»¡¼¥¸¤òõ¤¹¤Î¤ÏÉÔ²Äǽ¤Ç¤¹¡£
¤è¤Ã¤Æ¡¢Æ±¤¸Í×Ìó¤ò»È¤Ã¤Æ¥á¥Ã¥»¡¼¥¸¤òÃÖ¤­´¹¤¨¤ë¤È¤¤¤¦
²ÄǽÀ­¤òÇÓ½ü¤·¤Æ¤¤¤Þ¤¹¡£</p>
<p>¥¢¥ê¥¹¤Ø¤Î¤â¤¦°ì¤Ä¤ÎÌäÂê¤Ï¡¢¤³¤Î¥À¥¤¥¸¥§¥¹¥È¤ò°ÂÁ´¤ËÁ÷¤ëÊýË¡¤òõ¤¹¤³¤È¤Ç¤¹¡£
¤³¤ì¤¬¤Ç¤­¤ì¤Ð¡¢¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤ¬Êݾڤµ¤ì¤Þ¤¹¡£
°ì¤Ä¤ÎÊýË¡¤Ï¤³¤Î¥À¥¤¥¸¥§¥¹¥È¤ËÅŻҽð̾¤ò´Þ¤à¤³¤È¤Ç¤¹¡£</p>
<h3><a name="digitalsignatures" id="digitalsignatures">ÅŻҽð̾</a></h3>
<p>¥¢¥ê¥¹¤¬¶ä¹Ô¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤Ã¤¿¤È¤­¡¢¶ä¹Ô¤Ï¡¢
¿¯Æþ¼Ô¤¬Èà½÷¤Ë¤Ê¤ê¤¹¤Þ¤·¤ÆÈà½÷¤Î¸ýºÂ¤Ø¤Î¼è°ú¤ò¿½ÀÁ¤·¤Æ¤¤¤Ê¤¤¤«¡¢
¥á¥Ã¥»¡¼¥¸¤¬ËÜÅö¤ËÈà½÷¤«¤é¤Î¤â¤Î¤«³Î¼Â¤Ëʬ¤«¤é¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£
¥¢¥ê¥¹¤Ë¤è¤Ã¤ÆºîÀ®¤µ¤ì¡¢¥á¥Ã¥»¡¼¥¸¤Ë´Þ¤Þ¤ì¤¿
<em>ÅŻҽð̾</em>¤¬¤³¤³¤ÇÌò¤ËΩ¤Á¤Þ¤¹¡£</p>
<p>ÅŻҽð̾¤Ï¥á¥Ã¥»¡¼¥¸¤Î¥À¥¤¥¸¥§¥¹¥È¤ä¤½¤Î¾¤Î¾ðÊó(½èÍýÈÖ¹æ¤Ê¤É)¤ò
Á÷¿®¼Ô¤ÎÈëÌ©¸°¤Ç°Å¹æ²½¤¹¤ë¤³¤È¤Çºî¤é¤ì¤Þ¤¹¡£
ï¤â¤¬¸ø³«¸°¤ò»È¤Ã¤Æ½ð̾¤ò<em>Éü¹æ</em>¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¤¬¡¢
½ð̾¼Ô¤Î¤ß¤¬ÈëÌ©¸°¤òÃΤäƤ¤¤Þ¤¹¡£
¤³¤ì¤Ï¡¢Èà¤é¤Î¤ß¤¬½ð̾¤·¤¨¤¿¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
¥À¥¤¥¸¥§¥¹¥È¤òÅŻҽð̾¤Ë´Þ¤à¤³¤È¤Ï¡¢
¤½¤Î½ð̾¤¬¤½¤Î¥á¥Ã¥»¡¼¥¸¤Î¤ß¤ËÍ­¸ú¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
¤³¤ì¤Ï¡¢Ã¯¤â¥À¥¤¥¸¥§¥¹¥È¤òÊѤ¨¤Æ½ð̾¤ò¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¤¿¤á¡¢
¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤâÊݾڤ·¤Þ¤¹¡£</p>
<p>¿¯Æþ¼Ô¤¬½ð̾¤ò˵¼õ¤·¤Æ¸åÆü¤ËºÆÍøÍѤ¹¤ë¤Î¤òËɤ°¤¿¤á
ÅŻҽð̾¤Ë¤Ï°ì°Õ¤Ê½èÍýÈֹ椬´Þ¤Þ¤ì¤Þ¤¹¡£
¤³¤ì¤Ï¡¢¥¢¥ê¥¹¤¬¤½¤ó¤Ê¥á¥Ã¥»¡¼¥¸¤ÏÁ÷¤Ã¤Æ¤¤¤Ê¤¤¤È¸À¤¦º¾µ½
¤«¤é¶ä¹Ô¤ò¼é¤ê¤Þ¤¹¡£
Èà½÷¤À¤±¤¬½ð̾¤·¤¨¤¿¤«¤é¤Ç¤¹¡£(ÈÝǧËÉ»ß)</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="certificates" id="certificates">¾ÚÌÀ½ñ</a></h2>
<p>¥¢¥ê¥¹¤ÏÈëÌ©¤Î¥á¥Ã¥»¡¼¥¸¤ò¶ä¹Ô¤ËÁ÷¤ê¡¢
½ð̾¤ò¤·¤Æ¡¢¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤòÊݾڤ¹¤ë¤³¤È¤¬¤Ç¤­¤ë¤ª¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¤¬¡¢
ÄÌ¿®¤·¤Æ¤¤¤ëÁê¼ê¤¬ËÜÅö¤Ë¶ä¹Ô¤Ê¤Î¤«³Î¤«¤á¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
¤³¤ì¤Ï¡¢Èà½÷¤¬»È¤¦¸ø³«¸°¤¬¶ä¹Ô¤ÎÈëÌ©¸°¤ÈÂФˤʤäƤ¤¤ë¤â¤Î¤«¡¢
Èà½÷¤Ï³Î¤«¤á¤Ê¤¯¤Æ¤Ï¤¤¤±¤Ê¤¤¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
ƱÍͤˡ¢¶ä¹Ô¤Ï¥á¥Ã¥»¡¼¥¸¤Î½ð̾¤¬ËÜÅö¤Ë¥¢¥ê¥¹¤Î½ð̾¤«³Îǧ¤¹¤ëɬÍפ¬
¤¢¤ê¤Þ¤¹¡£</p>
<p>¤â¤·Î¾¼Ô¤Ë¿È¸µ¤ò¾ÚÌÀ¤·¡¢¸ø³«¸°¤ò³Îǧ¤·¡¢¤Þ¤¿¿®Íꤵ¤ì¤¿µ¡´Ø¤¬½ð̾
¤·¤¿¾ÚÌÀ½ñ¤¬¤¢¤ì¤Ð¡¢Î¾¼Ô¤È¤âÄÌ¿®Áê¼ê¤Ë¤Ä¤¤¤ÆÀµ¤·¤¤Áê¼ê¤À¤È
³Î¿®¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
¤½¤Î¤è¤¦¤Ê¿®Íꤵ¤ì¤¿µ¡´Ø¤Ï<em>ǧ¾Ú¶É</em>
(Certificate Authority ¤Þ¤¿¤Ï CA) ¤È¸Æ¤Ð¤ì¡¢
¾ÚÌÀ½ñ (certificate) ¤¬Ç§¾Ú (authentication) ¤Ë»È¤ï¤ì¤Þ¤¹¡£</p>
<h3><a name="certificatecontents" id="certificatecontents">¾ÚÌÀ½ñ¤ÎÆâÍÆ</a></h3>
<p>¾ÚÌÀ½ñ¤Ï¸ø³«¸°¤È¸Ä¿Í¡¢¥µ¡¼¥Ð¡¢¤½¤Î¾¤Î¼çÂΤμºߤοȸµ¤ò
´ØÏ¢ÉÕ¤±¤Þ¤¹¡£
<a href="#table1">ɽ1</a>¤Ë¼¨¤µ¤ì¤ë¤è¤¦¤Ë¾ÚÌÀÂоݤξðÊó¤Ï
¿È¸µ¾ÚÌÀ¤Î¾ðÊó(¼±ÊÌ̾)¤È¸ø³«¸°¤¬´Þ¤Þ¤ì¤Þ¤¹¡£
¾ÚÌÀ½ñ¤Ï¤Þ¤¿¡¢Ç§¾Ú¶É¤Î¿È¸µ¾ÚÌÀ¤È½ð̾¡¢¤½¤·¤Æ¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤ò
´Þ¤ß¤Þ¤¹¡£
¥·¥ê¥¢¥ë¥Ê¥ó¥Ð¡¼¤Ê¤É¤Îǧ¾Ú¶É¤Î´ÉÍý¾å¤Î¾ðÊó¤ä
¤½¤Î¾¤ÎÄɲäξðÊ󤬴ޤޤì¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</p>
<h4><a name="table1" id="table1">ɽ1: ¾ÚÌÀ½ñ¾ðÊó</a></h4>
<table>
<tr><th>¾ÚÌÀÂоÝ</th>
<td>¼±ÊÌ̾¡¢¸ø³«¸°</td></tr>
<tr><th>ȯ¹Ô¼Ô</th>
<td>¼±ÊÌ̾¡¢¸ø³«¸°</td></tr>
<tr><th>Í­¸ú´ü´Ö</th>
<td>³«»ÏÆü¡¢¼º¸úÆü</td></tr>
<tr><th>´ÉÍý¾ðÊó</th>
<td>¥Ð¡¼¥¸¥ç¥ó¡¢¥·¥ê¥¢¥ë¥Ê¥ó¥Ð¡¼</td></tr>
<tr><th>³ÈÄ¥¾ðÊó</th>
<td>´ðËÜŪ¤ÊÀ©Ì󡢥ͥåȥ¹¥±¡¼¥×¥Õ¥é¥Ã¥°¡¢¤½¤Î¾</td></tr>
</table>
<p>¼±ÊÌ̾(¥Ç¥£¥¹¥Æ¥£¥ó¥°¥¤¥Ã¥·¥å¡¦¥Í¡¼¥à)¤ÏÆÃÄê¤Î¾õ¶·¤Ë¤ª¤±¤ë
¿Èʬ¾ÚÌÀ¤òÄ󶡤¹¤ë¤Î¤Ë»È¤ï¤ì¤Æ¤¤¤Þ¤¹¡£Î㤨¤Ð¡¢¤¢¤ë¿Í¤Ï
»äÍѤȲñ¼Ò¤È¤ÇÊÌ¡¹¤Î¿Èʬ¾ÚÌÀ¤ò»ý¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¼±ÊÌ̾¤Ï X.509 ɸ½àµ¬³Ê [<a href="#X509">X509</a>] ¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
X.509 ɸ½àµ¬³Ê¤Ï¡¢¹àÌÜ¡¢¹àÌÜ̾¡¢¤½¤·¤Æ¹àÌܤÎά¾Î¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£(<a href="#table2">ɽ
2</a> »²¾È)</p>
<h4><a name="table2" id="table2">ɽ 2: ¼±ÊÌ̾¾ðÊó</a></h4>
<table class="bordered">
<tr><th>¼±ÊÌ̾¹àÌÜ</th>
<th>ά¾Î</th>
<th>ÀâÌÀ</th>
<th>Îã</th></tr>
<tr><td>Common Name (¥³¥â¥ó¥Í¡¼¥à)</td>
<td>CN</td>
<td>ǧ¾Ú¤µ¤ì¤ë̾Á°<br />
SSLÀܳ¤¹¤ëURL</td>
<td>CN=www.example.com</td></tr>
<tr><td>Organization or Company (ÁÈ¿¥Ì¾)</td>
<td>O</td>
<td>ÃÄÂΤÎÀµ¼°±Ñ¸ìÁÈ¿¥Ì¾</td>
<td>O=Example Japan K.K.</td></tr>
<tr><td>Organizational Unit (ÉôÌç̾)</td>
<td>OU</td>
<td>Éô½ð̾¤Ê¤É</td>
<td>OU=Customer Service</td></tr>
<tr><td>City/Locality (»Ô¶èĮ¼)</td>
<td>L</td>
<td>½êºß¤·¤Æ¤ë»Ô¶èĮ¼</td>
<td>L=Sapporo</td></tr>
<tr><td>State/Province (ÅÔÆ»Éܸ©)</td>
<td>ST</td>
<td>½êºß¤·¤Æ¤ëÅÔÆ»Éܸ©</td>
<td>ST=Hokkaido</td></tr>
<tr><td>Country(¹ñ)</td>
<td>C</td>
<td>½êºß¤·¤Æ¤¤¤ë¹ñ̾¤Î ISO ¥³¡¼¥É<br />
ÆüËܤξì¹ç JP
</td>
<td>C=JP</td></tr>
</table>
<p>ǧ¾Ú¶É¤Ï¤É¤Î¹àÌܤ¬¾Êά²Äǽ¤Ç¤É¤ì¤¬É¬¿Ü¤«¤ÎÊý¿Ë¤òÄêµÁ¤¹¤ë
¤«¤â¤·¤ì¤Þ¤»¤ó¡£¹àÌܤÎÆâÍƤˤĤ¤¤Æ¤âǧ¾Ú¶É¤ä¾ÚÌÀ½ñ¤Î¥æ¡¼¥¶¤«¤é¤Î
Í׷郎¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
Î㤨¤Ð¡¢¥Í¥Ã¥È¥¹¥±¡¼¥×¤Î¥Ö¥é¥¦¥¶¤Ï¥µ¡¼¥Ð¤Î¾ÚÌÀ½ñ¤Î
Common Name (¥³¥â¥ó¥Í¡¼¥à)¤¬¥µ¡¼¥Ð¤Î¥É¥á¥¤¥ó̾¤Î
<code>*.example.com</code>
¤È¤¤¤¦¤è¤¦¤Ê¥ï¥¤¥ë¥É¥«¡¼¥É¤Î¥Ñ¥¿¡¼¥ó¤Ë¥Þ¥Ã¥Á¤¹¤ë¤³¤È
¤òÍ׵ᤷ¤Þ¤¹¡£</p>
<p>¥Ð¥¤¥Ê¥ê·Á¼°¤Î¾ÚÌÀ½ñ¤Ï ASN.1 ɽµ­Ë¡
[<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>] ¤Ç
ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¤³¤Îɽµ­Ë¡¤ÏÆâÍƤò¤É¤Î¤è¤¦¤Ëµ­½Ò¤¹¤ë¤«¤òÄêµÁ¤·¡¢
Éä¹æ²½¤Îµ¬Ä꤬¤³¤Î¾ðÊ󤬤ɤΤ褦¤Ë¥Ð¥¤¥Ê¥ê·Á¼°¤ËÊÑ´¹¤µ¤ì¤ë¤«¤ò
ÄêµÁ¤·¤Þ¤¹¡£
¾ÚÌÀ½ñ¤Î¥Ð¥¤¥Ê¥êÉä¹æ²½¤Ï Distinguished Encoding
Rules (DER) ¤ÇÄêµÁ¤µ¤ì¡¢¤½¤ì¤Ï¤è¤ê°ìÈÌŪ¤Ê Basic Encoding Rules
(BER) ¤Ë´ð¤Å¤¤¤Æ¤¤¤Þ¤¹¡£
¥Ð¥¤¥Ê¥ê·Á¼°¤ò°·¤¦¤³¤È¤Î¤Ç¤­¤Ê¤¤Á÷¿®¤Ç¤Ï¡¢
¥Ð¥¤¥Ê¥ê·Á¼°¤Ï Base64 Éä¹æ²½ [<a href="#MIME">MIME</a>] ¤Ç
ASCII ·Á¼°¤ËÊÑ´¹¤µ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
¤³¤Î¤è¤¦¤ËÉä¹æ²½¤µ¤ì¡¢°Ê²¼¤ÎÎã¤Ë¼¨¤µ¤ì¤ë¤è¤¦¤Ë¶èÀÚ¤ê¹Ô¤Ë
¶´¤Þ¤ì¤¿¤â¤Î¤Ï PEM Éä¹æ²½¤µ¤ì¤¿¤È¸À¤¤¤Þ¤¹¡£
(PEM ¤Î̾Á°¤Ï "Privacy Enhanced Mail" ¤ËͳÍ褷¤Þ¤¹)</p>
<div class="example"><h3>PEM Éä¹æ²½¤µ¤ì¤¿¾ÚÌÀ½ñ¤ÎÎã (example.crt)</h3><pre>-----BEGIN CERTIFICATE-----
MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL
MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b
vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa
lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV
HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB
gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt
2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7
dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
-----END CERTIFICATE-----</pre></div>
<h3><a name="certificateauthorities" id="certificateauthorities">ǧ¾Ú¶É</a></h3>
<p>¤Þ¤º¾ÚÌÀ½ñ¤Î¿½ÀÁ¤Î¾ðÊó¤ò³Îǧ¤¹¤ë¤³¤È¤Ç¡¢
ǧ¾Ú¶É¤ÏÈëÌ©¸°¤Î»ý¤Á¼ç¤Î¿È¸µ¤òÊݾڤ·¤Þ¤¹¡£
Î㤨¤Ð¡¢¥¢¥ê¥¹¤¬¸Ä¿Í¾ÚÌÀ½ñ¤ò¿½ÀÁ¤·¤¿¤È¤¹¤ë¤È¡¢
ǧ¾Ú¶É¤Ï¥¢¥ê¥¹¤¬¾ÚÌÀ½ñ¤Î¿½ÀÁ¤¬¼çÄ¥¤¹¤ëÄ̤ê¤Î
¿Íʪ¤À¤È¤¤¤¦¤³¤È¤ò³Îǧ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£</p>
<h4><a name="certificatechains" id="certificatechains">¾ÚÌÀ½ñ³¬Áع½Â¤</a></h4>
<p>ǧ¾Ú¶É¤Ï¾¤Îǧ¾Ú¶É¤Ø¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
̤ÃΤξÚÌÀ½ñ¤òÄ´¤Ù¤ë»þ¤Ë¡¢¥¢¥ê¥¹¤Ï¤½¤Î¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô
¤Ë¼«¿®¤¬»ý¤Æ¤ë¤Þ¤Ç¡¢È¯¹Ô¼Ô¤Î¾ÚÌÀ½ñ¤ò
¤½¤Î¾å°Ì³¬ÁؤÎǧ¾Ú¶É¤ò¤¿¤É¤Ã¤ÆÄ´¤Ù¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¡Ö°­¼Á¤Ê¡×¾ÚÌÀ½ñ¤Î´í¸±À­¤ò¸º¤é¤¹¤¿¤á¡¢
Èà½÷¤Ï¸Â¤é¤ì¤¿Ï¢º¿¤Îȯ¹Ô¼Ô¤Î¤ß¿®Íꤹ¤ë¤è¤¦¤Ë
·è¤á¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£</p>
<h4><a name="rootlevelca" id="rootlevelca">ºÇ¾å°Ìǧ¾Ú¶É¤ÎºîÀ®</a></h4>
<p>Á°¤Ë½Ò¤Ù¤¿¤è¤¦¤Ë¡¢Á´¤Æ¤Î¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤Æ¡¢
ºÇ¾å°Ì¤Îǧ¾Ú¶É(CA)¤Þ¤Ç¤½¤ì¤¾¤ì¤Îȯ¹Ô¼Ô¤¬
Âоݤοȸµ¾ÚÌÀ¤ÎÍ­¸úÀ­¤òÌÀ¤é¤«¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
ÌäÂê¤Ï¡¢Ã¯¤¬¤½¤ÎºÇ¾å°Ì¤Îǧ¾Úµ¡´Ø¤Î¾ÚÌÀ½ñ¤òÊݾڤ¹¤ë¤Î¤«¡¢
¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¸Â¤ê¡¢¾ÚÌÀ½ñ¤Ï¡Ö¼«¸Ê½ð̾¡×¤µ¤ì¤Þ¤¹¡£
¤Ä¤Þ¤ê¡¢¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô¤È¾ÚÌÀÂоݤ¬Æ±¤¸¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¤½¤Î·ë²Ì¡¢¼«¸Ê½ð̾¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò¿®ÍѤ¹¤ë¤Ë¤Ï
ºÙ¿´¤ÎÃí°Õ¤¬É¬ÍפǤ¹¡£
ºÇ¾å°Ìǧ¾Ú¶É¤¬¸ø³«¸°¤ò¹­¤¯¸øɽ¤¹¤ë¤³¤È¤Ç¡¢
¤½¤Î¸°¤ò¿®Íꤹ¤ë¥ê¥¹¥¯¤òÄ㤯¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
¤â¤·¡¢Â¾¿Í¤¬¤½¤Îǧ¾Ú¶É¤Ë¤Ê¤ê¤¹¤Þ¤·¤¿»þ¤Ë¡¢¤½¤ì¤¬Ïª¸«¤·¤ä
¤¹¤¤¤«¤é¤Ç¤¹¡£
¿¤¯¤Î¥Ö¥é¥¦¥¶¤Ïͭ̾¤Êǧ¾Ú¶É¤ò¿®Íꤹ¤ë¤è¤¦¤Ë
ÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£</p>
<p><a href="http://www.thawte.com/">Thawte</a>
¤ä <a href="http://www.verisign.com/">VeriSign</a>
¤Î¤è¤¦¤Ê¿¤¯¤Î²ñ¼Ò¤¬Ç§¾Ú¶É¤È¤·¤Æ³«Àߤ·¤Þ¤·¤¿¡£
¤³¤Î¤è¤¦¤Ê²ñ¼Ò¤Ï°Ê²¼¤Î¥µ¡¼¥Ó¥¹¤òÄ󶡤·¤Þ¤¹:</p>
<ul>
<li>¾ÚÌÀ½ñ¿½ÀÁ¤Î³Îǧ</li>
<li>¾ÚÌÀ½ñ¿½ÀÁ¤Î½èÍý</li>
<li>¾ÚÌÀ½ñ¤Îȯ¹Ô¤È´ÉÍý</li>
</ul>
<p>¼«Ê¬¤Çǧ¾Ú¶É¤òºî¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£
¥¤¥ó¥¿¡¼¥Í¥Ã¥È´Ä¶­¤Ç¤Ï´í¸±¤Ç¤¹¤¬¡¢
¸Ä¿Í¤ä¥µ¡¼¥Ð¤Î¿È¸µ¾ÚÌÀ¤¬´Êñ¤Ë¹Ô¤¨¤ëÁÈ¿¥¤Î
¥¤¥ó¥È¥é¥Í¥Ã¥ÈÆâ¤Ç¤ÏÌò¤ËΩ¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¡£</p>
<h4><a name="certificatemanagement" id="certificatemanagement">¾ÚÌÀ½ñ´ÉÍý</a></h4>
<p>ǧ¾Ú¶É¤Î³«ÀߤÏÅ°Ä줷¤¿´ÉÍý¡¢µ»½Ñ¡¢±¿ÍѤÎÂÎÀ©¤òɬÍפȤ¹¤ë
ÀÕǤ¤Î¤¢¤ë»Å»ö¤Ç¤¹¡£
ǧ¾Ú¶É¤Ï¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤À¤±¤Ç¤Ê¤¯¡¢
´ÉÍý¤â¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
¶ñÂÎŪ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤¬¤¤¤Ä¤Þ¤ÇÍ­¸ú¤«¤ò·èÄꤷ¡¢¹¹¿·¤·¡¢
¤Þ¤¿´û¤Ëȯ¹Ô¤µ¤ì¤¿¤¬¼º¸ú¤·¤¿¾ÚÌÀ½ñ¤Î¥ê¥¹¥È
(Certificate Revocation Lists ¤Þ¤¿¤Ï CRL)
¤ò´ÉÍý¤·¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£
Î㤨¤Ð¡¢¥¢¥ê¥¹¤¬²ñ¼Ò¤«¤é¼Ò°÷¤È¤·¤Æ¾ÚÌÀ½ñ¤òÍ¿¤¨¤é¤ì¤¿¤È¤·¤Þ¤¹¡£
¤½¤·¤Æ¡¢¥¢¥ê¥¹¤¬²ñ¼Ò¤ò¼­¤á¤ë¤È¤­¤Ë¤Ï¾ÚÌÀ½ñ¤ò¼è¤ê¾Ã¤µ¤Ê¤±¤ì¤Ð
¤¤¤±¤Ê¤¤¤È¤·¤Þ¤¹¡£
¾ÚÌÀ½ñ¤Ï¼¡¡¹¤È¿Í¤ËÅϤµ¤ì¤Æ¤¤¤¯¤â¤Î¤Ê¤Î¤Ç¡¢
¾ÚÌÀ½ñ¤½¤Î¤â¤Î¤«¤é¡¢¤½¤ì¤¬¼è¤ê¾Ã¤µ¤ì¤¿¤«È½ÃǤ¹¤ë¤³¤È¤Ï
ÉÔ²Äǽ¤Ç¤¹¡£
¤è¤Ã¤Æ¡¢¾ÚÌÀ½ñ¤ÎÍ­¸úÀ­¤òÄ´¤Ù¤ë¤È¤­¤Ë¤Ï¡¢
ǧ¾Ú¶É¤ËÏ¢Íí¤·¤Æ CRL ¤ò¾È¹ç¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
ÉáÄ̤³¤Î²áÄø¤Ï¼«Æ°²½¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</p>
<div class="note"><h3>Ãí°Õ</h3>
<p>¥Ç¥Õ¥©¥ë¥È¤Ç¥Ö¥é¥¦¥¶¤ËÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤Ç§¾Ú¶É¤ò»È¤Ã¤¿¾ì¹ç¡¢
ǧ¾Ú¶É¤Î¾ÚÌÀ½ñ¤ò¥Ö¥é¥¦¥¶¤ËÆɤ߹þ¤ó¤Ç¡¢
¥Ö¥é¥¦¥¶¤¬¤½¤Îǧ¾Ú¶É¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¥µ¡¼¥Ð¤Î¾ÚÌÀ½ñ¤ò
Í­¸ú²½¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
°ìÅÙÆɤ߹þ¤Þ¤ì¤ë¤È¡¢¤½¤Îǧ¾Ú¶É¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿Á´¤Æ¤Î
¾ÚÌÀ½ñ¤ò¼õ¤±Æþ¤ì¤ë¤¿¤á¡¢´í¸±¤òȼ¤¤¤Þ¤¹¡£</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="ssl" id="ssl">Secure Sockets Layer (SSL)</a></h2>
<p>Secure Sockets Layer ¥×¥í¥È¥³¥ë¤Ï¿®ÍêÀ­¤Î¤¢¤ë¥³¥Í¥¯¥·¥ç¥ó·¿¤Î
¥Í¥Ã¥È¥ï¡¼¥¯ÁؤΥץí¥È¥³¥ë(Î㤨¤Ð¡¢TCP/IP)¤È
¥¢¥×¥ê¥±¡¼¥·¥ç¥óÁؤΥץí¥È¥³¥ë(Î㤨¤Ð¡¢HTTP)
¤Î´Ö¤ËÃÖ¤¯¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
SSL ¤Ï¡¢Áê¸ßǧ¾Ú¤Ë¤è¤Ã¤Æ¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È´Ö¤Î°ÂÁ´¤ÊÄÌ¿®¤ò¡¢
ÅŻҽð̾¤Ë¤è¤Ã¤Æ¥Ç¡¼¥¿¤Î´°Á´À­¤ò¡¢
¤½¤·¤Æ°Å¹æ²½¤Ë¤è¤Ã¤Æ¥×¥é¥¤¥Ð¥·¤òÄ󶡤·¤Þ¤¹¡£</p>
<p>SSL ¥×¥í¥È¥³¥ë¤Ï°Å¹æ²½¡¢¥À¥¤¥¸¥§¥¹¥È¡¢ÅŻҽð̾¤Ë¤Ä¤¤¤Æ¡¢
ÍÍ¡¹¤Ê¥¢¥ë¥´¥ê¥º¥à¤ò¥µ¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¤Ç¤­¤Æ¤¤¤Þ¤¹¡£
¤³¤¦¤¹¤ë¤³¤È¤Ç¡¢Ë¡¤äÍ¢½Ð¤Îµ¬À©¤ò¹Íθ¤ËÆþ¤ì¤Æ¡¢¥µ¡¼¥Ð¤Ë¹ç¤ï¤»¤¿
¥¢¥ë¥´¥ê¥º¥à¤òÁª¤Ö¤³¤È¤¬¤Ç¤­¡¢¤Þ¤¿¡¢¿·¤·¤¤¥¢¥ë¥´¥ê¥º¥à¤ò
ÍøÍѤ·¤Æ¤¤¤¯¤³¤È¤â²Äǽ¤Ë¤·¤Æ¤¤¤Þ¤¹¡£
¥¢¥ë¥´¥ê¥º¥à¤ÎÁªÂò¤Ï¥×¥í¥È¥³¥ë¥»¥Ã¥·¥ç¥ó³«»Ï»þ¤Ë
¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È´Ö¤Ç¼è¤ê·è¤á¤é¤ì¤Þ¤¹¡£</p>
<h3><a name="table4" id="table4">ɽ4: SSL ¥×¥í¥È¥³¥ë¤Î¥Ð¡¼¥¸¥ç¥ó</a></h3>
<table class="bordered">
<tr><th>¥Ð¡¼¥¸¥ç¥ó</th>
<th>½Ðŵ</th>
<th>ÀâÌÀ</th>
<th>¥Ö¥é¥¦¥¶¤Î¥µ¥Ý¡¼¥È</th></tr>
<tr><td>SSL v2.0</td>
<td>Vendor Standard (Netscape Corp. ¤è¤ê) [<a href="#SSL2">SSL2</a>]</td>
<td>¼ÂÁõ¤¬¸½Â¸¤¹¤ë½é¤á¤Æ¤Î SSL ¥×¥í¥È¥³¥ë</td>
<td>- NS Navigator 1.x/2.x<br />
- MS IE 3.x<br />
- Lynx/2.8+OpenSSL</td></tr>
<tr><td>SSL v3.0</td>
<td>Expired Internet Draft (Netscape Corp. ¤è¤ê) [<a href="#SSL3">SSL3</a>]</td>
<td>ÆÃÄê¤Î¥»¥­¥å¥ê¥Æ¥£¹¶·â¤òËɤ°¤¿¤á¤Î²þÄû¡¢
ÈóRSA °Å¹æ¤ÎÄɲᢾÚÌÀ½ñ³¬Áع½Â¤¤Î¥µ¥Ý¡¼¥È</td>
<td>- NS Navigator 2.x/3.x/4.x<br />
- MS IE 3.x/4.x<br />
- Lynx/2.8+OpenSSL</td></tr>
<tr><td>TLS v1.0</td>
<td>Proposed Internet Standard (IETF ¤è¤ê) [<a href="#TLS1">TLS1</a>]</td>
<td>MAC ¥ì¥¤¥ä¤ò HMAC ¤Ø¹¹¿·¡¢¥Ö¥í¥Ã¥¯°Å¹æ¤Î block
padding¡¢¥á¥Ã¥»¡¼¥¸½ç½ø¤Îɸ½à²½¡¢·Ù¹ðʸ¤Î½¼¼Â¤Ê¤É¤Î¤¿¤á
SSL 3.0 ¤ò²þÄû¡£</td>
<td>- Lynx/2.8+OpenSSL</td></tr>
</table>
<p><a href="#table4">ɽ4</a>¤Ë¼¨¤µ¤ì¤ë¤È¤ª¤ê¡¢SSL ¥×¥í¥È¥³¥ë¤Ë¤Ï
¤¤¤¯¤Ä¤â¤Î¥Ð¡¼¥¸¥ç¥ó¤¬¤¢¤ê¤Þ¤¹¡£
ɽ¤Ë¤â½ñ¤«¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢SSL 3.0 ¤ÎÍøÅÀ¤Î°ì¤Ä¤Ï
¾ÚÌÀ½ñ³¬Áع½Â¤¤ò¥µ¥Ý¡¼¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
¤³¤Îµ¡Ç½¤Ë¤è¤Ã¤Æ¡¢¥µ¡¼¥Ð¤Ï¼«Ê¬¤Î¾ÚÌÀ½ñ¤Ë²Ã¤¨¤Æ¡¢
ȯ¹Ô¼Ô¤Î¾ÚÌÀ½ñ¤ò¥Ö¥é¥¦¥¶¤ËÅϤ¹¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
¾ÚÌÀ½ñ³¬Áع½Â¤¤Ë¤è¤Ã¤Æ¡¢
¥Ö¥é¥¦¥¶¤Ëȯ¹Ô¼Ô¤Î¾ÚÌÀ½ñ¤¬Ä¾ÀÜÅÐÏ¿¤µ¤ì¤Æ¤¤¤Ê¤¯¤Æ¤â¡¢
³¬ÁؤÎÃæ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ì¤Ð¡¢
¥Ö¥é¥¦¥¶¤Ï¥µ¡¼¥Ð¤Î¾ÚÌÀ½ñ¤òÍ­¸ú²½¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
SSL 3.0 ¤Ï¸½ºß Internet Engineering Task Force (IETF)
¤Ë¤è¤Ã¤Æ³«È¯¤µ¤ì¤Æ¤¤¤ë Transport Layer Security
[<a href="#TLS1">TLS</a>] ¥×¥í¥È¥³¥ëɸ½àµ¬³Ê¤Î´ðÁäȤʤäƤ¤¤Þ¤¹¡£</p>
<h3><a name="session" id="session">¥»¥Ã¥·¥ç¥ó¤Î³ÎΩ</a></h3>
<p><a href="#figure1">¿Þ1</a>¤Ç¼¨¤µ¤ì¤ë¤è¤¦¤Ë¡¢
¥»¥Ã¥·¥ç¥ó¤Î³ÎΩ¤Ï¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Î
¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¤Ë¤è¤Ã¤Æ¹Ô¤Ê¤ï¤ì¤Þ¤¹¡£
¥µ¡¼¥Ð¤¬¾ÚÌÀ½ñ¤òÄ󶡤¹¤ë¤«¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¾ÚÌÀ½ñ¤ò¥ê¥¯¥¨¥¹¥È¤¹¤ë¤«
¤È¤¤¤¦¥µ¡¼¥Ð¤ÎÀßÄê¤Ë¤è¤ê¡¢¤³¤Î¥·¡¼¥¯¥¨¥ó¥¹¤Ï°Û¤Ê¤ë¤â¤Î¤È¤Ê¤ê¤Þ¤¹¡£
°Å¹æ¾ðÊó¤Î´ÉÍý¤Î¤¿¤á¤Ë¡¢ÄɲäΥϥó¥É¥·¥§¡¼¥¯²áÄø¤¬É¬Íפˤʤë
¾ì¹ç¤â¤¢¤ê¤Þ¤¹¤¬¡¢¤³¤Îµ­»ö¤Ç¤Ï
¤è¤¯¤¢¤ë¥·¥Ê¥ê¥ª¤ò¼êû¤ËÀâÌÀ¤·¤Þ¤¹¡£
Á´¤Æ¤Î²ÄǽÀ­¤Ë¤Ä¤¤¤Ï¡¢SSL »ÅÍͽñ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</p>
<div class="note"><h3>Ãí°Õ</h3>
<p>°ìÅÙ SSL ¥»¥Ã¥·¥ç¥ó¤¬³ÎΩ¤¹¤ë¤È¡¢¥»¥Ã¥·¥ç¥ó¤òºÆÍøÍѤ¹¤ë¤³¤È¤Ç¡¢
¥»¥Ã¥·¥ç¥ó¤ò³«»Ï¤¹¤ë¤¿¤á¤Î¿¤¯¤Î²áÄø¤ò·«¤êÊÖ¤¹¤È¤¤¤¦
¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤Î»¼º¤òËɤ®¤Þ¤¹¡£
¤½¤Î¤¿¤á¡¢¥µ¡¼¥Ð¤ÏÁ´¤Æ¤Î¥»¥Ã¥·¥ç¥ó¤Ë°ì°Õ¤Ê¥»¥Ã¥·¥ç¥ó¼±ÊÌ̾¤ò
³ä¤êÅö¤Æ¡¢¥µ¡¼¥Ð¤Ë¥­¥ã¥Ã¥·¥å¤·¡¢¥¯¥é¥¤¥¢¥ó¥È¤Ï¼¡²ó¤«¤é
(¼±ÊÌ̾¤¬¥µ¡¼¥Ð¤Î¥­¥ã¥Ã¥·¥å¤Ç´ü¸ÂÀÚ¤ì¤Ë¤Ê¤ë¤Þ¤Ç¤Ï)
¥Ï¥ó¥É¥·¥§¡¼¥¯¤Ê¤·¤ÇÀܳ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</p>
</div>
<p class="figure">
<img src="ssl_intro_fig1.gif" alt="" width="423" height="327" /><br />
<a id="figure1" name="figure1"><dfn>¿Þ1</dfn></a>: SSL
¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹³µÎ¬</p>
<p>¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤Ç»È¤ï¤ì¤ë
¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¤ÎÍ×ÁǤò°Ê²¼¤Ë¼¨¤·¤Þ¤¹:</p>
<ol>
<li>¥Ç¡¼¥¿ÄÌ¿®¤Ë»È¤ï¤ì¤ë°Å¹æ¥¹¥¤¡¼¥È¤Î¼è¤ê·è¤á</li>
<li>¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Ç¤Î¥»¥Ã¥·¥ç¥ó¸°¤Î³ÎΩ¤È¶¦Í­</li>
<li>¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ¹¤ë¥µ¡¼¥Ð¤Îǧ¾Ú</li>
<li>¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥µ¡¼¥Ð¤ËÂФ¹¤ë¥¯¥é¥¤¥¢¥ó¥È¤Îǧ¾Ú</li>
</ol>
<p>Âè°ì¥¹¥Æ¥Ã¥×¤Î°Å¹æ¥¹¥¤¡¼¥È¼è¤ê·è¤á¤Ë¤è¤Ã¤Æ¡¢
¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤Ï¤½¤ì¤¾¤ì¤Ë¤¢¤Ã¤¿
°Å¹æ¥¹¥¤¡¼¥È¤òÁª¤Ö¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
SSL3.0 ¥×¥í¥È¥³¥ë¤Î»ÅÍͽñ¤Ï 31 ¤Î°Å¹æ¥¹¥¤¡¼¥È¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£
°Å¹æ¥¹¥¤¡¼¥È¤Ï°Ê²¼¤Î¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ë¤è¤êÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹:</p>
<ul>
<li>¸°¤Î¸ò´¹¼êÃÊ</li>
<li>¥Ç¡¼¥¿ÄÌ¿®¤Î°Å¹æ½Ñ</li>
<li>Message Authentication Code (MAC) ºîÀ®¤Î¤¿¤á¤Î
¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È</li>
</ul>
<p>¤³¤ì¤é¤Î»°¤Ä¤ÎÍ×ÁǤϰʲ¼¤Î¥»¥¯¥·¥ç¥ó¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</p>
<h3><a name="keyexchange" id="keyexchange">¸°¤Î¸ò´¹¼êÃÊ</a></h3>
<p>¸°¤Î¸ò´¹¼êÃʤϥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿ÄÌ¿®¤Ë»È¤ï¤ì¡¢
¶¦Í­¤µ¤ì¤ëÂоΰŹ渰¤ò¤É¤Î¤è¤¦¤Ë¤¬¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð¤Ç
¼è¤ê·è¤á¤ë¤«¤òÄêµÁ¤·¤Þ¤¹¡£
SSL 2.0 ¤Ï RSA ¸°¸ò´¹¤·¤«»È¤¤¤Þ¤»¤ó¤¬¡¢
SSL 3.0 ¤Ï¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤ë¤È¤­¤Ï RSA ¸°¸ò´¹¤ò»È¤¤¡¢
¾ÚÌÀ½ñ¤¬Ìµ¤¯¡¢¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð¤Î»öÁ°¤ÎÄÌ¿®¤¬Ìµ¤¤¾ì¹ç¤Ï
Diffie-Hellman ¸°¸ò´¹¤ò»È¤¦
¤Ê¤ÉÍÍ¡¹¤Ê¸°¸ò´¹¥¢¥ë¥´¥ê¥º¥à¤ò¥µ¥Ý¡¼¥È¤·¤Þ¤¹¡£</p>
<p>¸°¤Î¸ò´¹ÊýË¡¤Ë¤ª¤±¤ë°ì¤Ä¤ÎÁªÂò»è¤ÏÅŻҽð̾¤Ç¤¹¡£
ÅŻҽð̾¤ò»È¤¦¤«¤É¤¦¤«¡¢¤Þ¤¿¡¢
¤É¤Î¼ïÎà¤Î½ð̾¤ò»È¤¦¤«¤È¤¤¤¦ÁªÂò¤¬¤¢¤ê¤Þ¤¹¡£
ÈëÌ©¸°¤Ç½ð̾¤¹¤ë¤³¤È¤Ç¶¦Í­¸°¤òÀ¸À®¤¹¤·¡¢¾ðÊó¸ò´¹¤¹¤ë»þ¤Î
¥Þ¥ó¡¦¥¤¥ó¡¦¥¶¡¦¥ß¥É¥ë¹¶·â¤òËɤ°¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
[<a href="#AC96">AC96</a>, p516]</p>
<h3><a name="ciphertransfer" id="ciphertransfer">¥Ç¡¼¥¿ÄÌ¿®¤Î°Å¹æ½Ñ</a></h3>
<p>SSL ¤Ï¥»¥Ã¥·¥ç¥ó¤Î¥á¥Ã¥»¡¼¥¸¤Î°Å¹æ²½¤ËÁ°½Ò¤·¤¿
½¾Íè·¿°Å¹æ(ÂоΰŹæ)¤òÍѤ¤¤Þ¤¹¡£
°Å¹æ²½¤·¤Ê¤¤¤È¤¤¤¦ÁªÂò»è¤â´Þ¤á¶å¤Ä¤ÎÁªÂò»è¤¬¤¢¤ê¤Þ¤¹:</p>
<ul>
<li>°Å¹æ²½¤Ê¤·</li>
<li>¥¹¥È¥ê¡¼¥à°Å¹æ
<ul>
<li>40-bit ¸°¤Ç¤Î RC4</li>
<li>128-bit ¸°¤Ç¤Î RC4</li>
</ul></li>
<li>CBC ¥Ö¥í¥Ã¥¯°Å¹æ
<ul><li>40 bit ¸°¤Ç¤Î RC2</li>
<li>40 bit ¸°¤Ç¤Î DES</li>
<li>56 bit ¸°¤Ç¤Î DES</li>
<li>168 bit ¸°¤Ç¤Î Triple-DES</li>
<li>Idea (128 bit ¸°)</li>
<li>Fortezza (96 bit ¸°)</li>
</ul></li>
</ul>
<p>¤³¤³¤Ç¤Î CBC ¤È¤Ï°Å¹æ¥Ö¥í¥Ã¥¯Ï¢º¿ (Cipher Block Chaining)
¤Îά¤Ç¡¢°ì¤ÄÁ°¤Î°Å¹æ²½¤µ¤ì¤¿°Å¹æʸ¤Î°ìÉô¤¬
¥Ö¥í¥Ã¥¯¤Î°Å¹æ²½¤Ë»È¤ï¤ì¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
DES ¤Ï¥Ç¡¼¥¿°Å¹æ²½É¸½àµ¬³Ê (Data Encryption Standard)
[<a href="#AC96">AC96</a>, ch12] ¤Îά¤Ç¡¢
DES40 ¤ä 3DES_EDE ¤ò´Þ¤à¤¤¤¯¤Ä¤â¤Î¼ïÎब¤¢¤ê¤Þ¤¹¡£
Idea ¤ÏºÇ¹â¤Ê¤â¤Î¤Î°ì¤Ä¤Ç¡¢°Å¹æ½ÑŪ¤Ë¤Ï¸½ºß¤¢¤ëÃæ¤Ç
ºÇ¤â¶¯ÎϤʤâ¤Î¤Ç¤¹¡£
RC2 ¤Ï RSA DSI ¤Ë¤è¤ëÆÈÀêŪ¤Ê¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£
[<a href="#AC96">AC96</a>,
ch13]</p>
<h3><a name="digestfuntion" id="digestfuntion">¥À¥¤¥¸¥§¥¹¥È´Ø¿ô</a></h3>
<p>
¥À¥¤¥¸¥§¥¹¥È´Ø¿ô¤ÎÁªÂò¤Ï¥ì¥³¡¼¥É¥æ¥Ë¥Ã¥È¤«¤é¤É¤Î¤è¤¦¤Ë¥À¥¤¥¸¥§¥¹¥È¤¬À¸À®¤µ¤ì¤ë¤«¤ò·èÄꤷ¤Þ¤¹¡£
SSL ¤Ï°Ê²¼¤ò¥µ¥Ý¡¼¥È¤·¤Þ¤¹:</p>
<ul>
<li>¥À¥¤¥¸¥§¥¹¥È¤Ê¤·</li>
<li>MD5 (128-bit ¥Ï¥Ã¥·¥å)</li>
<li>Secure Hash Algorithm (SHA-1) (160-bit ¥Ï¥Ã¥·¥å)</li>
</ul>
<p>¥á¥Ã¥»¡¼¥¸¥À¥¤¥¸¥§¥¹¥È¤Ï Message Authentication Code (MAC)
¤ÎÀ¸À®¤Ë»È¤ï¤ì¡¢¥á¥Ã¥»¡¼¥¸¤È¶¦¤Ë°Å¹æ²½¤µ¤ì¡¢¥á¥Ã¥»¡¼¥¸¤Î¿®ÍѤò
Ä󶡤·¡¢¥ê¥×¥ì¥¤¹¶·â¤òËɤ®¤Þ¤¹¡£</p>
<h3><a name="handshake" id="handshake">¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¥×¥í¥È¥³¥ë</a></h3>
<p>¥Ï¥ó¥É¥·¥§¡¼¥¯¥·¡¼¥¯¥¨¥ó¥¹¤Ï»°¤Ä¤Î¥×¥í¥È¥³¥ë¤ò»È¤¤¤Þ¤¹:</p>
<ul>
<li><dfn>SSL ¥Ï¥ó¥É¥·¥§¡¼¥¯¥×¥í¥È¥³¥ë</dfn>¤Ï
¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Ç¤Î SSL ¥»¥Ã¥·¥ç¥ó¤Î³ÎΩ¤Ë»È¤ï¤ì¤Þ¤¹¡£</li>
<li><dfn>SSL °Å¹æ»ÅÍÍÊѹ¹¥×¥í¥È¥³¥ë</dfn>¤Ï
¥»¥Ã¥·¥ç¥ó¤Ç¤Î°Å¹æ¥¹¥¤¡¼¥È¤Î¼è¤ê·è¤á¤Ë»È¤ï¤ì¤Þ¤¹¡£</li>
<li><dfn>SSL ·Ù¹ð¥×¥í¥È¥³¥ë</dfn>¤Ï
¥¯¥é¥¤¥¢¥ó¥È¥µ¡¼¥Ð´Ö¤Ç SSL ¥¨¥é¡¼¤òÅÁ㤹¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£</li>
</ul>
<p>»°¤Ä¤Î¥×¥í¥È¥³¥ë¤Ï¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥×¥í¥È¥³¥ë¥Ç¡¼¥¿¤È¤È¤â¤Ë¡¢
<a href="#figure2">¿Þ2</a>¤Ë¼¨¤¹¤È¤ª¤ê <dfn>SSL ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë</dfn>
¤Ç¥«¥×¥»¥ë²½¤µ¤ì¤Þ¤¹¡£
¥«¥×¥»¥ë²½¤µ¤ì¤¿¥×¥í¥È¥³¥ë¤Ï¥Ç¡¼¥¿¤ò¸¡ºº¤·¤Ê¤¤
²¼ÁؤΥץí¥È¥³¥ë¤Ë¤è¤Ã¤Æ¥Ç¡¼¥¿¤È¤·¤ÆÅÁ㤵¤ì¤Þ¤¹¡£
¥«¥×¥»¥ë²½¤µ¤ì¤¿¥×¥í¥È¥³¥ë¤Ï²¼ÁؤΥץí¥È¥³¥ë¤Ë´Ø¤·¤Æ°ìÀÚ´ØÃΤ·¤Þ¤»¤ó¡£</p>
<p class="figure">
<img src="ssl_intro_fig2.gif" alt="" width="428" height="217" /><br />
<a id="figure2" name="figure2"><dfn>¿Þ2</dfn></a>: SSL ¥×¥í¥È¥³¥ë¥¹¥¿¥Ã¥¯
</p>
<p>
¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë¤Ë¤è¤ë SSL ¥³¥ó¥È¥í¡¼¥ë¥×¥í¥È¥³¥ë¤Î¥«¥×¥»¥ë²½¤Ï¡¢
¥¢¥¯¥Æ¥£¥Ö¤Ê¥»¥Ã¥·¥ç¥ó¤ÎÆó²óÌܤÎÄÌ¿®¤¬¤¢¤Ã¤¿¾ì¹ç¡¢
¥³¥ó¥È¥í¡¼¥ë¥×¥í¥È¥³¥ë¤¬°ÂÁ´¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
´û¤Ë¥»¥Ã¥·¥ç¥ó¤¬Ìµ¤¤¾ì¹ç¤Ï¡¢Null °Å¹æ¥¹¥¤¡¼¥È¤¬»È¤ï¤ì¡¢
°Å¹æ²½¤Ï¹Ô¤Ê¤ï¤ì¤º¡¢¥»¥Ã¥·¥ç¥ó¤¬³ÎΩ¤¹¤ë¤Þ¤Ç¤Ï
¥À¥¤¥¸¥§¥¹¥È¤â̵¤¤¾õÂ֤Ȥʤê¤Þ¤¹¡£</p>
<h3><a name="datatransfer" id="datatransfer">¥Ç¡¼¥¿ÄÌ¿®</a></h3>
<p><a href="#figure3">¿Þ3</a>¤Ë¼¨¤µ¤ì¤ë SSL ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë
¤Ï¥¯¥é¥¤¥¢¥ó¥È¤È¥µ¡¼¥Ð´Ö¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ä
SSL ¥³¥ó¥È¥í¡¼¥ë¥Ç¡¼¥¿¤ÎÄÌ¿®¤Ë»È¤ï¤ì¤Þ¤¹¡£
¤³¤Î¥Ç¡¼¥¿¤Ï¤è¤ê¾®¤µ¤¤¥æ¥Ë¥Ã¥È¤Ëʬ¤±¤é¤ì¤¿¤ê¡¢
¤¤¤¯¤Ä¤«¤Î¹âµé¥×¥í¥È¥³¥ë¤ò¤Þ¤È¤á¤Æ°ì¥æ¥Ë¥Ã¥È¤È¤·¤ÆÄÌ¿®¤¬
¹Ô¤Ê¤ï¤ì¤ë¤³¤È¤â¤¢¤ê¤Þ¤¹¡£
¥Ç¡¼¥¿¤ò°µ½Ì¤·¡¢¥À¥¤¥¸¥§¥¹¥È½ð̾¤òźÉÕ¤·¤Æ¡¢
¤³¤ì¤é¤Î¥æ¥Ë¥Ã¥È¤ò°Å¹æ²½¤·¤¿¤Î¤Á¡¢¥Ù¡¼¥¹¤È¤Ê¤Ã¤Æ¤¤¤ë
¿®ÍêÀ­¤Î¤¢¤ë¥È¥é¥ó¥¹¥Ý¡¼¥È¥×¥í¥È¥³¥ë¤òÍѤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
(Ãí°Õ: ¸½ºß¥á¥¸¥ã¡¼¤Ê SLL ¼ÂÁõ¤Ç°µ½Ì¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¤â¤Î¤Ï¤¢¤ê¤Þ¤»¤ó)</p>
<p class="figure">
<img src="ssl_intro_fig3.gif" alt="" width="423" height="323" /><br />
<a id="figure3" name="figure3"><dfn>¿Þ 3</dfn></a>: SSL ¥ì¥³¡¼¥É¥×¥í¥È¥³¥ë
</p>
<h3><a name="securehttp" id="securehttp">HTTP ÄÌ¿®¤Î°ÂÁ´²½</a></h3>
<p>¤è¤¯¤¢¤ë SSL ¤Î»È¤¤Êý¤Ï¥Ö¥é¥¦¥¶¤È¥¦¥§¥Ö¥µ¡¼¥Ð´Ö¤Î HTTP ÄÌ¿®
¤Î°ÂÁ´²½¤Ç¤¹¡£
¤³¤ì¤Ï¡¢½¾Íè¤Î°ÂÁ´¤Ç¤Ï¤Ê¤¤ HTTP ¤Î»ÈÍѤò½ü³°¤¹¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
°ÂÁ´²½¤µ¤ì¤¿¤â¤Î¤Ï¼ç¤Ë SSH ¾å¤ÎÉáÄ̤ΠHTTP ¤Ç¡¢HTTPS ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£
Â礭¤Ê°ã¤¤¤Ï¡¢URL ¥¹¥­¡¼¥à¤Ë <code>http</code> ¤ÎÂå¤ï¤ê¤Ë <code>https</code>
¤òÍѤ¤¡¢¥µ¡¼¥Ð¤¬Ê̤Υݡ¼¥È¤ò»È¤¦¤³¤È¤Ç¤¹ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï443)¡£
¤³¤ì¤¬¼ç¤Ë <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ¤¬ Apache ¥¦¥§¥Ö¥µ¡¼¥Ð¤ËÄ󶡤¹¤ëµ¡Ç½¤Ç¤¹¡£</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="references" id="references">»²¹Íʸ¸¥</a></h2>
<dl>
<dt><a id="AC96" name="AC96">[AC96]</a></dt>
<dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,
1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce
Schneier.</dd>
<dt><a id="X208" name="X208">[X208]</a></dt>
<dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I</a>.
</dd>
<dt><a id="X509" name="X509">[X509]</a></dt>
<dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509</a>.
</dd>
<dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
<dd><q>Public Key Cryptography Standards (PKCS)</q>,
RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd>
<dt><a id="MIME" name="MIME">[MIME]</a></dt>
<dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd>
<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>
<dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
<dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd>
<dt><a id="TLS1" name="TLS1">[TLS1]</a></dt>
<dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd>
</dl>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
<a href="../ja/ssl/ssl_intro.html" title="Japanese">&nbsp;ja&nbsp;</a></p>
</div><div id="footer">
<p class="apache">Copyright 1999-2004 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">¥â¥¸¥å¡¼¥ë</a> | <a href="../mod/directives.html">¥Ç¥£¥ì¥¯¥Æ¥£¥Ö</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">ÍѸì</a> | <a href="../sitemap.html">¥µ¥¤¥È¥Þ¥Ã¥×</a></p></div>
</body></html>