59,65 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
SSL/TLS is a standardized, widely implemented, peer-reviewed protocol for applying cryptographic primitives to arbitrary networked communications. It provides privacy, integrity, and a measure of authenticity to otherwise inherently untrustworthy network connections.
While most books detail the protocol, this one is intended to provide you with a nearly complete SSL/TLS library, developed incrementally using C code. Whether or not you have a working knowledgeof cryptography, you'll find this practical guide helps you understand the internals of these libraries so that, when it comes time to use one, you will have a firm understanding of what takes place at each stage.
Understand secure sockets and the HTTP protocol
Learn to protect against eavesdroppers with symmetric cryptography
Secure key exchanges over an insecure medium with public key cryptography and boost security with elliptic curve cryptography
Examine the use of digital signatures and X.509 certificates
Develop a usable, secure communications protocol with client-side TLS
Add server-side TLS 1.0 support
Use SSL in advanced situations, including safely reusing key material with sessionresumption and verifying identity with client authentication
Go to [...] to find code and other features related to this book
SSL/TLS is a standardized, widely implemented, peer-reviewed protocol for applying cryptographic primitives to arbitrary networked communications. It provides privacy, integrity, and a measure of authenticity to otherwise inherently untrustworthy network connections.
While most books detail the protocol, this one is intended to provide you with a nearly complete SSL/TLS library, developed incrementally using C code. Whether or not you have a working knowledgeof cryptography, you'll find this practical guide helps you understand the internals of these libraries so that, when it comes time to use one, you will have a firm understanding of what takes place at each stage.
Understand secure sockets and the HTTP protocol
Learn to protect against eavesdroppers with symmetric cryptography
Secure key exchanges over an insecure medium with public key cryptography and boost security with elliptic curve cryptography
Examine the use of digital signatures and X.509 certificates
Develop a usable, secure communications protocol with client-side TLS
Add server-side TLS 1.0 support
Use SSL in advanced situations, including safely reusing key material with sessionresumption and verifying identity with client authentication
Go to [...] to find code and other features related to this book
Introduction xxvii
Chapter 1 Understanding Internet Security 1
What Are Secure Sockets? 2
"Insecure" Communications: Understanding the HTTP Protocol 4
Implementing an HTTP Client 5
Adding Support for HTTP Proxies 12
Reliable Transmission of Binary Data with Base64 Encoding 17
Implementing an HTTP Server 21
Roadmap for the Rest of This Book 27
Chapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29
Understanding Block Cipher Cryptography Algorithms 30
Implementing the Data Encryption Standard (DES) Algorithm 31
DES Initial Permutation 34
DES Key Schedule 38
DES Expansion Function 40
DES Decryption 45
Padding and Chaining in Block Cipher Algorithms 46
Using the Triple-DES Encryption Algorithm to Increase Key Length 55
Faster Encryption with the Advanced Encryption Standard (AES) Algorithm 60
AES Key Schedule Computation 60
AES Encryption 67
Other Block Cipher Algorithms 83
Understanding Stream Cipher Algorithms 83
Understanding and Implementing the RC4 Algorithm 84
Chapter 3 Converting a Block Cipher to a Stream Cipher: The OFB and COUNTER Block-Chaining Modes 90
Secure Key Exchange over an Insecure Medium with Public Key Cryptography 91
Understanding the Theory Behind the RSA Algorithm 92
Performing Arbitrary Precision Binary Math to Implement Public-Key Cryptography 93
Implementing Large-Number Addition 93
Implementing Large-Number Subtraction 98
Implementing Large-Number Multiplication 101
Implementing Large-Number Division 106
Comparing Large Numbers 109
Optimizing for Modulo Arithmetic 112
Using Modulus Operations to Efficiently Compute Discrete Logarithms in a Finite Field 113
Encryption and Decryption with RSA 114
Encrypting with RSA 115
Decrypting with RSA 119
Encrypting a Plaintext Message 120
Decrypting an RSA-Encrypted Message 124
Testing RSA Encryption and Decryption 126
Achieving Perfect Forward Secrecy with Diffie-Hellman Key Exchange 130
Getting More Security per Key Bit: Elliptic Curve Cryptography 132
How Elliptic Curve Cryptography Relies on Modular Inversions 135
Using the Euclidean Algorithm to compute Greatest Common Denominators 135
Computing Modular Inversions with the Extended Euclidean Algorithm 137
Adding Negative Number Support to the Huge Number Library 138
Supporting Negative Remainders 147
Making ECC Work with Whole Integers: Elliptic-Curve Cryptography over Fp 150
Reimplementing Diffie-Hellman to Use ECC Primitives 150
Why Elliptic-Curve Cryptography? 154
Chapter 4 Authenticating Communications Using Digital Signatures 157
Using Message Digests to Create Secure Document Surrogates 158
Implementing the MD5 Digest Algorithm 159
Understanding MD 5 160
A Secure Hashing Example 161
Securely Hashing a Single Block of Data 166
MD5 Vulnerabilities 169
Increasing Collision Resistance with the SHA- 1
Digest Algorithm 171
Understanding SHA-1 Block Computation 171
Understanding the SHA-1 Input Processing Function 174
Understanding SHA-1 Finalization 176
Even More Collision Resistance with the SHA- 256
Digest Algorithm 180
Preventing Replay Attacks with the HMAC Keyed-Hash Algorithm 184
Implementing a Secure HMAC Algorithm 186
Completing the HMAC Operation 190
Creating Updateable Hash Functions 190
Defining a Digest Structure 191
Appending the Length to the Last Block 194
Computing the MD5 Hash of an Entire File 196
Where Does All of This Fit into SSL? 200
Understanding Digital Signature Algorithm (DSA) Signatures 201
Implementing Sender-Side DSA Signature Generation 202
Implementing Receiver-Side DSA Signature Verification 205
How to Make DSA Efficient 209
Getting More Security per Bit: Elliptic Curve DSA 210
Rewriting the Elliptic-Curve Math Functions to Support Large Numbers 211
Implementing ECDSA 215
Generating ECC Keypairs 218
Chapter 5 Creating a Network of Trust Using X.509 Certificates 221
Putting It Together: The Secure Channel Protocol 222
Encoding with ASN.1 225
Understanding Signed Certificate Structure 225
Version 226
serialNumber 227
signature 227
issuer 229
validity 232
subject 233
subjectPublicKeyInfo 235
extensions 237
Signed Certificates 238
Summary of X.509 Certificates 241
Transmitting Certificates with ASN.1 Distinguished Encoding Rules (DER) 241
Encoded Values 241
Strings and Dates 242
Bit Strings 243
Sequences and Sets: Grouping and Nesting ASN.1 Values 243
ASN.1 Explicit Tags 244
A Real-World Certificate Example 244
Using OpenSSL to Generate an RSA KeyPair and Certificate 244
Using OpenSSL to Generate a DSA KeyPair and Certificate 251
Developing an ASN.1 Parser 252
Converting a Byte Stream into an ASN.1 Structure 252
The asn1parse Code in Action 259
Turning a Parsed ASN.1 Structure into X.509 Certificate Components 264
Joining the X.509 Components into a Completed X. 509 Certificate Structure 268
Parsing Object Identifiers (OIDs) 270
Parsing Distinguished Names 271
Parsing Certificate Extensions 275
Signature Verification 279
Validating PKCS #7-Formatted RSA Signatures 280
Verifying a Self-Signed Certificate 281
Adding DSA Support to the Certificate Parser 286
Managing Certificates 292
How Authorities Handle Certificate Signing Requests (CSRs) 292
Correlating Public and Private Keys Using PKCS # 12
Formatting 293
Blacklisting Compromised Certificates Using Certificate Revocation Lists (CRLs) 294
Keeping Certificate Blacklists Up-to-Date with the Online Certificate Status Protocol (OCSP) 295
Other Problems with Certificates 296
Chapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297
Implementing the TLS 1.0 Handshake (Client Perspective) 299
Adding TLS Support to the HTTP Client 300
Understanding the TLS Handshake Procedure 303
TLS Client Hello 304
Tracking the Handshake State in the TLSParameters Structure 304
Describing Cipher Suites 308
Flattening and Sending the Client Hello Structure 309
TLS Server Hello 316
Adding a Receive Loop 317
Sending Alerts 318
Parsing the Server Hello Structure 319
Reporting Server Alerts 323
TLS Certificate 324
TLS Server Hello Done 328
TLS Client Key Exchange 329
Sharing Secrets Using TLS PRF (Pseudo-Random Function) 329
Creating Reproducible, Unpredictable Symmetric Keys with Master Secret Computation 336
RSA Key Exchange 337
Diffie-Hellman Key Exchange 343
TLS Change Cipher Spec 344
TLS Finished 346
Computing the Verify Message 347
Correctly Receiving the Finished Message 352
Secure Data Transfer with TLS 353
Assigning Sequence Numbers 353
Supporting Outgoing Encryption 355
Adding Support for Stream Ciphers 358
Updating Each Invocation of send_message 359
Decrypting and Authenticating 361
TLS Send 364
TLS Receive 365
Implementing TLS Shutdown 368
Examining HTTPS End-to-end Examples (TLS 1.0) 369
Dissecting the Client Hello Request 370
Dissecting the Server Response Messages 372
Dissecting the Key Exchange Message 373
Decrypting the Encrypted Exchange 374
Exchanging Application Data 377
Differences Between SSL 3.0 and TLS 1.0 378
Differences Between TLS 1.0 and TLS 1.1 379
Chapter 7 Adding Server-Side TLS 1.0 Support 381
Implementing the TLS 1.0 Handshake from the Server's Perspective 381
TLS Client Hello 387
TLS Server Hello 390
TLS Certificate 391
TLS Server Hello Done 393
TLS Client Key Exchange 394
RSA Key Exchange and Private Key Location 395
Supporting Encrypted Private Key Files 399
Checking That Decryption was Successful 406
Completing the Key Exchange 407
TLS Change Cipher Spec 409
TLS Finished 409
Avoiding Common Pitfalls When Adding HTTPS Support to a Server 411
When a Browser Displays Errors: Browser Trust Issues 412
Chapter 8 Advanced SSL Topics 415
Passing Additional Information with Client Hello Extensions 415
Safely Reusing Key Material with Session Resumption 420
Adding Session Resumption on the Client Side 421
Requesting Session Resumption 422
Adding Session Resumption Logic to the Client 422
Restoring the Previous Session's Master Secret 424
Testing Session Resumption 425
Viewing a Resumed Session 427
Adding Session Resumption on the Server Side 428
Assigning a Unique Session ID to Each Session 429
Adding Session ID Storage 429
Modifying parse_client_hello to Recognize Session Resumption Requests 433
Drawbacks of This Implementation 435
Avoiding Fixed Parameters with Ephemeral Key Exchange 436
Supporting the TLS Server Key Exchange Message 437
Authenticating the Server Key Exchange Message 439
Examining an Ephemeral Key Exchange Handshake 442
Verifying Identity with Client Authentication 448
Supporting the CertificateRequest Message 449
Adding Certificate Request Parsing Capability for the Client 450
Handling the Certificate Request 452
...Erscheinungsjahr: | 2011 |
---|---|
Fachbereich: | Datenkommunikation, Netze & Mailboxen |
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 704 S. |
ISBN-13: | 9780470920411 |
ISBN-10: | 0470920416 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Davies, Joshua |
Hersteller: |
Wiley
John Wiley & Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 235 x 191 x 38 mm |
Von/Mit: | Joshua Davies |
Erscheinungsdatum: | 11.01.2011 |
Gewicht: | 1,295 kg |
Introduction xxvii
Chapter 1 Understanding Internet Security 1
What Are Secure Sockets? 2
"Insecure" Communications: Understanding the HTTP Protocol 4
Implementing an HTTP Client 5
Adding Support for HTTP Proxies 12
Reliable Transmission of Binary Data with Base64 Encoding 17
Implementing an HTTP Server 21
Roadmap for the Rest of This Book 27
Chapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29
Understanding Block Cipher Cryptography Algorithms 30
Implementing the Data Encryption Standard (DES) Algorithm 31
DES Initial Permutation 34
DES Key Schedule 38
DES Expansion Function 40
DES Decryption 45
Padding and Chaining in Block Cipher Algorithms 46
Using the Triple-DES Encryption Algorithm to Increase Key Length 55
Faster Encryption with the Advanced Encryption Standard (AES) Algorithm 60
AES Key Schedule Computation 60
AES Encryption 67
Other Block Cipher Algorithms 83
Understanding Stream Cipher Algorithms 83
Understanding and Implementing the RC4 Algorithm 84
Chapter 3 Converting a Block Cipher to a Stream Cipher: The OFB and COUNTER Block-Chaining Modes 90
Secure Key Exchange over an Insecure Medium with Public Key Cryptography 91
Understanding the Theory Behind the RSA Algorithm 92
Performing Arbitrary Precision Binary Math to Implement Public-Key Cryptography 93
Implementing Large-Number Addition 93
Implementing Large-Number Subtraction 98
Implementing Large-Number Multiplication 101
Implementing Large-Number Division 106
Comparing Large Numbers 109
Optimizing for Modulo Arithmetic 112
Using Modulus Operations to Efficiently Compute Discrete Logarithms in a Finite Field 113
Encryption and Decryption with RSA 114
Encrypting with RSA 115
Decrypting with RSA 119
Encrypting a Plaintext Message 120
Decrypting an RSA-Encrypted Message 124
Testing RSA Encryption and Decryption 126
Achieving Perfect Forward Secrecy with Diffie-Hellman Key Exchange 130
Getting More Security per Key Bit: Elliptic Curve Cryptography 132
How Elliptic Curve Cryptography Relies on Modular Inversions 135
Using the Euclidean Algorithm to compute Greatest Common Denominators 135
Computing Modular Inversions with the Extended Euclidean Algorithm 137
Adding Negative Number Support to the Huge Number Library 138
Supporting Negative Remainders 147
Making ECC Work with Whole Integers: Elliptic-Curve Cryptography over Fp 150
Reimplementing Diffie-Hellman to Use ECC Primitives 150
Why Elliptic-Curve Cryptography? 154
Chapter 4 Authenticating Communications Using Digital Signatures 157
Using Message Digests to Create Secure Document Surrogates 158
Implementing the MD5 Digest Algorithm 159
Understanding MD 5 160
A Secure Hashing Example 161
Securely Hashing a Single Block of Data 166
MD5 Vulnerabilities 169
Increasing Collision Resistance with the SHA- 1
Digest Algorithm 171
Understanding SHA-1 Block Computation 171
Understanding the SHA-1 Input Processing Function 174
Understanding SHA-1 Finalization 176
Even More Collision Resistance with the SHA- 256
Digest Algorithm 180
Preventing Replay Attacks with the HMAC Keyed-Hash Algorithm 184
Implementing a Secure HMAC Algorithm 186
Completing the HMAC Operation 190
Creating Updateable Hash Functions 190
Defining a Digest Structure 191
Appending the Length to the Last Block 194
Computing the MD5 Hash of an Entire File 196
Where Does All of This Fit into SSL? 200
Understanding Digital Signature Algorithm (DSA) Signatures 201
Implementing Sender-Side DSA Signature Generation 202
Implementing Receiver-Side DSA Signature Verification 205
How to Make DSA Efficient 209
Getting More Security per Bit: Elliptic Curve DSA 210
Rewriting the Elliptic-Curve Math Functions to Support Large Numbers 211
Implementing ECDSA 215
Generating ECC Keypairs 218
Chapter 5 Creating a Network of Trust Using X.509 Certificates 221
Putting It Together: The Secure Channel Protocol 222
Encoding with ASN.1 225
Understanding Signed Certificate Structure 225
Version 226
serialNumber 227
signature 227
issuer 229
validity 232
subject 233
subjectPublicKeyInfo 235
extensions 237
Signed Certificates 238
Summary of X.509 Certificates 241
Transmitting Certificates with ASN.1 Distinguished Encoding Rules (DER) 241
Encoded Values 241
Strings and Dates 242
Bit Strings 243
Sequences and Sets: Grouping and Nesting ASN.1 Values 243
ASN.1 Explicit Tags 244
A Real-World Certificate Example 244
Using OpenSSL to Generate an RSA KeyPair and Certificate 244
Using OpenSSL to Generate a DSA KeyPair and Certificate 251
Developing an ASN.1 Parser 252
Converting a Byte Stream into an ASN.1 Structure 252
The asn1parse Code in Action 259
Turning a Parsed ASN.1 Structure into X.509 Certificate Components 264
Joining the X.509 Components into a Completed X. 509 Certificate Structure 268
Parsing Object Identifiers (OIDs) 270
Parsing Distinguished Names 271
Parsing Certificate Extensions 275
Signature Verification 279
Validating PKCS #7-Formatted RSA Signatures 280
Verifying a Self-Signed Certificate 281
Adding DSA Support to the Certificate Parser 286
Managing Certificates 292
How Authorities Handle Certificate Signing Requests (CSRs) 292
Correlating Public and Private Keys Using PKCS # 12
Formatting 293
Blacklisting Compromised Certificates Using Certificate Revocation Lists (CRLs) 294
Keeping Certificate Blacklists Up-to-Date with the Online Certificate Status Protocol (OCSP) 295
Other Problems with Certificates 296
Chapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297
Implementing the TLS 1.0 Handshake (Client Perspective) 299
Adding TLS Support to the HTTP Client 300
Understanding the TLS Handshake Procedure 303
TLS Client Hello 304
Tracking the Handshake State in the TLSParameters Structure 304
Describing Cipher Suites 308
Flattening and Sending the Client Hello Structure 309
TLS Server Hello 316
Adding a Receive Loop 317
Sending Alerts 318
Parsing the Server Hello Structure 319
Reporting Server Alerts 323
TLS Certificate 324
TLS Server Hello Done 328
TLS Client Key Exchange 329
Sharing Secrets Using TLS PRF (Pseudo-Random Function) 329
Creating Reproducible, Unpredictable Symmetric Keys with Master Secret Computation 336
RSA Key Exchange 337
Diffie-Hellman Key Exchange 343
TLS Change Cipher Spec 344
TLS Finished 346
Computing the Verify Message 347
Correctly Receiving the Finished Message 352
Secure Data Transfer with TLS 353
Assigning Sequence Numbers 353
Supporting Outgoing Encryption 355
Adding Support for Stream Ciphers 358
Updating Each Invocation of send_message 359
Decrypting and Authenticating 361
TLS Send 364
TLS Receive 365
Implementing TLS Shutdown 368
Examining HTTPS End-to-end Examples (TLS 1.0) 369
Dissecting the Client Hello Request 370
Dissecting the Server Response Messages 372
Dissecting the Key Exchange Message 373
Decrypting the Encrypted Exchange 374
Exchanging Application Data 377
Differences Between SSL 3.0 and TLS 1.0 378
Differences Between TLS 1.0 and TLS 1.1 379
Chapter 7 Adding Server-Side TLS 1.0 Support 381
Implementing the TLS 1.0 Handshake from the Server's Perspective 381
TLS Client Hello 387
TLS Server Hello 390
TLS Certificate 391
TLS Server Hello Done 393
TLS Client Key Exchange 394
RSA Key Exchange and Private Key Location 395
Supporting Encrypted Private Key Files 399
Checking That Decryption was Successful 406
Completing the Key Exchange 407
TLS Change Cipher Spec 409
TLS Finished 409
Avoiding Common Pitfalls When Adding HTTPS Support to a Server 411
When a Browser Displays Errors: Browser Trust Issues 412
Chapter 8 Advanced SSL Topics 415
Passing Additional Information with Client Hello Extensions 415
Safely Reusing Key Material with Session Resumption 420
Adding Session Resumption on the Client Side 421
Requesting Session Resumption 422
Adding Session Resumption Logic to the Client 422
Restoring the Previous Session's Master Secret 424
Testing Session Resumption 425
Viewing a Resumed Session 427
Adding Session Resumption on the Server Side 428
Assigning a Unique Session ID to Each Session 429
Adding Session ID Storage 429
Modifying parse_client_hello to Recognize Session Resumption Requests 433
Drawbacks of This Implementation 435
Avoiding Fixed Parameters with Ephemeral Key Exchange 436
Supporting the TLS Server Key Exchange Message 437
Authenticating the Server Key Exchange Message 439
Examining an Ephemeral Key Exchange Handshake 442
Verifying Identity with Client Authentication 448
Supporting the CertificateRequest Message 449
Adding Certificate Request Parsing Capability for the Client 450
Handling the Certificate Request 452
...Erscheinungsjahr: | 2011 |
---|---|
Fachbereich: | Datenkommunikation, Netze & Mailboxen |
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 704 S. |
ISBN-13: | 9780470920411 |
ISBN-10: | 0470920416 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Davies, Joshua |
Hersteller: |
Wiley
John Wiley & Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 235 x 191 x 38 mm |
Von/Mit: | Joshua Davies |
Erscheinungsdatum: | 11.01.2011 |
Gewicht: | 1,295 kg |