標(biāo)準(zhǔn)解讀
《GM/T 0129-2023 SSH 密碼協(xié)議規(guī)范》是由國家密碼管理局發(fā)布的標(biāo)準(zhǔn),旨在為基于SSH(Secure Shell)協(xié)議的安全通信提供密碼技術(shù)要求。該標(biāo)準(zhǔn)適用于需要利用SSH協(xié)議進行安全遠程登錄、文件傳輸?shù)葓鼍跋碌男畔⑾到y(tǒng)。
根據(jù)文檔內(nèi)容,《GM/T 0129-2023 SSH 密碼協(xié)議規(guī)范》主要定義了以下幾個方面的要求:
- 密碼算法:規(guī)定了在SSH協(xié)議中可使用的加密算法、消息認證碼算法、密鑰交換算法以及數(shù)字簽名算法等。這些算法的選擇需符合中國國家密碼局的相關(guān)標(biāo)準(zhǔn)與要求。
- 密鑰管理:明確了密鑰生成、分發(fā)、存儲及銷毀過程中應(yīng)遵循的原則和方法。包括但不限于對稱密鑰的生命周期管理、非對稱密鑰對的創(chuàng)建與撤銷流程等。
- 身份驗證機制:描述了客戶端與服務(wù)器之間進行身份驗證時所采用的方法和技術(shù)細節(jié)。支持多種驗證方式,如公鑰驗證、密碼驗證等,并強調(diào)使用強密碼策略的重要性。
- 數(shù)據(jù)完整性保護:通過引入特定的消息認證碼算法來保證傳輸數(shù)據(jù)的完整性,防止數(shù)據(jù)被篡改或偽造。
- 安全配置指南:給出了關(guān)于如何正確配置SSH服務(wù)以提高其安全性的一系列建議,比如禁用不安全的協(xié)議版本、限制訪問權(quán)限等措施。
- 實現(xiàn)指導(dǎo)原則:為開發(fā)者提供了在具體實現(xiàn)SSH協(xié)議時應(yīng)注意的一些基本原則和最佳實踐,幫助確保最終產(chǎn)品能夠滿足高標(biāo)準(zhǔn)的安全需求。
此標(biāo)準(zhǔn)還包含了詳細的附錄部分,用于列舉推薦使用的密碼算法列表及其參數(shù)設(shè)置、示例代碼等內(nèi)容,以便于相關(guān)從業(yè)人員參考實施。
如需獲取更多詳盡信息,請直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標(biāo)準(zhǔn)文檔。
....
查看全部
- 現(xiàn)行
- 正在執(zhí)行有效
- 2023-12-04 頒布
- 2024-06-01 實施
文檔簡介
ICS35.030
CCSL80
中華人民共和國密碼行業(yè)標(biāo)準(zhǔn)
GM/T0129—2023
SSH密碼協(xié)議規(guī)范
Secureshellcryptographyprotocolspecification
2023?12?04發(fā)布2024?06?01實施
國家密碼管理局發(fā)布
GM/T0129—2023
目次
前言··························································································································Ⅲ
引言··························································································································Ⅳ
1范圍·······················································································································1
2規(guī)范性引用文件········································································································1
3術(shù)語和定義··············································································································1
4縮略語····················································································································1
5協(xié)議框架·················································································································1
5.1協(xié)議概述···········································································································1
5.2傳輸層協(xié)議········································································································2
5.3鑒別協(xié)議···········································································································2
5.4連接協(xié)議···········································································································2
6密碼算法和密鑰種類··································································································2
6.1密碼算法···········································································································2
6.2密鑰種類···········································································································2
7數(shù)據(jù)類型定義···········································································································3
7.1算法標(biāo)識···········································································································3
7.2基本數(shù)據(jù)類型·····································································································3
8傳輸層協(xié)議··············································································································3
8.1協(xié)議概述···········································································································3
8.2協(xié)議流程···········································································································4
8.3協(xié)議版本···········································································································4
8.4數(shù)據(jù)包··············································································································4
8.5密鑰協(xié)商···········································································································7
8.6服務(wù)請求···········································································································9
8.7斷開連接···········································································································9
9鑒別協(xié)議···············································································································10
9.1協(xié)議概述··········································································································10
9.2協(xié)議流程··········································································································11
9.3數(shù)據(jù)包·············································································································11
9.4基于口令的鑒別方法···························································································13
9.5基于非對稱密鑰的鑒別方法··················································································13
9.6基于數(shù)字證書的鑒別方法·····················································································14
Ⅰ
GM/T0129—2023
10連接協(xié)議··············································································································15
10.1協(xié)議概述········································································································15
10.2連接信道········································································································15
10.3數(shù)據(jù)包···········································································································16
參考文獻····················································································································18
Ⅱ
GM/T0129—2023
前言
本文件按照GB/T1.1—2020《標(biāo)準(zhǔn)化工作導(dǎo)則第1部分:標(biāo)準(zhǔn)化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)
定起草。
請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機構(gòu)不承擔(dān)識別專利的責(zé)任。
本文件由密碼行業(yè)標(biāo)準(zhǔn)化技術(shù)委員會提出并歸口。
本文件起草單位:北京小雷科技有限公司、北京海泰方圓科技股份有限公司、北京數(shù)字認證股份有
限公司、格爾軟件股份有限公司、中電科網(wǎng)絡(luò)安全科技股份有限公司、興唐通信科技有限公司、北京信
安世紀(jì)科技股份有限公司、長春吉大正元信息技術(shù)股份有限公司、北京數(shù)盾信息科技有限公司。
本文件主要起草人:曾宇波、柳增壽、蔣紅宇、傅大鵬、鄭強、羅俊、王妮娜、汪宗斌、趙麗麗、張國慶。
Ⅲ
GM/T0129—2023
引言
本文件的協(xié)議內(nèi)容參考TheSecureShell安全協(xié)議(RFC4251,RFC4252,RFC4253,RFC4254),
按照我國相關(guān)密碼政策和法規(guī),基于我國密碼技術(shù)體系,使用SM2、SM3、SM4密碼算法和數(shù)字證書機
制形成SSH傳輸層協(xié)議、鑒別協(xié)議和連接協(xié)議。
Ⅳ
GM/T0129—2023
SSH密碼協(xié)議規(guī)范
1范圍
本文件規(guī)定了SSH的安全交互密碼協(xié)議,規(guī)定了交互通道的加密傳輸協(xié)議、鑒別協(xié)議與連接協(xié)
議,規(guī)定了密碼算法在協(xié)議中的使用方法。
本文件適用于SSH服務(wù)端和SSH客戶端產(chǎn)品的研發(fā)和檢測。
2規(guī)范性引用文件
下列文件中的內(nèi)容通過文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中,注日期的引用文
件,僅該日期對應(yīng)的版本適用于本文件;不注日期的引用文件,其最新版本(包括所有的修改單)適用于
本文件。
GB/T15852.1信息技術(shù)安全技術(shù)消息鑒別碼第1部分:采用分組密碼的機制
GB/T15852.2信息技術(shù)安全技術(shù)消息鑒別碼第
溫馨提示
- 1. 本站所提供的標(biāo)準(zhǔn)文本僅供個人學(xué)習(xí)、研究之用,未經(jīng)授權(quán),嚴(yán)禁復(fù)制、發(fā)行、匯編、翻譯或網(wǎng)絡(luò)傳播等,侵權(quán)必究。
- 2. 本站所提供的標(biāo)準(zhǔn)均為PDF格式電子版文本(可閱讀打?。?,因數(shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務(wù)。
- 3. 標(biāo)準(zhǔn)文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。
最新文檔
- 智能物聯(lián)網(wǎng)面試題目及答案
- 運行協(xié)同制度
- 2026年及未來5年市場數(shù)據(jù)中國甘肅省文旅行業(yè)市場深度分析及發(fā)展趨勢預(yù)測報告
- 路燈管護制度
- 試論我國離婚經(jīng)濟補償制度
- 行政處罰案件預(yù)警制度
- 2025年泰安下半年事業(yè)編考試及答案
- 2025年建行24年校招筆試及答案
- 2025年豪森PV筆試及答案
- 2025年天津文職考試筆試題及答案
- 員工解除競業(yè)協(xié)議通知書
- 【語文】太原市小學(xué)一年級上冊期末試題(含答案)
- 儲能電站員工轉(zhuǎn)正述職報告
- 靜脈炎處理方法
- 醫(yī)院網(wǎng)絡(luò)安全建設(shè)規(guī)劃
- 不銹鋼護欄施工方案范文
- 商業(yè)地產(chǎn)物業(yè)管理運營手冊
- 2025及未來5年中國天然植物粉市場調(diào)查、數(shù)據(jù)監(jiān)測研究報告
- 焦?fàn)t安全生產(chǎn)規(guī)程講解
- 關(guān)鍵崗位人員風(fēng)險管控與預(yù)警體系
- 加班工時管控改善方案
評論
0/150
提交評論