標(biāo)準(zhǔn)解讀

《GM/T 0129-2023 SSH 密碼協(xié)議規(guī)范》是由國家密碼管理局發(fā)布的標(biāo)準(zhǔn),旨在為基于SSH(Secure Shell)協(xié)議的安全通信提供密碼技術(shù)要求。該標(biāo)準(zhǔn)適用于需要利用SSH協(xié)議進行安全遠程登錄、文件傳輸?shù)葓鼍跋碌男畔⑾到y(tǒng)。

根據(jù)文檔內(nèi)容,《GM/T 0129-2023 SSH 密碼協(xié)議規(guī)范》主要定義了以下幾個方面的要求:

  • 密碼算法:規(guī)定了在SSH協(xié)議中可使用的加密算法、消息認證碼算法、密鑰交換算法以及數(shù)字簽名算法等。這些算法的選擇需符合中國國家密碼局的相關(guān)標(biāo)準(zhǔn)與要求。
  • 密鑰管理:明確了密鑰生成、分發(fā)、存儲及銷毀過程中應(yīng)遵循的原則和方法。包括但不限于對稱密鑰的生命周期管理、非對稱密鑰對的創(chuàng)建與撤銷流程等。
  • 身份驗證機制:描述了客戶端與服務(wù)器之間進行身份驗證時所采用的方法和技術(shù)細節(jié)。支持多種驗證方式,如公鑰驗證、密碼驗證等,并強調(diào)使用強密碼策略的重要性。
  • 數(shù)據(jù)完整性保護:通過引入特定的消息認證碼算法來保證傳輸數(shù)據(jù)的完整性,防止數(shù)據(jù)被篡改或偽造。
  • 安全配置指南:給出了關(guān)于如何正確配置SSH服務(wù)以提高其安全性的一系列建議,比如禁用不安全的協(xié)議版本、限制訪問權(quán)限等措施。
  • 實現(xiàn)指導(dǎo)原則:為開發(fā)者提供了在具體實現(xiàn)SSH協(xié)議時應(yīng)注意的一些基本原則和最佳實踐,幫助確保最終產(chǎn)品能夠滿足高標(biāo)準(zhǔn)的安全需求。

此標(biāo)準(zhǔn)還包含了詳細的附錄部分,用于列舉推薦使用的密碼算法列表及其參數(shù)設(shè)置、示例代碼等內(nèi)容,以便于相關(guān)從業(yè)人員參考實施。


如需獲取更多詳盡信息,請直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標(biāo)準(zhǔn)文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2023-12-04 頒布
  • 2024-06-01 實施
?正版授權(quán)
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第1頁
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第2頁
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第3頁
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第4頁
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第5頁
已閱讀5頁,還剩23頁未讀, 繼續(xù)免費閱讀

下載本文檔

GM/T 0129-2023SSH 密碼協(xié)議規(guī)范-免費下載試讀頁

文檔簡介

ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標(biāo)準(zhǔn)

GM/T0129—2023

SSH密碼協(xié)議規(guī)范

Secureshellcryptographyprotocolspecification

2023?12?04發(fā)布2024?06?01實施

國家密碼管理局發(fā)布

GM/T0129—2023

目次

前言··························································································································Ⅲ

引言··························································································································Ⅳ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術(shù)語和定義··············································································································1

4縮略語····················································································································1

5協(xié)議框架·················································································································1

5.1協(xié)議概述···········································································································1

5.2傳輸層協(xié)議········································································································2

5.3鑒別協(xié)議···········································································································2

5.4連接協(xié)議···········································································································2

6密碼算法和密鑰種類··································································································2

6.1密碼算法···········································································································2

6.2密鑰種類···········································································································2

7數(shù)據(jù)類型定義···········································································································3

7.1算法標(biāo)識···········································································································3

7.2基本數(shù)據(jù)類型·····································································································3

8傳輸層協(xié)議··············································································································3

8.1協(xié)議概述···········································································································3

8.2協(xié)議流程···········································································································4

8.3協(xié)議版本···········································································································4

8.4數(shù)據(jù)包··············································································································4

8.5密鑰協(xié)商···········································································································7

8.6服務(wù)請求···········································································································9

8.7斷開連接···········································································································9

9鑒別協(xié)議···············································································································10

9.1協(xié)議概述··········································································································10

9.2協(xié)議流程··········································································································11

9.3數(shù)據(jù)包·············································································································11

9.4基于口令的鑒別方法···························································································13

9.5基于非對稱密鑰的鑒別方法··················································································13

9.6基于數(shù)字證書的鑒別方法·····················································································14

GM/T0129—2023

10連接協(xié)議··············································································································15

10.1協(xié)議概述········································································································15

10.2連接信道········································································································15

10.3數(shù)據(jù)包···········································································································16

參考文獻····················································································································18

GM/T0129—2023

前言

本文件按照GB/T1.1—2020《標(biāo)準(zhǔn)化工作導(dǎo)則第1部分:標(biāo)準(zhǔn)化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機構(gòu)不承擔(dān)識別專利的責(zé)任。

本文件由密碼行業(yè)標(biāo)準(zhǔn)化技術(shù)委員會提出并歸口。

本文件起草單位:北京小雷科技有限公司、北京海泰方圓科技股份有限公司、北京數(shù)字認證股份有

限公司、格爾軟件股份有限公司、中電科網(wǎng)絡(luò)安全科技股份有限公司、興唐通信科技有限公司、北京信

安世紀(jì)科技股份有限公司、長春吉大正元信息技術(shù)股份有限公司、北京數(shù)盾信息科技有限公司。

本文件主要起草人:曾宇波、柳增壽、蔣紅宇、傅大鵬、鄭強、羅俊、王妮娜、汪宗斌、趙麗麗、張國慶。

GM/T0129—2023

引言

本文件的協(xié)議內(nèi)容參考TheSecureShell安全協(xié)議(RFC4251,RFC4252,RFC4253,RFC4254),

按照我國相關(guān)密碼政策和法規(guī),基于我國密碼技術(shù)體系,使用SM2、SM3、SM4密碼算法和數(shù)字證書機

制形成SSH傳輸層協(xié)議、鑒別協(xié)議和連接協(xié)議。

GM/T0129—2023

SSH密碼協(xié)議規(guī)范

1范圍

本文件規(guī)定了SSH的安全交互密碼協(xié)議,規(guī)定了交互通道的加密傳輸協(xié)議、鑒別協(xié)議與連接協(xié)

議,規(guī)定了密碼算法在協(xié)議中的使用方法。

本文件適用于SSH服務(wù)端和SSH客戶端產(chǎn)品的研發(fā)和檢測。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中,注日期的引用文

件,僅該日期對應(yīng)的版本適用于本文件;不注日期的引用文件,其最新版本(包括所有的修改單)適用于

本文件。

GB/T15852.1信息技術(shù)安全技術(shù)消息鑒別碼第1部分:采用分組密碼的機制

GB/T15852.2信息技術(shù)安全技術(shù)消息鑒別碼第

溫馨提示

  • 1. 本站所提供的標(biāo)準(zhǔn)文本僅供個人學(xué)習(xí)、研究之用,未經(jīng)授權(quán),嚴(yán)禁復(fù)制、發(fā)行、匯編、翻譯或網(wǎng)絡(luò)傳播等,侵權(quán)必究。
  • 2. 本站所提供的標(biāo)準(zhǔn)均為PDF格式電子版文本(可閱讀打?。?,因數(shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務(wù)。
  • 3. 標(biāo)準(zhǔn)文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。

評論

0/150

提交評論