標(biāo)準(zhǔn)解讀

《GM/T 0129-2023 SSH 密碼協(xié)議規(guī)范》是由國(guó)家密碼管理局發(fā)布的標(biāo)準(zhǔn),旨在為基于SSH(Secure Shell)協(xié)議的安全通信提供密碼技術(shù)要求。該標(biāo)準(zhǔn)適用于需要利用SSH協(xié)議進(jìn)行安全遠(yuǎn)程登錄、文件傳輸?shù)葓?chǎng)景下的信息系統(tǒng)。

根據(jù)文檔內(nèi)容,《GM/T 0129-2023 SSH 密碼協(xié)議規(guī)范》主要定義了以下幾個(gè)方面的要求:

  • 密碼算法:規(guī)定了在SSH協(xié)議中可使用的加密算法、消息認(rèn)證碼算法、密鑰交換算法以及數(shù)字簽名算法等。這些算法的選擇需符合中國(guó)國(guó)家密碼局的相關(guān)標(biāo)準(zhǔn)與要求。
  • 密鑰管理:明確了密鑰生成、分發(fā)、存儲(chǔ)及銷(xiāo)毀過(guò)程中應(yīng)遵循的原則和方法。包括但不限于對(duì)稱(chēng)密鑰的生命周期管理、非對(duì)稱(chēng)密鑰對(duì)的創(chuàng)建與撤銷(xiāo)流程等。
  • 身份驗(yàn)證機(jī)制:描述了客戶(hù)端與服務(wù)器之間進(jìn)行身份驗(yàn)證時(shí)所采用的方法和技術(shù)細(xì)節(jié)。支持多種驗(yàn)證方式,如公鑰驗(yàn)證、密碼驗(yàn)證等,并強(qiáng)調(diào)使用強(qiáng)密碼策略的重要性。
  • 數(shù)據(jù)完整性保護(hù):通過(guò)引入特定的消息認(rèn)證碼算法來(lái)保證傳輸數(shù)據(jù)的完整性,防止數(shù)據(jù)被篡改或偽造。
  • 安全配置指南:給出了關(guān)于如何正確配置SSH服務(wù)以提高其安全性的一系列建議,比如禁用不安全的協(xié)議版本、限制訪(fǎng)問(wèn)權(quán)限等措施。
  • 實(shí)現(xiàn)指導(dǎo)原則:為開(kāi)發(fā)者提供了在具體實(shí)現(xiàn)SSH協(xié)議時(shí)應(yīng)注意的一些基本原則和最佳實(shí)踐,幫助確保最終產(chǎn)品能夠滿(mǎn)足高標(biāo)準(zhǔn)的安全需求。

此標(biāo)準(zhǔn)還包含了詳細(xì)的附錄部分,用于列舉推薦使用的密碼算法列表及其參數(shù)設(shè)置、示例代碼等內(nèi)容,以便于相關(guān)從業(yè)人員參考實(shí)施。


如需獲取更多詳盡信息,請(qǐng)直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標(biāo)準(zhǔn)文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2023-12-04 頒布
  • 2024-06-01 實(shí)施
?正版授權(quán)
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第1頁(yè)
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第2頁(yè)
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第3頁(yè)
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第4頁(yè)
GM/T 0129-2023SSH 密碼協(xié)議規(guī)范_第5頁(yè)
已閱讀5頁(yè),還剩23頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

GM/T 0129-2023SSH 密碼協(xié)議規(guī)范-免費(fèi)下載試讀頁(yè)

文檔簡(jiǎn)介

ICS35.030

CCSL80

中華人民共和國(guó)密碼行業(yè)標(biāo)準(zhǔn)

GM/T0129—2023

SSH密碼協(xié)議規(guī)范

Secureshellcryptographyprotocolspecification

2023?12?04發(fā)布2024?06?01實(shí)施

國(guó)家密碼管理局發(fā)布

GM/T0129—2023

目次

前言··························································································································Ⅲ

引言··························································································································Ⅳ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術(shù)語(yǔ)和定義··············································································································1

4縮略語(yǔ)····················································································································1

5協(xié)議框架·················································································································1

5.1協(xié)議概述···········································································································1

5.2傳輸層協(xié)議········································································································2

5.3鑒別協(xié)議···········································································································2

5.4連接協(xié)議···········································································································2

6密碼算法和密鑰種類(lèi)··································································································2

6.1密碼算法···········································································································2

6.2密鑰種類(lèi)···········································································································2

7數(shù)據(jù)類(lèi)型定義···········································································································3

7.1算法標(biāo)識(shí)···········································································································3

7.2基本數(shù)據(jù)類(lèi)型·····································································································3

8傳輸層協(xié)議··············································································································3

8.1協(xié)議概述···········································································································3

8.2協(xié)議流程···········································································································4

8.3協(xié)議版本···········································································································4

8.4數(shù)據(jù)包··············································································································4

8.5密鑰協(xié)商···········································································································7

8.6服務(wù)請(qǐng)求···········································································································9

8.7斷開(kāi)連接···········································································································9

9鑒別協(xié)議···············································································································10

9.1協(xié)議概述··········································································································10

9.2協(xié)議流程··········································································································11

9.3數(shù)據(jù)包·············································································································11

9.4基于口令的鑒別方法···························································································13

9.5基于非對(duì)稱(chēng)密鑰的鑒別方法··················································································13

9.6基于數(shù)字證書(shū)的鑒別方法·····················································································14

GM/T0129—2023

10連接協(xié)議··············································································································15

10.1協(xié)議概述········································································································15

10.2連接信道········································································································15

10.3數(shù)據(jù)包···········································································································16

參考文獻(xiàn)····················································································································18

GM/T0129—2023

前言

本文件按照GB/T1.1—2020《標(biāo)準(zhǔn)化工作導(dǎo)則第1部分:標(biāo)準(zhǔn)化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

請(qǐng)注意本文件的某些內(nèi)容可能涉及專(zhuān)利。本文件的發(fā)布機(jī)構(gòu)不承擔(dān)識(shí)別專(zhuān)利的責(zé)任。

本文件由密碼行業(yè)標(biāo)準(zhǔn)化技術(shù)委員會(huì)提出并歸口。

本文件起草單位:北京小雷科技有限公司、北京海泰方圓科技股份有限公司、北京數(shù)字認(rèn)證股份有

限公司、格爾軟件股份有限公司、中電科網(wǎng)絡(luò)安全科技股份有限公司、興唐通信科技有限公司、北京信

安世紀(jì)科技股份有限公司、長(zhǎng)春吉大正元信息技術(shù)股份有限公司、北京數(shù)盾信息科技有限公司。

本文件主要起草人:曾宇波、柳增壽、蔣紅宇、傅大鵬、鄭強(qiáng)、羅俊、王妮娜、汪宗斌、趙麗麗、張國(guó)慶。

GM/T0129—2023

引言

本文件的協(xié)議內(nèi)容參考TheSecureShell安全協(xié)議(RFC4251,RFC4252,RFC4253,RFC4254),

按照我國(guó)相關(guān)密碼政策和法規(guī),基于我國(guó)密碼技術(shù)體系,使用SM2、SM3、SM4密碼算法和數(shù)字證書(shū)機(jī)

制形成SSH傳輸層協(xié)議、鑒別協(xié)議和連接協(xié)議。

GM/T0129—2023

SSH密碼協(xié)議規(guī)范

1范圍

本文件規(guī)定了SSH的安全交互密碼協(xié)議,規(guī)定了交互通道的加密傳輸協(xié)議、鑒別協(xié)議與連接協(xié)

議,規(guī)定了密碼算法在協(xié)議中的使用方法。

本文件適用于SSH服務(wù)端和SSH客戶(hù)端產(chǎn)品的研發(fā)和檢測(cè)。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過(guò)文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中,注日期的引用文

件,僅該日期對(duì)應(yīng)的版本適用于本文件;不注日期的引用文件,其最新版本(包括所有的修改單)適用于

本文件。

GB/T15852.1信息技術(shù)安全技術(shù)消息鑒別碼第1部分:采用分組密碼的機(jī)制

GB/T15852.2信息技術(shù)安全技術(shù)消息鑒別碼第

溫馨提示

  • 1. 本站所提供的標(biāo)準(zhǔn)文本僅供個(gè)人學(xué)習(xí)、研究之用,未經(jīng)授權(quán),嚴(yán)禁復(fù)制、發(fā)行、匯編、翻譯或網(wǎng)絡(luò)傳播等,侵權(quán)必究。
  • 2. 本站所提供的標(biāo)準(zhǔn)均為PDF格式電子版文本(可閱讀打?。?,因數(shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務(wù)。
  • 3. 標(biāo)準(zhǔn)文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁(yè),非文檔質(zhì)量問(wèn)題。

最新文檔

評(píng)論

0/150

提交評(píng)論