PAL.C.T MINI SHELL
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>SSL/TLS æå·å: ã¯ããã« - Apache HTTP ãµãŒã ããŒãžã§ã³ 2.4</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
<script src="../style/scripts/prettify.min.js" type="text/javascript">
</script>
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="../mod/">ã¢ãžã¥ãŒã«</a> | <a href="../mod/directives.html">ãã£ã¬ã¯ãã£ã</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">çšèª</a> | <a href="../sitemap.html">ãµã€ãããã</a></p>
<p class="apache">Apache HTTP ãµãŒã ããŒãžã§ã³ 2.4</p>
<img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP ãµãŒã</a> > <a href="http://httpd.apache.org/docs/">ããã¥ã¡ã³ããŒã·ã§ã³</a> > <a href="../">ããŒãžã§ã³ 2.4</a> > <a href="./">SSL/TLS</a></div><div id="page-content"><div id="preamble"><h1>SSL/TLS æå·å: ã¯ããã«</h1>
<div class="toplang">
<p><span>翻蚳æžã¿èšèª: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/ssl/ssl_intro.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p>
</div>
<div class="outofdate">ãã®æ¥æ¬èªèš³ã¯ãã§ã«å€ããªã£ãŠãã
å¯èœæ§ããããŸãã
æè¿æŽæ°ãããå
容ãèŠãã«ã¯è±èªçãã芧äžããã
</div>
<blockquote>
<p>æšæºèŠæ Œã®è¯ãæã¯ãããããã®èŠæ Œããéžã¹ããšããããšã ã
ãããŠãããæ¬åœã«ã©ã®èŠæ Œãæ°ã«å
¥ããªããã°ã
äžå¹ŽåŸ
ã€ã ãã§æ¢ããŠããèŠæ ŒãçŸããã</p>
<p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to
Computer Networks"</p>
</blockquote>
<p>
å
¥éãšããããšã§ããã®ç« 㯠WebãHTTPãApache ã«éããŠãã
èªè
åãã§ãããã»ãã¥ãªãã£å°é家åãã§ã¯ãããŸããã
SSL ãããã³ã«ã®æ±ºå®çãªæåŒãã§ããã€ããã¯ãããŸããã
ãŸããçµç¹å
ã®èªèšŒç®¡çã®ããã®ç¹å®ã®ãã¯ããã¯ãã
ç¹èš±ã茞åºèŠå¶ãªã©ã®éèŠãªæ³çãªåé¡ã«ã€ããŠãæ±ããŸããã
ããããæŽãªãç 究ãžã®åºçºç¹ãšããŠè²ã
ãªæŠå¿µãå®çŸ©ãäŸã䞊ã¹ãããšã§
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ã®ãŠãŒã¶ã«åºç€ç¥èãæäŸããäºãç®çãšããŠããŸãã</p>
<p>ããã«ç€ºãããå
容ã¯äž»ã«ãåèè
ã®èš±å¯ã®äž
The Open Group Research Institute ã® <a href="http://home.earthlink.net/~fjhirsch/">Frederick J. Hirsch</a>
æ°ã®èšäº <a href="http://home.earthlink.net/~fjhirsch/Papers/wwwj/">
Introducing SSL and Certificates using SSLeay</a> ãåºã«ããŠããŸãã
æ°ã®èšäºã¯ <a href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of
Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997
ã«æ²èŒãããŸããã
è¯å®çãªæèŠã¯ <a href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> æ°
(å
èšäºã®èè
) ãžå
šãŠã®èŠæ
㯠<a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ã®äœè
) ãžãé¡ãããŸãã
<span class="transnote">(<em>蚳泚:</em> èš³ã«ã€ããŠã¯ <a href="mailto:apache-docs@ml.apache.or.jp">
Apache ããã¥ã¡ã³ã翻蚳ãããžã§ã¯ã</a>
ãžãé¡ãããŸãã)</span></p>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#cryptographictech">æå·åæè¡</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#certificates">蚌ææž</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ssl">Secure Sockets Layer (SSL)</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#references">åèæç®</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">ã³ã¡ã³ã</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="cryptographictech" id="cryptographictech">æå·åæè¡</a></h2>
<p>SSL ãç解ããã«ã¯ãæå·ã¢ã«ãŽãªãºã ã
ã¡ãã»ãŒãžãã€ãžã§ã¹ãé¢æ°(å¥å: äžæ¹åé¢æ°ãããã·ã¥é¢æ°)ã
é»å眲åãªã©ãžã®ç解ãå¿
èŠã§ãã
ãããã®æè¡ã¯æ¬ãäžžããšå¿
èŠãªé¡ç®ã§
(äŸãã° [<a href="#AC96">AC96</a>] ãåç
§)ã
ãã©ã€ãã·ãŒãä¿¡çšãèªèšŒãªã©ã®æè¡ã®åºç€ãšãªã£ãŠããŸãã</p>
<h3><a name="cryptographicalgo" id="cryptographicalgo">æå·ã¢ã«ãŽãªãºã </a></h3>
<p>äŸãã°ãã¢ãªã¹ãééã®ããã«éè¡ã«ã¡ãã»ãŒãžãéããããšããŸãã
å£åº§çªå·ãééã®éé¡ãå«ãŸããããã
ã¢ãªã¹ã¯ãã®ã¡ãã»ãŒãžãç§å¯ã«ããããšæããŸãã
解決æ¹æ³ã®äžã€ã¯æå·ã¢ã«ãŽãªãºã ã䜿ã£ãŠãã¡ãã»ãŒãžã
埩å·ããããŸã§èªãããšãã§ããªãæå·åããã
圢æ
ã«å€ããŠããŸãããšã§ãã
ãã®åœ¢æ
ã«ãªããšã
ã¡ãã»ãŒãžã¯ç§å¯ã®éµã«ãã£ãŠã®ã¿åŸ©å·åããããšãã§ããŸãã
éµãªãã§ã¯ãã¡ãã»ãŒãžã¯åœ¹ã«ç«ã¡ãŸããã
è¯ãæå·ã¢ã«ãŽãªãºã ã¯ã䟵å
¥è
ãå
ã®ããã¹ãã解èªããããšã
éåžžã«é£ãããããããåªåãå²ã«åããªããããŸãã</p>
<p>æå·ã¢ã«ãŽãªãºã ã«ã¯
åŸæ¥åãšå
¬ééµã®äºã€ã®çš®é¡ããããŸãã</p>
<dl>
<dt>åŸæ¥åæå·</dt>
<dd>察称æå·ãšããŠãç¥ããã
éä¿¡è
ãšåä¿¡è
ãéµãå
±æããããšãå¿
èŠã§ãã
éµãšã¯ãã¡ãã»ãŒãžãæå·åããã埩å·ããã®ã«äœ¿ãããç§å¯
ã®æ
å ±ã®ããšã§ãã
ãã®éµãç§å¯ã«ãªã£ãŠããéããéä¿¡è
ãšåä¿¡è
以å€ã¯èª°ãã¡ãã»ãŒãžãèª
ãããšãã§ããŸããã
ããããã¢ãªã¹ãšéè¡ãç§å¯ã®éµãç¥ã£ãŠãããªãã
圌ãã¯ãäºãã«ç§å¯ã®ã¡ãã»ãŒãžãéãããšãã§ããã§ãããã
ãã ã亀信ã®åã«ãäºåã«å
å¯ã«éµãå
±æãããšããäœæ¥èªäœã¯é£é¡ãããããŸããã</dd>
<dt>å
¬ééµæå·</dt>
<dd>é察称æå·ãšããŠãç¥ããã
ã¡ãã»ãŒãžãæå·åããããšã®ã§ããäºã€ã®éµ
ã䜿çšããã¢ã«ãŽãªãºã ãå®çŸ©ããããšã§éµã®ããåãã®åé¡ã解決
ããŸãã
ãããããéµãæå·åã«äœ¿ããããªãã
ããçæ¹ã®éµã§åŸ©å·ããªããã°ãããŸããã
ãã®æ¹åŒã«ãã£ãŠãäžã€ã®éµãå
¬è¡šããŠ(å
¬ééµ)ã
ããçæ¹ãç§å¯ã«ããŠãã(ç§å¯éµ)ã ãã§ã
å®å
šãªã¡ãã»ãŒãžãåãåãããšãã§ããŸãã</dd>
</dl>
<p>å
¬ééµã䜿ã£ãŠèª°ããã¡ãã»ãŒãžãæå·åã§ããŸãããç§
å¯éµã®æã¡äž»ã ãããããèªãããšãã§ããŸãã
ãã®æ¹æ³ã§ãéè¡ã®å
¬ééµã䜿ã£ãŠæå·åããããšã§ã
ã¢ãªã¹ã¯ç§å¯ã®ã¡ãã»ãŒãžãéãããšãã§ããŸãã
éè¡ã®ã¿ãéãããã¡ãã»ãŒãžã埩å·ããããšãã§ããŸãã</p>
<h3><a name="messagedigests" id="messagedigests">ã¡ãã»ãŒãžãã€ãžã§ã¹ã</a></h3>
<p>ã¢ãªã¹ã¯ã¡ãã»ãŒãžãç§å¯ã«ããããšãã§ããŸããã
誰ããäŸãã°èªåã«ééããããã«ã¡ãã»ãŒãžãå€æŽãããã
å¥ã®ãã®ã«çœ®ãæããŠããŸããããããªããšããåé¡ããããŸãã
ã¢ãªã¹ã®ã¡ãã»ãŒãžã ãšããä¿¡ææ§ãä¿èšŒããæ¹æ³ã®äžã€ã¯ã
ã¡ãã»ãŒãžã®ç°¡æœãªãã€ãžã§ã¹ããäœã£ãŠããããéè¡ã«éããšãããã®ã§ãã
ã¡ãã»ãŒãžãåãåããšéè¡åŽã§ããã€ãžã§ã¹ããäœæãã
ã¢ãªã¹ãéã£ããã€ãžã§ã¹ããšæ¯ã¹ãŸããããäžèŽãããªãã
åãåã£ãã¡ãã»ãŒãžã¯ç¡å·ã ãšããããšã«ãªããŸãã</p>
<p>ãã®ãããªèŠçŽã¯<dfn>ã¡ãã»ãŒãžãã€ãžã§ã¹ã</dfn>ã
<em>äžæ¹è¡é¢æ°</em>ããŸãã¯<em>ããã·ã¥é¢æ°</em>ãšåŒã°ããŸãã
ã¡ãã»ãŒãžãã€ãžã§ã¹ãã¯é·ãå¯å€é·ã®ã¡ãã»ãŒãžãã
çãåºå®é·ã®è¡šçŸãäœãã®ã«äœ¿ãããŸãã
ãã€ãžã§ã¹ãã¢ã«ãŽãªãºã ã¯ã¡ãã»ãŒãžãã
äžæãªãã€ãžã§ã¹ããçæããããã«äœãããŠããŸãã
ã¡ãã»ãŒãžãã€ãžã§ã¹ãã¯ãã€ãžã§ã¹ãããå
ã®ã¡ãã»ãŒãžã
å€å®ããã®ããšãŠãé£ããããã«ã§ããŠããŠã
åãèŠçŽãäœæããäºã€ã®ã¡ãã»ãŒãžãæ¢ãã®ã¯(çè«äž)äžå¯èœã§ãã
ããã«ãã£ãŠãèŠçŽãå€æŽããããšãªãã¡ãã»ãŒãžã眮ãæãããã
å¯èœæ§ãæé€ããŠããŸãã</p>
<p>ã¢ãªã¹ãžã®ããäžã€ã®åé¡ã¯ããã®ãã€ãžã§ã¹ããå®å
šã«éãæ¹æ³ãæ¢ãããšã§ãã
ãã€ãžã§ã¹ããå®å
šã«éãããã°ãã€ãžã§ã¹ãã®ä¿¡ææ§ãä¿éãããŠã
ãã€ãžã§ã¹ãã®ä¿¡ææ§ããã£ãŠãªãªãžãã«ã¡ãã»ãŒãžã®ä¿¡ææ§ãåŸãããšãã§ããŸãã
ãã€ãžã§ã¹ããå®å
šã«éã£ãå Žåã«ã®ã¿ããã®ã¡ãã»ãŒãžã®
ä¿¡ææ§ãåŸãããŸãã</p>
<p>ãã€ãžã§ã¹ãå®å
šã«éãæ¹æ³ã®äžã€ã¯ãé»å眲åã«å«ããæ¹æ³ã§ãã</p>
<h3><a name="digitalsignatures" id="digitalsignatures">é»å眲å</a></h3>
<p>ã¢ãªã¹ãéè¡ã«ã¡ãã»ãŒãžãéã£ããšãã
䟵å
¥è
ã圌女ã«ãªãããŸããŠåœŒå¥³ã®å£åº§ãžã®ååŒãç³è«ã§ããªãããã«ã
éè¡åŽã§ã¯ã¡ãã»ãŒãžãæ¬åœã«åœŒå¥³ããã®ãã®ã確å®ã«åããããã«ããªããã°ãªããŸããã
ã¢ãªã¹ã«ãã£ãŠäœæãããŠãã¡ãã»ãŒãžã«å«ãŸãã
<em>é»å眲å</em>ãããã§åœ¹ã«ç«ã¡ãŸãã</p>
<p>é»å眲åã¯ã¡ãã»ãŒãžã®ãã€ãžã§ã¹ãããã®ä»ã®æ
å ±(åŠççªå·ãªã©)ã
éä¿¡è
ã®ç§å¯éµã§æå·åããããšã§äœãããŸãã
誰ããå
¬ééµã䜿ã£ãŠçœ²åã<em>埩å·</em>ããããšãã§ããŸããã
éä¿¡è
ã®ã¿ãç§å¯éµãç¥ã£ãŠããŸãã
ããã¯éä¿¡è
ã®ã¿ã眲åãããããšãæå³ããŸãã
ãã€ãžã§ã¹ããé»å眲åã«å«ãããšã¯ã
ãã®çœ²åããã®ã¡ãã»ãŒãžã®ã¿ã«æå¹ã§ããããšãæå³ããŸãã
ããã¯ã誰ããã€ãžã§ã¹ããå€ããŠçœ²åãããããšãã§ããªãããã
ã¡ãã»ãŒãžã®ä¿¡çšãä¿èšŒããŸãã</p>
<p>䟵å
¥è
ã眲åãååããŠåŸæ¥ã«åå©çšããã®ãé²ããã
é»å眲åã«ã¯äžæãªåŠççªå·ãå«ãŸããŸãã
ããã¯ãã¢ãªã¹ããããªã¡ãã»ãŒãžã¯éã£ãŠããªããšèšãè©æ¬º
ããéè¡ãå®ããŸãã
圌女ã ãã眲åãããããã§ãã(åŠèªé²æ¢)</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="certificates" id="certificates">蚌ææž</a></h2>
<p>ã¢ãªã¹ã¯ç§å¯ã®ã¡ãã»ãŒãžãéè¡ã«éãã
眲åãããŠãã¡ãã»ãŒãžã®ä¿¡çšãä¿èšŒããããšãã§ããããã«ãªããŸãããã
éä¿¡ããŠããçžæãæ¬åœã«éè¡ãªã®ã確ãããªããŠã¯ãããŸããã
ã€ãŸã圌女ã䜿ãããšããŠããå
¬ééµããéè¡ã®ç§å¯éµãšå¯Ÿã«ãªã£ãŠããŠã
䟵å
¥è
ã®ç§å¯éµãšå¯Ÿã«ãªã£ãŠããããã§ã¯ãªãããšã
確ãããªããŠã¯ãããªãããšãæå³ããŠããŸãã
åæ§ã«éè¡ã¯ãã¡ãã»ãŒãžã®çœ²åãæ¬åœã«ã¢ãªã¹ã®æã£ãŠãã
ç§å¯éµã§çœ²åããã眲åãã確èªããå¿
èŠããããŸãã</p>
<p>ããäž¡è
ã«èº«å
ã蚌æããå
¬ééµã確èªãããŸãä¿¡é Œãããæ©é¢ã眲å
ãã蚌ææžãããã°ãäž¡è
ãšãéä¿¡çžæã«ã€ããŠæ£ããçžæã ãš
確信ããããšãã§ããŸãã
ãã®ãããªä¿¡é Œãããæ©é¢ã¯<em>èªèšŒå±</em>
(Certificate Authority ãŸã㯠CA) ãšåŒã°ãã
蚌ææž (certificate) ãèªèšŒ (authentication) ã«äœ¿ãããŸãã</p>
<h3><a name="certificatecontents" id="certificatecontents">蚌ææžã®å
容</a></h3>
<p>蚌ææžã¯å
¬ééµãšå人ããµãŒãããã®ä»ã®äž»äœã®å®åšã®èº«å
ã
é¢é£ä»ããŸãã
<a href="#table1">è¡š1</a>ã«ç€ºãããããã«èšŒæ察象ã®æ
å ±ã¯
身å
蚌æã®æ
å ±(èå¥å)ãšå
¬ééµãå«ãŸããŸãã
蚌ææžã¯ãŸããèªèšŒå±ã®èº«å
蚌æãšçœ²åããããŠèšŒææžã®æå¹æéã
å«ã¿ãŸãã
ã·ãªã¢ã«ãã³ããŒãªã©ã®èªèšŒå±ã®ç®¡çäžã®æ
å ±ã
ãã®ä»ã®è¿œå ã®æ
å ±ãå«ãŸããŠãããããããŸããã</p>
<h4><a name="table1" id="table1">è¡š1: 蚌ææžæ
å ±</a></h4>
<table>
<tr><th>蚌æ察象</th>
<td>èå¥åãå
¬ééµ</td></tr>
<tr><th>çºè¡è
</th>
<td>èå¥åãå
¬ééµ</td></tr>
<tr><th>æå¹æé</th>
<td>éå§æ¥ã倱å¹æ¥</td></tr>
<tr><th>管çæ
å ±</th>
<td>ããŒãžã§ã³ãã·ãªã¢ã«ãã³ããŒ</td></tr>
<tr><th>æ¡åŒµæ
å ±</th>
<td>åºæ¬çãªå¶çŽããããã¹ã±ãŒããã©ãã°ããã®ä»</td></tr>
</table>
<p>èå¥å(ãã£ã¹ãã£ã³ã°ã€ãã·ã¥ã»ããŒã )ã¯ç¹å®ã®ç¶æ³ã«ããã
身å蚌æãæäŸããã®ã«äœ¿ãããŠããŸããäŸãã°ããã人ã¯
ç§çšãšäŒç€Ÿãšã§å¥ã
ã®èº«å蚌æãæã€ãããããŸããã
èå¥å㯠X.509 æšæºèŠæ Œ [<a href="#X509">X509</a>] ã§å®çŸ©ãããŠããŸãã
X.509 æšæºèŠæ Œã¯ãé
ç®ãé
ç®åããããŠé
ç®ã®ç¥ç§°ãå®çŸ©ããŠããŸãã(<a href="#table2">è¡š
2</a> åç
§)</p>
<h4><a name="table2" id="table2">è¡š 2: èå¥åæ
å ±</a></h4>
<table class="bordered">
<tr><th>èå¥åé
ç®</th>
<th>ç¥ç§°</th>
<th>説æ</th>
<th>äŸ</th></tr>
<tr><td>Common Name (ã³ã¢ã³ããŒã )</td>
<td>CN</td>
<td>èªèšŒãããåå<br />
SSLæ¥ç¶ããURL</td>
<td>CN=www.example.com</td></tr>
<tr><td>Organization or Company (çµç¹å)</td>
<td>O</td>
<td>å£äœã®æ£åŒè±èªçµç¹å</td>
<td>O=Example Japan K.K.</td></tr>
<tr><td>Organizational Unit (éšéå)</td>
<td>OU</td>
<td>éšçœ²åãªã©</td>
<td>OU=Customer Service</td></tr>
<tr><td>City/Locality (åžåºçºæ)</td>
<td>L</td>
<td>æåšããŠãåžåºçºæ</td>
<td>L=Sapporo</td></tr>
<tr><td>State/Province (éœéåºç)</td>
<td>ST</td>
<td>æåšããŠãéœéåºç</td>
<td>ST=Hokkaido</td></tr>
<tr><td>Country(åœ)</td>
<td>C</td>
<td>æåšããŠããåœåã® ISO ã³ãŒã<br />
æ¥æ¬ã®å Žå JP
</td>
<td>C=JP</td></tr>
</table>
<p>èªèšŒå±ã¯ã©ã®é
ç®ãçç¥å¯èœã§ã©ããå¿
é ãã®æ¹éãå®çŸ©ãã
ãããããŸãããé
ç®ã®å
容ã«ã€ããŠãèªèšŒå±ã蚌ææžã®ãŠãŒã¶ããã®
èŠä»¶ããããããããŸããã
äŸãã°ãããã¹ã±ãŒãã®ãã©ãŠã¶ã¯ããµãŒãã®èšŒææžã®
Common Name (ã³ã¢ã³ããŒã )ããµãŒãã®ãã¡ã€ã³åã®
<code>*.snakeoil.com</code>
ãšãããããªã¯ã€ã«ãã«ãŒãã®ãã¿ãŒã³ã«ãããããããš
ãèŠæ±ããŸãã</p>
<p>ãã€ããªåœ¢åŒã®èšŒææžã¯ ASN.1 è¡šèšæ³
[<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>] ã§
å®çŸ©ãããŠããŸãã
ãã®è¡šèšæ³ã¯å
容ãã©ã®ããã«èšè¿°ããããå®çŸ©ãã
笊å·åã®èŠå®ããã®æ
å ±ãã©ã®ããã«ãã€ããªåœ¢åŒã«å€æããããã
å®çŸ©ããŸãã
蚌ææžã®ãã€ããªç¬Šå·å㯠Distinguished Encoding
Rules (DER) ã§å®çŸ©ãããããã¯ããäžè¬ç㪠Basic Encoding Rules
(BER) ã«åºã¥ããŠããŸãã
ãã€ããªåœ¢åŒãæ±ãããšã®ã§ããªãéä¿¡ã§ã¯ã
ãã€ããªåœ¢åŒã¯ Base64 笊å·å [<a href="#MIME">MIME</a>] ã§
ASCII 圢åŒã«å€æãããããšããããŸãã
éå§ããªãã¿è¡ãšçµäºããªãã¿è¡ã§å²ãŸããããã®åœ¢åŒã®ããšã
PEM ("Privacy Enhanced Mail") 笊å·åããã蚌ææžãšèšããŸãã</p>
<div class="example"><h3>PEM 笊å·åããã蚌ææžã®äŸ (example.crt)</h3><pre>-----BEGIN CERTIFICATE-----
MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL
MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b
vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa
lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV
HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB
gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt
2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7
dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
-----END CERTIFICATE-----</pre></div>
<h3><a name="certificateauthorities" id="certificateauthorities">èªèšŒå±</a></h3>
<p>蚌ææžãæ¿èªããåã«ã蚌ææžèŠæ±ã«èšèŒãããŠããæ
å ±ã確èªãã
èªèšŒå±ã¯éµã®ææè
ã®èº«å
ã確èªããŸãã
äŸãã°ãã¢ãªã¹ãå人蚌ææžãç³è«ãããšãããšã
èªèšŒå±ã¯ã¢ãªã¹ã蚌ææžã®ç³è«ã䞻匵ããéãã®
åœã®æ¬äººã ãšããããšã確èªããªããŠã¯ãããŸããã</p>
<h4><a name="certificatechains" id="certificatechains">蚌ææžã®é£é</a></h4>
<p>èªèšŒå±ã¯ä»ã®èªèšŒå±ãžã®èšŒææžãçºè¡ããããšãã§ããŸãã
æªç¥ã®èšŒææžã調ã¹ãæã«ãã¢ãªã¹ã¯ãã®èšŒææžã®çºè¡è
ã«èªä¿¡ãæãŠããŸã§ãçºè¡è
ã®èšŒææžã
ãã®äžäœéå±€ã®èªèšŒå±ããã©ã£ãŠèª¿ã¹ãå¿
èŠããããŸãã
ãæªè³ªãªã蚌ææžã®å±éºæ§ãæžããããã
圌女ã¯éãããé£éã®çºè¡è
ã®ã¿ä¿¡é Œããããã«
決ããããšãã§ããŸãã</p>
<h4><a name="rootlevelca" id="rootlevelca">æäžäœèªèšŒå±ã®äœæ</a></h4>
<p>åã«è¿°ã¹ãããã«ãå
šãŠã®èšŒææžã«ã€ããŠã
æäžäœã®èªèšŒå±(CA)ãŸã§ããããã®çºè¡è
ã
察象ã®èº«å
蚌æã®æå¹æ§ãæããã«ããå¿
èŠããããŸãã
åé¡ã¯ã誰ããã®æäžäœã®èªèšŒæ©é¢ã®èšŒææžãä¿èšŒããã®ãã
ãšããããšã§ãã
ãã®ãããªå Žåã«éãã蚌ææžã¯ãèªå·±çœ²åããããŸãã
ãã©ãŠã¶ã«ã¯ããšãŠãããç¥ãããŠããèªèšŒå±ãåæç»é²ãããŠããŸããã
èªå·±çœ²åããã蚌ææžãä¿¡çšããéã«ã¯
现å¿ã®æ³šæãå¿
èŠã§ãã
æäžäœèªèšŒå±ãå
¬ééµãåºãå
¬è¡šããããšã§ã
ãã®éµãä¿¡é Œãããªã¹ã¯ãäœãããããšãã§ããŸãã
ãããä»äººããã®èªèšŒå±ã«ãªãããŸããæã«ããããé²èŠãã
ããããã§ãã</p>
<p><a href="http://www.thawte.com/">Thawte</a>
ã <a href="http://www.verisign.com/">VeriSign</a>
ã®ãããªå€ãã®äŒç€ŸãèªèšŒå±ãšããŠéèšããŸããã
ãã®ãããªäŒç€Ÿã¯ä»¥äžã®ãµãŒãã¹ãæäŸããŸã:</p>
<ul>
<li>蚌ææžç³è«ã®ç¢ºèª</li>
<li>蚌ææžç³è«ã®åŠç</li>
<li>蚌ææžã®çºè¡ãšç®¡ç</li>
</ul>
<p>èªåã§èªèšŒå±ãäœãããšãå¯èœã§ãã
ã€ã³ã¿ãŒãããç°å¢ã§ã¯å±éºã§ããã
å人ããµãŒãã®èº«å
蚌æãç°¡åã«è¡ããçµç¹ã®
ã€ã³ãã©ãããå
ã§ã¯åœ¹ã«ç«ã€ãããããŸããã</p>
<h4><a name="certificatemanagement" id="certificatemanagement">蚌ææžç®¡ç</a></h4>
<p>èªèšŒå±ã®éèšã¯åŸ¹åºãã管çãæè¡ãéçšã®äœå¶ãå¿
èŠãšãã
責任ã®ããä»äºã§ãã
èªèšŒå±ã¯èšŒææžãçºè¡ããã ãã§ãªãã
管çãããªããã°ãªããŸããã
å
·äœçã«ã¯ã蚌ææžããã€ãŸã§æå¹ã§ããç¶ãããã決å®ããæŽæ°ãã
ãŸãéå»çºè¡ãããŠå€±å¹ãã蚌ææžã®ãªã¹ã
(Certificate Revocation Lists ãŸã㯠CRL)
ã管çããªããã°ãããŸããã</p>
<p>äŸãã°ã¢ãªã¹ãéå»ãäŒç€Ÿã®ç€Ÿå¡ã§ããããšã蚌æãã蚌ææžãæã£ãŠãããã
çŸåšã¯éè·ããŠããéããã®èšŒææžã¯å€±å¹ãããªããã°ãªããŸããã
蚌ææžã¯æ¬¡ã
ãšäººã«æž¡ãããŠãããã®ãªã®ã§ã
蚌ææžãã®ãã®ããããããåãæ¶ããããå€æããããšã¯
äžå¯èœã§ãã
ãã£ãŠã蚌ææžã®æå¹æ§ã調ã¹ããšãã«ã¯ã
èªèšŒå±ã«é£çµ¡ã㊠CRL ãç
§åããå¿
èŠããããŸãã
æ®éãã®éçšã¯èªååãããŠãããã®ã§ã¯ãããŸããã</p>
<div class="note"><h3>泚æ</h3>
<p>ãã©ãŠã¶ã«ä¿¡çšã§ããèªèšŒå±ãšããŠããã©ã«ãã§ç»é²ãããŠããªã
èªèšŒå±ã䜿ãããšããå Žåã
èªèšŒå±ã®èšŒææžããã©ãŠã¶ã«èªã¿èŸŒãã§ã
ãã©ãŠã¶ããã®èªèšŒå±ã«ãã£ãŠçœ²åããããµãŒãã®èšŒææžã
æå¹ã«ããå¿
èŠããããŸãã
äžåºŠèªã¿èŸŒãŸãããšããã®èªèšŒå±ã«ãã£ãŠçœ²åãããå
šãŠã®
蚌ææžãåãå
¥ãããããå±éºã䌎ããŸãã</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="ssl" id="ssl">Secure Sockets Layer (SSL)</a></h2>
<p>Secure Sockets Layer ãããã³ã«ã¯ä¿¡é Œæ§ã®ããã³ãã¯ã·ã§ã³åã®
ãããã¯ãŒã¯å±€ã®ãããã³ã«(äŸãã°ãTCP/IP)ãš
ã¢ããªã±ãŒã·ã§ã³å±€ã®ãããã³ã«(äŸãã°ãHTTP)
ã®éã«çœ®ãããšãã§ããŸãã
SSL ã¯ãçžäºèªèšŒã«ãã£ãŠãµãŒããšã¯ã©ã€ã¢ã³ãéã®å®å
šãªéä¿¡ãã
é»å眲åã«ãã£ãŠããŒã¿ã®å®å
šæ§ãã
ãããŠæå·åã«ãã£ãŠãã©ã€ãã·ãæäŸããŸãã</p>
<p>SSL ãããã³ã«ã¯æå·åããã€ãžã§ã¹ããé»å眲åã«ã€ããŠã
æ§ã
ãªã¢ã«ãŽãªãºã ããµããŒãããããã«ã§ããŠããŸãã
ããããããšã§ãæ³ã茞åºã®èŠå¶ãèæ
®ã«å
¥ããŠããµãŒãã«åããã
ã¢ã«ãŽãªãºã ãéžã¶ããšãã§ãããŸããæ°ããã¢ã«ãŽãªãºã ã
å©çšããŠããããšãå¯èœã«ããŠããŸãã
ã¢ã«ãŽãªãºã ã®éžæã¯ãããã³ã«ã»ãã·ã§ã³éå§æã«
ãµãŒããšã¯ã©ã€ã¢ã³ãéã§åã決ããããŸãã</p>
<h3><a name="table4" id="table4">è¡š4: SSL ãããã³ã«ã®ããŒãžã§ã³</a></h3>
<table class="bordered">
<tr><th>ããŒãžã§ã³</th>
<th>åºå
ž</th>
<th>説æ</th>
<th>ãã©ãŠã¶ã®ãµããŒã</th></tr>
<tr><td>SSL v2.0</td>
<td>Vendor Standard (Netscape Corp. ãã) [<a href="#SSL2">SSL2</a>]</td>
<td>å®è£
ãçŸåããåããŠã® SSL ãããã³ã«</td>
<td>- NS Navigator 1.x/2.x<br />
- MS IE 3.x<br />
- Lynx/2.8+OpenSSL</td></tr>
<tr><td>SSL v3.0</td>
<td>Expired Internet Draft (Netscape Corp. ãã) [<a href="#SSL3">SSL3</a>]</td>
<td>ç¹å®ã®ã»ãã¥ãªãã£æ»æãé²ãããã®æ¹èšã
éRSA æå·ã®è¿œå ã蚌ææžéå±€æ§é ã®ãµããŒã</td>
<td>- NS Navigator 2.x/3.x/4.x<br />
- MS IE 3.x/4.x<br />
- Lynx/2.8+OpenSSL</td></tr>
<tr><td>TLS v1.0</td>
<td>Proposed Internet Standard (IETF ãã) [<a href="#TLS1">TLS1</a>]</td>
<td>MAC ã¬ã€ã€ã HMAC ãžæŽæ°ããããã¯æå·ã® block
paddingãã¡ãã»ãŒãžé åºã®æšæºåãèŠåæã®å
å®ãªã©ã®ãã
SSL 3.0 ãæ¹èšã</td>
<td>- Lynx/2.8+OpenSSL</td></tr>
</table>
<p><a href="#table4">è¡š4</a>ã«ç€ºããããšãããSSL ãããã³ã«ã«ã¯
ããã€ãã®ããŒãžã§ã³ããããŸãã
è¡šã«ãæžãããŠããããã«ãSSL 3.0 ã®å©ç¹ã®äžã€ã¯
蚌ææžéå±€æ§é ããµããŒãããããšã§ãã
ãã®æ©èœã«ãã£ãŠããµãŒãã¯èªåã®èšŒææžã«å ããŠã
çºè¡è
ã®èšŒææžããã©ãŠã¶ã«æž¡ãããšãã§ããŸãã
蚌ææžéå±€æ§é ã«ãã£ãŠã
ãã©ãŠã¶ã«çºè¡è
ã®èšŒææžãçŽæ¥ç»é²ãããŠããªããŠãã
éå±€ã®äžã«å«ãŸããŠããã°ã
ãã©ãŠã¶ã¯ãµãŒãã®èšŒææžãæå¹åããããšãã§ããŸãã
SSL 3.0 ã¯çŸåš Internet Engineering Task Force (IETF)
ã«ãã£ãŠéçºãããŠãã Transport Layer Security
[<a href="#TLS1">TLS</a>] ãããã³ã«æšæºèŠæ Œã®åºç€ãšãªã£ãŠããŸãã</p>
<h3><a name="session" id="session">ã»ãã·ã§ã³ã®ç¢ºç«</a></h3>
<p><a href="#figure1">å³1</a>ã§ç€ºãããããã«ã
ã»ãã·ã§ã³ã®ç¢ºç«ã¯ã¯ã©ã€ã¢ã³ããšãµãŒãéã®
ãã³ãã·ã§ãŒã¯ã·ãŒã¯ãšã³ã¹ã«ãã£ãŠè¡ãªãããŸãã
ãµãŒãã蚌ææžãæäŸããããã¯ã©ã€ã¢ã³ãã®èšŒææžããªã¯ãšã¹ãããã
ãšãããµãŒãã®èšå®ã«ããããã®ã·ãŒã¯ãšã³ã¹ã¯ç°ãªããã®ãšãªããŸãã
æå·æ
å ±ã®ç®¡çã®ããã«ãè¿œå ã®ãã³ãã·ã§ãŒã¯éçšãå¿
èŠã«ãªã
å ŽåããããŸããããã®èšäºã§ã¯
ããããã·ããªãªãæçã«èª¬æããŸãã
å
šãŠã®å¯èœæ§ã«ã€ãã¯ãSSL ä»æ§æžãåç
§ããŠãã ããã</p>
<div class="note"><h3>泚æ</h3>
<p>äžåºŠ SSL ã»ãã·ã§ã³ã確ç«ãããšãã»ãã·ã§ã³ãåå©çšããããšã§ã
ã»ãã·ã§ã³ãéå§ããããã®å€ãã®éçšãç¹°ãè¿ããšãã
ããã©ãŒãã³ã¹ã®æ倱ãé²ããŸãã
ãã®ããããµãŒãã¯å
šãŠã®ã»ãã·ã§ã³ã«äžæãªã»ãã·ã§ã³èå¥åã
å²ãåœãŠããµãŒãã«ãã£ãã·ã¥ããã¯ã©ã€ã¢ã³ãã¯æ¬¡åãã
(èå¥åããµãŒãã®ãã£ãã·ã¥ã§æéåãã«ãªããŸã§ã¯)
ãã³ãã·ã§ãŒã¯ãªãã§æ¥ç¶ããããšãã§ããŸãã</p>
</div>
<p class="figure">
<img src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br />
<a id="figure1" name="figure1"><dfn>å³1</dfn></a>: SSL
ãã³ãã·ã§ãŒã¯ã·ãŒã¯ãšã³ã¹æŠç¥</p>
<p>ãµãŒããšã¯ã©ã€ã¢ã³ãã§äœ¿ããã
ãã³ãã·ã§ãŒã¯ã·ãŒã¯ãšã³ã¹ã®èŠçŽ ã以äžã«ç€ºããŸã:</p>
<ol>
<li>ããŒã¿éä¿¡ã«äœ¿ãããæå·ã¹ã€ãŒãã®åã決ã</li>
<li>ã¯ã©ã€ã¢ã³ããšãµãŒãéã§ã®ã»ãã·ã§ã³éµã®ç¢ºç«ãšå
±æ</li>
<li>ãªãã·ã§ã³ãšããŠãã¯ã©ã€ã¢ã³ãã«å¯ŸãããµãŒãã®èªèšŒ</li>
<li>ãªãã·ã§ã³ãšããŠããµãŒãã«å¯Ÿããã¯ã©ã€ã¢ã³ãã®èªèšŒ</li>
</ol>
<p>第äžã¹ãããã®æå·ã¹ã€ãŒãåã決ãã«ãã£ãŠã
ãµãŒããšã¯ã©ã€ã¢ã³ãã¯ããããã«ãã£ã
æå·ã¹ã€ãŒããéžã¶ããšãã§ããŸãã
SSL3.0 ãããã³ã«ã®ä»æ§æžã¯ 31 ã®æå·ã¹ã€ãŒããå®çŸ©ããŠããŸãã
æå·ã¹ã€ãŒãã¯ä»¥äžã®ã³ã³ããŒãã³ãã«ããå®çŸ©ãããŠããŸã:</p>
<ul>
<li>éµã®äº€ææ段</li>
<li>ããŒã¿éä¿¡ã®æå·è¡</li>
<li>Message Authentication Code (MAC) äœæã®ããã®
ã¡ãã»ãŒãžãã€ãžã§ã¹ã</li>
</ul>
<p>ãããã®äžã€ã®èŠçŽ ã¯ä»¥äžã®ã»ã¯ã·ã§ã³ã§èª¬æãããŠããŸãã</p>
<h3><a name="keyexchange" id="keyexchange">éµã®äº€ææ段</a></h3>
<p>éµã®äº€ææ段ã¯ã¢ããªã±ãŒã·ã§ã³ã®ããŒã¿éä¿¡ã«äœ¿ããã
å
±æããã察称æå·éµãã©ã®ããã«ãã¯ã©ã€ã¢ã³ããšãµãŒãã§
åã決ããããå®çŸ©ããŸãã
SSL 2.0 㯠RSA éµäº€æãã䜿ããŸãããã
SSL 3.0 㯠(蚌ææžã䜿ããããšãã®) RSA éµäº€æãã
(蚌ææžç¡ãã®å Žåãã¯ã©ã€ã¢ã³ããšãµãŒãã®äºåã®éä¿¡ãç¡ãå Žåã®)
Diffie-Hellman éµäº€æ
ãªã©æ§ã
ãªéµäº€æã¢ã«ãŽãªãºã ããµããŒãããŸãã</p>
<p>éµã®äº€ææ¹æ³ã«ãããäžã€ã®éžæè¢ã¯é»å眲åã§ãã
é»å眲åã䜿ããã©ããããŸãã
ã©ã®çš®é¡ã®çœ²åã䜿ãããšããéžæããããŸãã
ç§å¯éµã§çœ²åããããšã§å
±æéµãä¿è·ããæ
å ±äº€æããæã®
ãã³ã»ã€ã³ã»ã¶ã»ããã«æ»æãé²ãããšãã§ããŸãã
[<a href="#AC96">AC96</a>, p516]</p>
<h3><a name="ciphertransfer" id="ciphertransfer">ããŒã¿éä¿¡ã®æå·è¡</a></h3>
<p>SSL ã¯ã»ãã·ã§ã³ã®ã¡ãã»ãŒãžã®æå·åã«åè¿°ãã
察称æå·æ¹åŒãçšããŸãã
æå·åããªããšããéžæè¢ãå«ãä¹ã€ã®æå·æ¹åŒã®éžæè¢ããããŸã:</p>
<ul>
<li>æå·åãªã</li>
<li>ã¹ããªãŒã æå·
<ul>
<li>40-bit éµã§ã® RC4</li>
<li>128-bit éµã§ã® RC4</li>
</ul></li>
<li>CBC ãããã¯æå·
<ul><li>40 bit éµã§ã® RC2</li>
<li>40 bit éµã§ã® DES</li>
<li>56 bit éµã§ã® DES</li>
<li>168 bit éµã§ã® Triple-DES</li>
<li>Idea (128 bit éµ)</li>
<li>Fortezza (96 bit éµ)</li>
</ul></li>
</ul>
<p>CBC ãšã¯æå·ãããã¯é£é (Cipher Block Chaining)
ã®ç¥ã§ãäžã€åã®æå·åãããæå·æã®äžéšã
ãããã¯ã®æå·åã«äœ¿ãããããšãæå³ããŸãã
DES ã¯ããŒã¿æå·åæšæºèŠæ Œ (Data Encryption Standard)
[<a href="#AC96">AC96</a>, ch12] ã®ç¥ã§ã
DES40 ã 3DES_EDE ãå«ãããã€ãã®çš®é¡ããããŸãã
Idea ã¯çŸåšæé«ãªãã®ã®äžã€ã§ãæå·è¡çã«ã¯çŸåšããäžã§
æã匷åãªãã®ã§ãã
RC2 㯠RSA DSI ã«ããç¬å çãªã¢ã«ãŽãªãºã ã§ãã
[<a href="#AC96">AC96</a>,
ch13]</p>
<h3><a name="digestfuntion" id="digestfuntion">ãã€ãžã§ã¹ãé¢æ°</a></h3>
<p>
ãã€ãžã§ã¹ãé¢æ°ã®éžæã¯ã¬ã³ãŒããŠãããããã©ã®ããã«ãã€ãžã§ã¹ããçæããããã決å®ããŸãã
SSL ã¯ä»¥äžããµããŒãããŸã:</p>
<ul>
<li>ãã€ãžã§ã¹ããªã</li>
<li>MD5 (128-bit ããã·ã¥)</li>
<li>Secure Hash Algorithm (SHA-1) (160-bit ããã·ã¥)</li>
</ul>
<p>ã¡ãã»ãŒãžãã€ãžã§ã¹ã㯠Message Authentication Code (MAC)
ã®çæã«äœ¿ãããã¡ãã»ãŒãžãšå
±ã«æå·åãããã¡ãã»ãŒãžã®ä¿¡ææ§ã
確èªãããªãã¬ã€æ»æãé²ããŸãã</p>
<h3><a name="handshake" id="handshake">ãã³ãã·ã§ãŒã¯ã·ãŒã¯ãšã³ã¹ãããã³ã«</a></h3>
<p>ãã³ãã·ã§ãŒã¯ã·ãŒã¯ãšã³ã¹ã¯äžã€ã®ãããã³ã«ã䜿ããŸã:</p>
<ul>
<li><dfn>SSL ãã³ãã·ã§ãŒã¯ãããã³ã«</dfn>ã¯
ã¯ã©ã€ã¢ã³ããšãµãŒãéã§ã® SSL ã»ãã·ã§ã³ã®ç¢ºç«ã«äœ¿ãããŸãã</li>
<li><dfn>SSL æå·ä»æ§å€æŽãããã³ã«</dfn>ã¯
ã»ãã·ã§ã³ã§ã®æå·ã¹ã€ãŒãã®åã決ãã«äœ¿ãããŸãã</li>
<li><dfn>SSL èŠåãããã³ã«</dfn>ã¯
ã¯ã©ã€ã¢ã³ããµãŒãé㧠SSL ãšã©ãŒãäŒéããã®ã«äœ¿ãããŸãã</li>
</ul>
<p>äžã€ã®ãããã³ã«ã¯ãã¢ããªã±ãŒã·ã§ã³ãããã³ã«ããŒã¿ãšãšãã«ã
<a href="#figure2">å³2</a>ã«ç€ºããšãã <dfn>SSL ã¬ã³ãŒããããã³ã«</dfn>
ã§ã«ãã»ã«åãããŸãã
ã«ãã»ã«åããããããã³ã«ã¯ããŒã¿ãæ€æ»ããªã
äžå±€ã®ãããã³ã«ã«ãã£ãŠããŒã¿ãšããŠäŒéãããŸãã
ã«ãã»ã«åããããããã³ã«ã¯äžå±€ã®ãããã³ã«ã«é¢ããŠäžåé¢ç¥ããŸããã</p>
<p class="figure">
<img src="../images/ssl_intro_fig2.gif" alt="" width="428" height="217" /><br />
<a id="figure2" name="figure2"><dfn>å³2</dfn></a>: SSL ãããã³ã«ã¹ã¿ãã¯
</p>
<p>
ã¬ã³ãŒããããã³ã«ã§ SSL ã³ã³ãããŒã«ãããã³ã«ãã«ãã»ã«åãããŠãããšããããšã¯ã
ã¢ã¯ãã£ããªã»ãã·ã§ã³äžã§åããŽã·ãšãŒã·ã§ã³ããããšãã«ãã
ã³ã³ãããŒã«ãããã³ã«ã¯å®å
šã§ããããšãæå³ããŸãã
æ¢åã®ã»ãã·ã§ã³ãç¡ãå Žåã¯ãNull æå·ã¹ã€ãŒãã䜿ããã
æå·åã¯è¡ãªããããã»ãã·ã§ã³ã確ç«ãããŸã§ã¯
ãã€ãžã§ã¹ããç¡ãç¶æ
ãšãªããŸãã</p>
<h3><a name="datatransfer" id="datatransfer">ããŒã¿éä¿¡</a></h3>
<p><a href="#figure3">å³3</a>ã«ç€ºããã SSL ã¬ã³ãŒããããã³ã«
ã¯ã¯ã©ã€ã¢ã³ããšãµãŒãéã®ã¢ããªã±ãŒã·ã§ã³ã
SSL ã³ã³ãããŒã«ããŒã¿ã®éä¿¡ã«äœ¿ãããŸãã
å¿
èŠã«å¿ããŠãã®ããŒã¿ã¯ããå°ãããŠãããã«åãããããã
ããã€ãã®é«çŽãããã³ã«ããŸãšããŠäžãŠããããšããŠéä¿¡ã
è¡ãªãããããšããããŸãã
ããŒã¿ãå§çž®ãããã€ãžã§ã¹ã眲åãæ·»ä»ããŠã
ãããã®ãŠããããæå·åããã®ã¡ãããŒã¹ãšãªã£ãŠãã
ä¿¡é Œæ§ã®ãããã©ã³ã¹ããŒããããã³ã«ãçšãããããããŸããã
(泚æ: çŸåšã¡ãžã£ãŒãª SLL å®è£
ã§å§çž®ããµããŒãããŠãããã®ã¯ãããŸãã)</p>
<p class="figure">
<img src="../images/ssl_intro_fig3.gif" alt="" width="423" height="323" /><br />
<a id="figure3" name="figure3"><dfn>å³ 3</dfn></a>: SSL ã¬ã³ãŒããããã³ã«
</p>
<h3><a name="securehttp" id="securehttp">HTTP éä¿¡ã®å®å
šå</a></h3>
<p>ãããã SSL ã®äœ¿ãæ¹ã¯ãã©ãŠã¶ãšãŠã§ããµãŒãéã® HTTP éä¿¡
ã®å®å
šåã§ãã
ããã¯ãåŸæ¥ã®å®å
šã§ã¯ãªã HTTP ã®äœ¿çšãé€å€ãããã®ã§ã¯ãããŸããã
å®å
šåããããã® (HTTPS ãšåŒã°ããŸã) ã¯ãSSL äžã§ã®æ®éã® HTTP ã§ã
URL ã¹ããŒã ã« <code>http</code> ã®ä»£ããã« <code>https</code>
ãçšãããµãŒãã§å¥ã®ããŒãã䜿ãããšã§ã (ããã©ã«ãã§ã¯443)ã
ããã䞻㫠<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ã Apache
ãŠã§ããµãŒãã«æäŸããæ©èœã§ãã</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="references" id="references">åèæç®</a></h2>
<dl>
<dt><a id="AC96" name="AC96">[AC96]</a></dt>
<dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,
1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce
Schneier.</dd>
<dt><a id="X208" name="X208">[X208]</a></dt>
<dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>.
</dd>
<dt><a id="X509" name="X509">[X509]</a></dt>
<dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>.
</dd>
<dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
<dd><q>Public Key Cryptography Standards (PKCS)</q>,
RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd>
<dt><a id="MIME" name="MIME">[MIME]</a></dt>
<dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd>
<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>
<dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
<dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd>
<dt><a id="TLS1" name="TLS1">[TLS1]</a></dt>
<dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd>
</dl>
</div></div>
<div class="bottomlang">
<p><span>翻蚳æžã¿èšèª: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/ssl/ssl_intro.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p>
</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">ã³ã¡ã³ã</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
<script type="text/javascript"><!--//--><![CDATA[//><!--
var comments_shortname = 'httpd';
var comments_identifier = 'http://httpd.apache.org/docs/2.4/ssl/ssl_intro.html';
(function(w, d) {
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
}
else {
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
}
})(window, document);
//--><!]]></script></div><div id="footer">
<p class="apache">Copyright 2015 The Apache Software Foundation.<br />ãã®ææžã¯ <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> ã®ã©ã€ã»ã³ã¹ã§æäŸãããŠããŸãã.</p>
<p class="menu"><a href="../mod/">ã¢ãžã¥ãŒã«</a> | <a href="../mod/directives.html">ãã£ã¬ã¯ãã£ã</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">çšèª</a> | <a href="../sitemap.html">ãµã€ãããã</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();
}
//--><!]]></script>
</body></html>
ß
yôÊáœ~or�À5ÖJ�={þÁEÇêe�Ÿuç£Qk���®á¯G{÷?ù»ã+]üôçÉÍ××ô?�wûM3X�^¶Úæ>{Ž7ÙŸìŽKã>èo²ÎnÝ\ÿªÊj¿y·�ðR�£õãg/î=ÞÿfúOçÖr�·o×NVÊv¿ú~ÿY+�ü¿NGêu÷ø·Ã®þë¹HWûyëwÆ[eQ¶ÊšŸSÚbÖ>öÍËÇ�þ³>ä}Gçmx[o[<�ÞÚ{ðýÏ®_ÅïqF�ÚÛvM����IEND®B`