增加了盟kms客户端密钥。
客户端配置为信任服务密钥或令牌,而服务配置为信任客户端密钥或令牌。
The client is configured to trust the service keys or tokens and the service is configured to trust the client keys or tokens.
您可以告诉Puppetmaster自动地签名所连接客户端密钥,但是这么做会导致任何人都能下载您的配置文件。
You can tell the Puppetmaster to automatically sign keys for clients that connect, but doing so would allow anyone to download your configuration files.
客户端使用它的秘密密钥解密来自身份验证服务的消息。
The client decrypts the message from the authentication service using client secret key.
所以客户端使用这个TGT会话密钥副本解密消息。
So the client decrypts the message using this copy of TGT session key.
使用此会话密钥,客户端和服务器可以安全地相互通信。
Using this session key, client and server can safely communicate with each other.
为客户端创建密钥数据库并生成相应的证书。
Create a key database for the client and generate the corresponding certificate.
在这里,按您在客户端网关配置中使用的方法导入密钥文件,然后只需从下拉列表中选择它。
Import the key file here the same way you did in the client gateway configuration, then simply select it from the drop-down list.
然后,服务器使用解密的对话密钥来解密客户端时间戳。
Then using the decrypted conversation key, the server decrypts the client timestamp.
为客户端创建密钥数据库并生成证书签名请求(CSR)。
Create a key database for the client and generate a certificate signing request (CSR).
TGT包含供在客户端与身份验证服务之间使用的会话密钥。
TGT carries session key for use between the client and authentication service.
客户端已经拥有从前面的TGT请求获得TGT会话密钥。
The client already has the TGT session key obtained from the previous TGT request.
客户端获得响应消息,解密它,然后获得PTGT和PTGT会话密钥。
The client gets the response message, decrypts it, and obtains the PTGT and PTGT session key.
客户端保留会话密钥,将票证按原样转发给服务器。
The client retains the session key and forward the ticket to the server as it is.
在此身份验证信息交换过程中生成的会话密钥可用于客户端/服务器与KDC之间的所有未来通信。
The session keys generated during this authentication exchange can be used for all the future correspondences among client/server and KDC.
这个策略使用客户端生成的保密密钥来规定发送到两个方向的消息体加密方式。
This policy specifies encryption of message bodies sent in both directions, using a client-generated secret key.
整条消息使用PTGT会话密钥加密并发送回客户端。
The whole message is encrypted using the PTGT session key and is sent back to the client.
STkt请求的主要目标是获得一个新会话密钥,供客户端与安全服务器一起使用。
The main objective of STkt request is to get a new session key for the client to use with the security server.
服务器必须接受客户端SecureShell (SSH)的公共密钥。
The server must accept the client's Secure Shell (SSH) public key.
客户端使用会话密钥与服务器通信。
客户端必须有一个签名密钥才能和Puppetmaster对话。
在应答中,服务器发送由对话密钥加密的客户端timestamp - 1。
In reply, the server sends client timestamp-1 encrypted by the conversation key.
SymmEncr:需要使用一个客户端生成您的密钥进行对称加密。
SymmEncr: Require symmetric encryption using a client-generated secret key.
此网关需要配置为信任来自每个客户端的密钥和令牌。
The gateway needs to be configured to trust keys and tokens from each client.
现在,客户端拥有了会话密钥,它可以使用该密钥向身份验证服务验证自身。
At this point, client has the session key that client can use for authenticating itself to the authentication service.
身份验证服务的总体目标是,与客户端希望向其进行身份验证的服务器安全地交换客户端身份和会话密钥。
The whole purpose of the authentication service is to securely exchange the client identity and session key to the server to which the client wants to authenticate.
注意,该服务器不需要让客户端的密钥在其信任存储区中(反之亦然),因为该CA是受信任的。
Notice that the server does not need to have the client's key in its trust store (and vice versa) because the ca is trusted.
这样,服务器将得到客户端的身份和会话密钥。
This way the server gets the identity of the client and the session key.
服务器不需要将保密密钥发送回客户端,因为客户端已经拥有了这个保密密钥。
There's no need for the server to send the secret key back to the client, because the client already has it available.
为了传送到期望的客户端,此响应消息使用客户端秘密密钥进行加密。
To reach the intended client, this response message is encrypted using the client secret key.
应用推荐