增加了盟kms客户端密钥。
客户端配置为信任服务密钥或令牌,而服务配置为信任客户端密钥或令牌。
The client is configured to trust the service keys or tokens and the service is configured to trust the client keys or tokens.
您可以告诉Puppetmaster自动地签名所连接客户端密钥,但是这么做会导致任何人都能下载您的配置文件。
You can tell the Puppetmaster to automatically sign keys for clients that connect, but doing so would allow anyone to download your configuration files.
身份验证服务向客户端发出一条响应消息,其中包含TGT、TGT会话密钥的一个副本和其他信息。
The authentication service make a response message to the client containing the TGT, a copy of TGT session key and other information.
为客户端创建密钥数据库并生成相应的证书。
Create a key database for the client and generate the corresponding certificate.
在这里,按您在客户端网关配置中使用的方法导入密钥文件,然后只需从下拉列表中选择它。
Import the key file here the same way you did in the client gateway configuration, then simply select it from the drop-down list.
然后,服务器使用解密的对话密钥来解密客户端时间戳。
Then using the decrypted conversation key, the server decrypts the client timestamp.
为客户端创建密钥数据库并生成证书签名请求(CSR)。
Create a key database for the client and generate a certificate signing request (CSR).
这个密钥由身份验证服务生成,由客户端和身份验证服务共同用于所有未来通信。
This key is generated by the authentication service and is Shared between the client and the authentication service for all future communications.
此协议实际上包含一系列消息,其中包含秘密密钥以及有助于客户端和服务器安全地相互验证的其他信息。
This protocol actually contains a series of messages containing secret keys and other information that help clients and servers identify each other securely.
客户端获得响应消息,解密它,然后获得PTGT和PTGT会话密钥。
The client gets the response message, decrypts it, and obtains the PTGT and PTGT session key.
客户端保留会话密钥,将票证按原样转发给服务器。
The client retains the session key and forward the ticket to the server as it is.
在此身份验证信息交换过程中生成的会话密钥可用于客户端/服务器与KDC之间的所有未来通信。
The session keys generated during this authentication exchange can be used for all the future correspondences among client/server and KDC.
这个策略使用客户端生成的保密密钥来规定发送到两个方向的消息体加密方式。
This policy specifies encryption of message bodies sent in both directions, using a client-generated secret key.
此消息的完整性通过一个校验和来保护,该校验和使用客户端与身份验证服务器之间的会话密钥进行加密。
This message's integrity is protected via an encrypted checksum using the session key between the client and authentication service.
整条消息使用PTGT会话密钥加密并发送回客户端。
The whole message is encrypted using the PTGT session key and is sent back to the client.
客户端向服务器发出RPC调用,并将包含会话密钥的STkt作为RPC协议的一部分传递给服务器。
The client makes an RPC call to the server, and the STkt containing the session key passed as a part of the RPC protocol.
STkt请求的主要目标是获得一个新会话密钥,供客户端与安全服务器一起使用。
The main objective of STkt request is to get a new session key for the client to use with the security server.
直接从客户端访问,使用用户名以及从WindowsAzure获得的访问密钥。
Directly from the client, using an account name and access key obtained from the Windows Azure portal.
客户端必须有一个签名密钥才能和Puppetmaster对话。
在应答中,服务器发送由对话密钥加密的客户端timestamp - 1。
In reply, the server sends client timestamp-1 encrypted by the conversation key.
SymmEncr:需要使用一个客户端生成您的密钥进行对称加密。
SymmEncr: Require symmetric encryption using a client-generated secret key.
此网关需要配置为信任来自每个客户端的密钥和令牌。
The gateway needs to be configured to trust keys and tokens from each client.
现在,客户端拥有了会话密钥,它可以使用该密钥向身份验证服务验证自身。
At this point, client has the session key that client can use for authenticating itself to the authentication service.
身份验证服务的总体目标是,与客户端希望向其进行身份验证的服务器安全地交换客户端身份和会话密钥。
The whole purpose of the authentication service is to securely exchange the client identity and session key to the server to which the client wants to authenticate.
注意,该服务器不需要让客户端的密钥在其信任存储区中(反之亦然),因为该CA是受信任的。
Notice that the server does not need to have the client's key in its trust store (and vice versa) because the ca is trusted.
服务器不需要将保密密钥发送回客户端,因为客户端已经拥有了这个保密密钥。
There's no need for the server to send the secret key back to the client, because the client already has it available.
然后,服务器使用它的机密密钥和客户端公钥,通过执行与客户端相同的过程,生成一个通用密钥。
Then the server generates a common key using its secret key and client public key by following the same procedure as was followed by the client.
您已经从本文中了解了对称加密是如何在不需要客户端证书的情况下使用客户端生成的保密密钥来保证消息交换的安全。
You've seen in this article how symmetric encryption, using client-generated secret keys, can be used to secure message exchanges without the need for client certificates.
身份验证服务器使用目标服务器的一个密码密钥将票据提供给客户端。
A ticket is provided by an authentication server to the client using a cryptographic key of the intended server.
应用推荐