Zusammenfassung
Dieses Papier untersucht Kryptographie-Standards und ihre APIs aus dem Blickwinkel des Systemarchitekten und Anwendungsentwicklers. Dabei werden Kryptographie-Standards ziemlich weitgefaßt als alle Verfahren, Datenformate und Protokolle definiert, die auf kryptographischen Algorithmen beruhen, hinreichend verbreitet sind, oder es in Zukunft sein werden.
Zunächst wird ein Überblick über bereits existierende und derzeit entstehende Standards gegeben. Anschließend diskutieren wir ihre Brauchbarkeit für die Anwendungsentwicklung und stellen Defizite heraus. Wir kommen zu dem Schluß, daß die nötigen Datenformate und Protokolle vorhanden sind, jedoch für die zugehörigen APIs umfassendere und bessere Standards benötigt werden.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Literatur
IETF (Internet Engineering Task Force). http://www.ietf.org/
Internet RFCs. http://www.ietf.org/rfc.html
Privacy Enhanced Mail (PEM), RFC 1421, RFC 1422, RFC 1423, RFC 1424, proposed standard, 1993.
Generic Security Service Application Programming Interface (GSS-API vl), RFC 1508, proposed standard, 1993.
Generic Security Service API: C-bindings, RFC 1509, proposed standard, 1993.
Generic Security Service Application Programming Interface, Version 2 (GSS-API v2), RFC 2078, proposed standard, 1997.
SPKM (Simple Public-Key GSS-API Mechanism), RFC 2025, proposed standard, 1996.
Kerberos Version 5 GSS-API Mechanism, RFC 1964, proposed standard, 1996
Kerberos Network Authentication Service (V5), RFC 1510, 1993.
Kerberos Network Authentication Service (V5) update. http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-revisions-04.txt
Bellovin, S. M.; Merritt, M.: Limitations of the Kerberos Authentication System. In Proceedings of the Winter 1991 Usenix Conference. Januar 1991. http://research.att.com/dist/internet-security/kerblimit.usenix.ps
Kohl, John T.; Neuman, B. Clifford; T’so, Theodore Y.: The Evolution of the Kerbe-ros Authentication System. In Distributed Open Systems, IEEE Computer Society Press, 1994, S. 78–94. athena-dist.mit.edu/pub/kerberos/doc/krb_evol.PS
PKINIT (Public Key Cryptography for Initial Authentication in Kerberos). http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-l0.txt
SASL (Simple Authentication and Security Layer), RFC 2222. http://www.ietf.org/internet-drafts/draft-ietf-cat-sasl-gssapi-OO.txt
SPNEGO (The Simple and Protected GSS-API Negotiation Mechanism), RFC 2478, proposed standard, 1998
PKCS (Public Key Cryptography Standards); RSA Security Inc. http://www.rsasecurity.com/rsalabs/pkcs
PKCS #7 (s. auch [19]). http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
PKCS #1, RFC 2437. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
CMS (Cryptographic Message Syntax), RFC 2630, proposed standard, 1999.
S/MIME Version 2, RFC 2311, RFC 2312, informational, 1998. http://www.rsasecurity.com/standards/smime/index.htm
S/MIME Version 3, RFC 2632, RFC 2633, RFC 2634, proposed standard, 1999.
S/MIME Interoperability Master Matrix. http://www.securitydynamics.com/standards/smime/interop_enter.html
Worldtalk (Hersteller der S/MIME-Referenzimplementation). http://www.worldtalk.com/
TeleTrusT Deutschland e. V., http://www.teletrust.de/
MailTrusT — Pilotprojekt Digitale Signatur für den Dokumentenaustausch des TeleTrusT Deutschland e. V. http://www.mailtrust.de/ http://www.teletrust.de/ http://www.darmstadt.gmd.de/mailtrust/
PGP (Pretty Good Privacy). http://www.pgp.com/ http://www.pgpi.org/
Sicherheit im Internet — Initiative der Bundesministerien für Sicherheit in der Informationstechnik, für Wirtschaft und Technologie und des Innern. http://www.sicherheit-im-internet.de/
The GNU Privacy Guard. http://www.gnupg.org/
Message Exchange Formats PGP (Pretty Good Privacy), RFC 1991, informational, 1996.
OpenPGP Message Format, RFC 2440, proposed standard, 1998.
MIME Security with PGP, RFC 2015, proposed standard, 1996.
Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API) v2, RFC 2479, informational, 1998.
XML (Extensible Markup Language). http://www.w3.org/XML/
XML Digital Signatures. http://www.ietf.org/html.charters/xmldsig-charter.html http://www.w3.org/Signature/
Common Data Security Architecture (CDSA); Open Group. http://www.opengroup.org/security/cdsa http://developer.intel.com/ial/security/specifications.htm
PC/SC Workgroup. http://www.pcscworkgroup.com/
PC/SC Implementation für Linux. http://www.linuxnet.com/middleware/middleware.html
Secure Socket Layer 3.0 (SSL) specification. http://www.netscape.com/eng/ssl3
Freie SSL/TLS-Implementierung (Open-Source Projekt). http://www.openssl.org
Wagner, D.; Schneier, B.: Analysis of the SSL 3.0 protocol. Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX Press, 1996, S. 29–40. www.counterpane.com/ssl. html
TLS (Transport Layer Security), RFC 2246, proposed standard, 1999.
IETF-TLS Working Group; Transport Layer Security. http://www.consensus.com/ietf-tls/ietf-tls-home.html http://www.ietf.org/html.charters/tls-charter.html
RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography. http://www.rsasecurity.com/rsalabs/faq
MIME (Multipurpose Internet Mail Extensions), RFC 2045, RFC 2046, RFC 2047, RFC 2048, RFC 2049, draft standard, 1996.
MOSS (MIME Object Security Services), RFC 1848, proposed standard, 1995.
Fumy, W.; Meister, G.; Reitenspieß, M.; Schäfer, W. (Ed.): Sicherheitsschnittstellen — Konzepte, Anwendungen und Einsatzbeispiele. Proceedings des VIS-Workshops Security APIs’ 94, Deutscher Universitäts-Verlag, Wiesbaden 1994.
W3C (Word Wide Web Consortium). http://www.w3.org/
FIPS PUB 186-1: Digital Signature Standard (DSS). U.S. Department of Commerce/National Institute of Standards and Technology. RFC 2104.
FIPS PUB 180-1: Secure Hash Standard. U.S. Department of Commerce/National Institute of Standards and Technology. http://csrc.nist.gov/fips/fip 180-1.pdf
ECDSA ANSI X9.62.
WAP (Wireless Application Protocol) Forum. http://www.wapforum.com/
WTLS (Wireless Transport Layer Security). http://www.wapforum.org/what/technical/SPEC-WTLS-19990211.pdf
Saarinen, M-J.: Attacks against the WAP WTLS Protocol. Proceedings CMS’ 99 Communications and Multimedia Security, Kluwer Academic Publishers, Boston 1999.
RPCSEC_GSS Protocol Specification, RFC 2203, proposed standard, 1997.
Authentication Mechanisms for ONC RPC, RFC 2695, informational, 1999.
IPsec — Security Architecture for the Internet Protocol, RFC 2401, proposed standard, 1998.
The Globus Project — Gemeinsames Projekt folgender Partner: Information Sciences Institute of the University of Southern California, Mathematics and Computer Science Division of Argonne National Laboratory, Aerospace Corporation. http://www.globus.org/
JCA (Java Cryptography Architecture). http://www.javasoft.com/products/jdk/l.2/docs/guide/security/CryptoSpec.html
JSSE (Java Secure Socket Extension). http://java.sun.com/products/jsse/
JCE (Java Cryptography Extension). http://www.Javasoft.com/products/jce/
Java Smart Card API. http://java.sun.com/products/commerce/javax.smartcard/
Java Wallet. http://java.sun.com/products/commerce/
Open Card Framework. http://www.opencard.org/
CORBA (Common Object Request Broker Architecture). http://www.corba.org/
DOM (Document Object Model). http://www.w3.org/D0M/
SECUDE Sicherheitstechnologie Informationssysteme GmbH. http://www.secude.com/
IBM SecureWay. http://www.ibm.com/software/secureway/
Schneider, B.: Comments on the “NSAKEY” in Microsoft’s Crypto API. Crypto-Gram newsletter, September 1999. http://www.counterpane.com/nsakey.html
SET (Security Electronic Transaction LLC) Specifications, http://www.setco.org/set-specifications.html
MailProtect (S/MIME-Plugin für Lotus Notes). http://www.mailprotect.de/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2000 Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden
About this chapter
Cite this chapter
Bartosch, M., Schneider, J. (2000). Nutzen und Grenzen von Kryptographie-Standards und ihrer APIs. In: Horster, P. (eds) Systemsicherheit. DuD-Fachbeiträge. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84957-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-322-84957-1_17
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-322-84958-8
Online ISBN: 978-3-322-84957-1
eBook Packages: Springer Book Archive