|
GnuTLS
GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures. Features GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols. It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators. GnuTLS has the following features: * TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols * Datagram TLS (DTLS) 1.2, and DTLS 1.0, protocols * TLS-SRP: Secure remote password protocol (SRP) for TLS authentication * TLS-PSK: Pre-shared key (PSK) for TLS authentication * X.509 and OpenPGP certificate handling * CPU assisted cryptography and cryptographic accelerator support ( ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications. In technical writing you often you will see references to (D)TLS when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
AES-NI
An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard (AES). They are often implemented as instructions implementing a single round of AES along with a special version for the last round which has a slightly different method. The side channel attack surface of AES is reduced when implemented in an instruction set, compared to when AES is implemented in software only. x86 architecture processors AES-NI (or the Intel Advanced Encryption Standard New Instructions; AES-NI) was the first major implementation. AES-NI is an extension to the x86 instruction set architecture for microprocessors from Intel and AMD proposed by Intel in March 2008. Instructions Intel The following Intel processors support the AES-NI instruction set: * Westmere based processors, specifically: ** Westmere- ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Datagram Transport Layer Security
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel. Definition The following documents define DTLS: * for use with User Datagram Protocol (UDP), * for use with Datagram Congestion Control Protocol (DCCP), * for use wi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DTLS
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel. Definition The following documents define DTLS: * for use with User Datagram Protocol (UDP), * for use with Datagram Congestion Control Protocol (DCCP), * for use with ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
TLS-SRP
Transport Layer Security Secure Remote Password (TLS-SRP) ciphersuites are a set of cryptographic protocols that provide secure communication based on passwords, using an SRP password-authenticated key exchange. There are two classes of TLS-SRP ciphersuites: The first class of cipher suites uses only SRP authentication. The second class uses SRP authentication and public key certificates together for added security. Usually, TLS uses only public key certificates for authentication. TLS-SRP uses a value derived from a password (the SRP verifier) and a salt, shared in advance among the communicating parties, to establish a TLS connection. There are several possible reasons one may choose to use TLS-SRP: * Using password-based authentication does not require reliance on certificate authorities. * The end user does not need to check the URL being certified. If the server does not know data derived from the password then the connection simply cannot be made. This prevents Phish ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PKCS 12
In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust. A PKCS #12 file may be encrypted and signed. The internal storage containers, called "SafeBags", may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer's choice. PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories. The filename extension for PKCS #12 files is .p12 or .pfx. These files can be created, parsed and read out with the OpenSSL pkcs12 command. Relationship to PFX file format PKCS #12 is the successor to Microsoft's "PFX"; however, the terms "PKCS #12 file" and "PFX file" are sometimes used interchangeably. The PFX format has been critic ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenSSL
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. The OpenSSL Software Foundation (OSF) represents the OpenSSL project in most legal capacities including contributor license agreements, managing donations, and so on. OpenSSL Software Services (OSS) also represents the OpenSSL project for support contracts. OpenSSL is available for most Unix-like operating systems (including Linux, macOS, and BSD), Microsoft Windows and OpenVMS. Project history The OpenSSL ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GNU Project
The GNU Project () is a free software, mass collaboration project announced by Richard Stallman on September 27, 1983. Its goal is to give computer users freedom and control in their use of their computers and computing devices by collaboratively developing and publishing software that gives everyone the rights to freely run the software, copy and distribute it, study it, and modify it. GNU software grants these rights in its license. In order to ensure that the ''entire'' software of a computer grants its users all freedom rights (use, share, study, modify), even the most fundamental and important part, the operating system (including all its numerous utility programs) needed to be free software. According to its manifesto, the founding goal of the project was to build a free operating system, and if possible, "everything useful that normally comes with a Unix system so that one could get along without any software that is not free." Stallman decided to call this operating sy ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trusted Platform Module
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard. TPM is used for digital rights management (DRM), Windows Defender, Windows Domain logon, protection and enforcement of software licenses, and prevention of cheating in online games. One of Windows 11's system requirements is TPM 2.0. Microsoft has stated that this is to help increase security against firmware and ransomware attacks. History Trusted Platform Module (TPM) was conceived by a computer industry consortium called Trusted Computing Group (TCG). It evolved into ''TPM Main Specification Version 1.2'' which was standardized by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11889:2009. ''TPM Main Specification Version 1. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Smart Card
A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations. The universal integrated circuit card, or SIM card, is also a type of smart card. , 10.5billion smart card IC chips are manufactured annually, including 5.44billion SIM card IC chips. Hist ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
VIA PadLock
VIA PadLock is a central processing unit (CPU) instruction set extension to the x86 microprocessor instruction set architecture (ISA) found on processors produced by VIA Technologies and Zhaoxin. Introduced in 2003 with the VIA Centaur CPUs, the additional instructions provide hardware-accelerated random number generation (RNG), Advanced Encryption Standard (AES), SHA-1, SHA256, and Montgomery modular multiplication. Instructions The PadLock instruction set can be divided into four subsets: * Random number generation (RNG) ** XSTORE: Store Available Random Bytes (aka XSTORERNG) ** REP XSTORE: Store ECX Random Bytes * Advanced cryptography engine (ACE) - for AES crypto; two versions ** REP XCRYPTECB: Electronic code book ** REP XCRYPTCBC: Cipher Block Chaining ** REP XCRYPTCTR: Counter Mode (ACE2) ** REP XCRYPTCFB: Cipher Feedback Mode ** REP XCRYPTOFB: Output Feedback Mode * SHA hash engine (PHE) ** REP XSHA1: Hash Function SHA-1 ** REP XSHA256: Hash Function SHA-256 * Montgomer ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
/dev/crypto
The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2.8 (December, 2000). Like other OpenBSD projects such as OpenSSH, it has been ported to other systems based on Berkeley Unix such as FreeBSD and NetBSD, and to Solaris and Linux. One of the Linux ports is supported by Intel for use with its proprietary cryptographic software and hardware to provide hardware-accelerated SSL encryption for the open source Apache HTTP Server. Background Cryptography is computationally intensive and is used in many different contexts. Software implementations often serve as a bottleneck to information flow or increase network latency. Specialist hardware such as cryptographic accelerators can mitigate the bottleneck problem by introducing parallelism. Certain kinds of hardware, hardware random number g ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
.jpg "Click for more on -> Smart Card")