JK
Uploaded byJun Kurihara
PDF, PPTX149 views

JavaScriptを使って学ぶEnd-to-Endセキュリティ 第4回

This document discusses end-to-end (E2E) security in JavaScript, detailing various cryptographic methods including AES, RSA, and HMAC. It covers concepts of ephemeral schemes, message authentication codes (MAC), hashing techniques, and practical implementations using Node.js and relevant libraries. The presentation appears to be from a technical session led by Jun Kurihara at Zettant Inc. on January 26, 2020.

Embed presentation

Download as PDF, PPTX
JavaScript End-to-End 4 1),2) 1) 2) January 26, 2020 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 1 / 69
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 2 / 69
1,2,3 End-to-End (E2E) JavaScript AES JavaScript (RSA/ ) 3 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 3 / 69
3 : Ephemeral Scheme Ephemeral Scheme 1 Perfect Forward Secrecy1 Perfect Forward Secrecy End-to-End 1 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 4 / 69
Ephemeral Scheme Ephemeral ? 2 2 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 5 / 69
E2E MAC 3 4 JavaScript 3 HMAC (RFC2104 https://tools.ietf.org/html/rfc2104) 4 RSASSA PKCS#1-v1.5/PSS (PKCS#1 RFC8017 https://tools.ietf.org/html/rfc8017), ECDSA (FIPS PUB186-4 https://csrc.nist.gov/publications/detail/fips/186/4/final) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 6 / 69
: Web Web : Bash, Git Node.js, npm, yarn Google Chrome and/or Firefox Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 7 / 69
: 1 &JS 2 AES 3 4 MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 8 / 69
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 9 / 69
JavaScript (Node.js) Hash/MAC/ Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 10 / 69
src/commands-browser.html Node.JS Ephemeral Scheme Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 11 / 69
: Node.js (> v10) yarn 5 Google Chrome ( ) Firefox Visual Studio Code WebStorm 5 : npm i -g yarn Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 12 / 69
JavaScript 1 GitHub 6 Clone $ git clone https://github.com/junkurihara/slides-e2e-security-js.git $ cd sample04 2 $ yarn install 3 $ yarn build 6 https://github.com/junkurihara/slides-e2e-security-js/ Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 13 / 69
: Hash Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 14 / 69
Hash Hash Hash Hash Hash Hash 7 7 Hash Message Digest Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 15 / 69
1 Hash Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 16 / 69
Hash Hash Checksum Checksum ( ) ⇒ Hash Hash 8 ⇒ Hash Checksum ⊆ Hash 8 Hash Table Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 17 / 69
Hash MD5, SHA-1, SHA-2 (SHA-256, 384, 512), SHA-3 Hash MD5 SHA-1 Hash( ) 9 9 MD5 220 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 18 / 69
Hash SHA-2 bit (= ) bit SHA-1/MD5 Checksum IE/Edge X.509 SHA-1 IE/Edge SHA-1 X.509 JavaScript API Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 19 / 69
JavaScript Hash % yarn execute gen-hash ’hello hash world!’ // hash ’SHA-256’ <Computed Hash> 70c6b0c909b7a3b4932e6e6d27c6e3c8106b7b9487a4ab9fb27d698b0bee601d // ’SHA-256’ hash ======= % yarn execute gen-hash ’hello hash world!!’ // 1 <Computed Hash> c1a548f16bc6cd013fb76f59c982c6dbc57d390d9a470e09b35d716c7716ab47 // hash ======= % yarn execute gen-hash ’hello hash world!’ -h ’SHA3-256’ // -h hash <Computed Hash> cb352b3d82d5911b99774fcf534bfd024fc58ef58fb67db14f504931da9a333d ======= bash SHA-256 hash % echo -n ’hello hash world!’ | shasum -a 256 70c6b0c909b7a3b4932e6e6d27c6e3c8106b7b9487a4ab9fb27d698b0bee601d - Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 20 / 69
Hash jscu10 hash (src/test-apis.js) // hashName = ’SHA-256’, ’SHA-384’, ’SHA-512’, ’SHA-1’, ’SHA3-256’, etc... const jscu = getJscu(); // jscu const binary = jseu.encoder.stringToArrayBuffer(data); // string uint8array return jscu.hash.compute(binary, hashName); // hash promise Node.js, SHA3 10 https://github.com/junkurihara/jscu Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 21 / 69
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 22 / 69
2 Message Authentication Code (MAC) ( ) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 23 / 69
MAC/ MAC/ Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 24 / 69
MAC pros/cons Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 25 / 69
Message Authentication Code (MAC) MAC (MAC) MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 26 / 69
MAC : MAC MAC ⇓ MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 27 / 69
( ) 11 11 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 28 / 69
: (false ) 12 MAC (= ) ⇓ 13 12 13 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 29 / 69
MAC pros/cons MAC Pros Cons MAC 14 MAC 15 16 ⇒ AES/ 14 AES (CMAC) Hash (HMAC) 15 128–512bits 16 ECDSA 256–512bits RSA 2048bits Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 30 / 69
: MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 31 / 69
Message Authentication Code (MAC) MAC & ( ) 1 MAC 2 MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 32 / 69
MAC HMAC; Hash-based Message Authentication Code CMAC; Cipher-based Message Authentication Code GMAC; Galois Message Authentication Code etc. JS HMAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 33 / 69
HMAC; Hash-based MAC HMAC (RFC2104)17 Hash18 Hash MAC HDKF (RFC5869) AWS Signature v419 17 https://tools.ietf.org/html/rfc2104 18 Keyed Hash 19 AWS S3 REST API MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 34 / 69
Hash Hash (=MAC ) MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 35 / 69
JavaScript HMAC // HMAC Hex hash % yarn execute gen-hex-key 32 <Generated Hex Key> 6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f ======= // HMAC SHA-256 -h % yarn execute gen-hmac ’hello hmac world!’ -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ // Hex <Computed HMAC with SHA-256> 862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a46 ======= // HMAC % yarn execute verify-hmac ’hello hmac world!’ -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ // Hex -m ’862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a46’ // Hex HMAC <Verification result of given HMAC> true ======= Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 36 / 69
// % yarn execute verify-hmac ’hello hmac world!?’ // ? -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ -m ’862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a46’ <Verification result of given HMAC> false ======= // HMAC % yarn execute verify-hmac ’hello hmac world!’ -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ -m ’862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a47’ // <Verification result of given HMAC> false ======= Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 37 / 69
HMAC (src/test-apis.js) const jscu = getJscu(); // hex string string uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const binaryKey = jseu.encoder.hexStringToArrayBuffer(key); // Promsie hash = ’SHA-256’, etc... return jscu.hmac.compute(binaryKey, binaryData, hash); HMAC (src/test-apis.js) const jscu = getJscu(); // hex string string uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const binaryKey = jseu.encoder.hexStringToArrayBuffer(key); const binaryMac = jseu.encoder.hexStringToArrayBuffer(mac); // Promise hash = ’SHA-256’, etc... return jscu.hmac.verify(binaryKey, binaryData, binaryMac, hash); MAC OK Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 38 / 69
MAC (JS ) CMAC; Cipher-based MAC (NIST SP800-38B20 ) (e.g., AES) CBC Hash MAC GMAC; Galois MAC (NIST SP800-38D21 ) (e.g., AES) Galois Counter Mode (GCM) MAC 22 Hash MAC GMAC CMAC/GMAC 20 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf 21 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf 22 F[x]/(x128 +x7 +x2 +x+1) = F2128 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 39 / 69
MAC JS API23 MAC HMAC CMAC, GMAC or npmjs.com 23 WebCrypto API, Node.js Crypto Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 40 / 69
: Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 41 / 69
( ) & : 1 D Hash 24 hash h = Hash(D) 2 hash h SK s = Sign(h, SK) D s : 1 D hash h = Hash(D) 2 hash h s PK Verify(h, s, PK) ∈ {True, False} 24 D (e.g, ) (i.e., hash) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 42 / 69
25 1 hash h s 2 s h h = Hash(D ) 25 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 43 / 69
RSA : RSASSA PSS RSASSA PKCS#1-v1.5 : ECDSA etc.26 JS RSASSA PSS & PKSC#1-v1.5 ECDSA 26 Digital Signature Algorithm; DSA (FIPS PUB 186-4 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 44 / 69
AES-128bits RSA: ≥ 3072bits ECC: ≥ 256bits (i.e., ) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 45 / 69
RSASSA; RSA Signature Scheme with Appendix RSASSA PKCS#1-v1.5 RSASSA PSS h = Hash(D) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 46 / 69
RSASSA PKCS#1-v1.5 (RFC801727 ) RSAES PKCS#1-v1.5 PCKS#1 v1.5 SSL/TLS hash h = Hash(D) DER T m = 0x00||0x01||RandomSequence||0x00||T RSASSA PKCS#1-v1.5 hash 28 PCKS#1 v2.2 (RFC8017) hash RSASSA-PSS 27 https://tools.ietf.org/html/rfc8017 28 Y. Desmedt et al., “A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes,” in Proc. CRYPTO 1985, pp.516–522, 1985. J. Coron (CRYPTO 1999) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 47 / 69
RSASSA-PSS (Probabilistic Signature Scheme, RFC801729 ) RSAES OAEP RFC3447/PKCS#1 v2.1 (2003 ) D (RandomSalt) Hash 2 Padded data m h = Hash(Hash(D), RandomSalt), m = MaskedDataBlock||h||0xBC, MaskedDataBlock RSASSA PKCS#1-v1.5 OAEP RFC PSS 29 https://tools.ietf.org/html/rfc8017 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 48 / 69
: PSS D padded data m Salt Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 49 / 69
JavaScript RSASSA-PSS RFC PSS ( ) % yarn execute gen-rsa-key // RSA -b <Generated RSA Public Key> 30820122300d06092a864886f70d01010105000... // <Generated RSA Private Key> 308204be020100300d06092a864886f70d01010... // ======= % yarn execute sign-rsa-pss ’hello rsa-pss world!’ // RSASSA-PSS -s ’308204be020100300d06092a864886f70d0...’ // <Generated RSASSA-PSS Signature> 6e7c4632f62e354f0ac40f65c92cd3e5bec5f6f... // ======= % yarn execute verify-rsa-pss ’hello rsa-pss world!’ // RSASSA-PSS -p ’30820122300d06092a864886f70d0101010...’ // -t ’6e7c4632f62e354f0ac40f65c92cd3e5bec...’ // <Verification Result of RSASSA-PSS Signature> true // ======= hash -h Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 50 / 69
(src/test-apis.js) const jscu = getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const privateKeyDer = jseu.encoder.hexStringToArrayBuffer(privateKeyHex); const privateKey = new jscu.Key(’der’, privateKeyDer); // DER // hash = ’SHA-256’, saltLength = 32 return jscu.pkc.sign( binaryData, privateKey, hash, // hash {name: ’RSA-PSS’, saltLength} ); RSASSA Hash API Hash Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 51 / 69
(src/test-apis.js) const jscu = getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const publicKeyDer = jseu.encoder.hexStringToArrayBuffer(publicKeyHex); const signature = jseu.encoder.hexStringToArrayBuffer(signatureHex); const publicKey = new jscu.Key(’der’, publicKeyDer); // DER // hash = ’SHA-256’, saltLength = 32 jscu.pkc.verify( binaryData, signature, publicKey, hash, // hash {name: ’RSA-PSS’, saltLength} ); Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 52 / 69
RSASSA-PSS Node.js Crypto/WebCrypto WebCrypto OAEP PSS ( OpenSSL ) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 53 / 69
ECDSA; Elliptic Curve Digital Signature Algorithm ECDSA (NIST FIPS 186-430 ) ECDH 31 NIST FIPS 186-3 (2009 ) Bitcoin blockchain RSASSA padding hash h Signature = SignECDSA(D, SK), {True, False} VerifyECDSA(Signature, D, PK), API 32 OpenSSL 30 https://csrc.nist.gov/publications/detail/fips/186/4/final 31 32 RSASSA Sign/Verify API RSA Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 54 / 69
RSASSA ECDSA ( ) Pros Cons RSASSA ECDSA (e.g., 3072bits) ECDSA (e.g., 512bits (256bits key)) ECDSA Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 55 / 69
JavaScript ECDSA % yarn execute gen-ecc-key // ECC -c <Generated ECC Public Key> 3059301306072a8648ce3d020106082a8648ce3d03010703... // <Generated ECC Private Key> 308193020100301306072a8648ce3d020106082a8648ce3d... // ======= % yarn execute sign-ecdsa ’hello ecdsa world!’ // ECDSA -s ’308193020100301306072a8648ce3d020106082a8648c...’ // <Generated ECDSA Signature> 58e5d15be4e71f7e6fbd4662cdb31eca463ed855114ef8357bed9.... // ======= % yarn execute verify-ecdsa ’hello ecdsa world!’ -p ’3059301306072a8648ce3d020106082a8648ce3d03010...’ // -t ’58e5d15be4e71f7e6fbd4662cdb31eca463ed855114ef...’ // <Verification Result of ECDSA Signature> true // ======= hash -h Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 56 / 69
(src/test-apis.js) const jscu = getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const privateKeyDer = jseu.encoder.hexStringToArrayBuffer(privateKeyHex); const privateKey = new jscu.Key(’der’, privateKeyDer); // DER // hash = ’SHA-256’ return jscu.pkc.sign( binaryData, privateKey, hash, // hash ); Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 57 / 69
(src/test-apis.js) const jscu = getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const publicKeyDer = jseu.encoder.hexStringToArrayBuffer(publicKeyHex); const signature = jseu.encoder.hexStringToArrayBuffer(signatureHex); const publicKey = new jscu.Key(’der’, publicKeyDer); // DER // hash = ’SHA-256’ jscu.pkc.verify( binaryData, signature, publicKey, hash // hash ); RSASSA-PSS Salt API Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 58 / 69
ECDSA Node.js Crypto/WebCrypto 33 33 JavaScript ’P-256K’ Bitcoin blockchain ECDSA jscu pure js Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 59 / 69
MAC/ Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 60 / 69
Q: ⇒ OK Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 61 / 69
1: Trust Anchor End SSH GitHub Trust Anchor Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 62 / 69
2: PKI Verisign Verisign Trust Anchor (Verisign ) 2 Verisign 1 Trust Anchor 34 34 Let’s encrypt (https://letsencrypt.org/) Let’s encrypt Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 63 / 69
MAC MAC : 1 ECDH-ephemeral 2 ECDH-ephemeral + AES HMAC/AES 3 AES HMAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 64 / 69
: Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 65 / 69
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 66 / 69
Hash: SHA-2 MAC: JS HMAC : MAC RSASSA: RSASSA-PSS ECDSA: JavaScript / MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 67 / 69
: iTransfy by Zettant Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 68 / 69
: : recruit@zettant.com URL: https://www.zettant.com Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 69 / 69

More Related Content

PDF
JavaScriptを使って学ぶEnd-to-Endセキュリティ 第1回
byJun Kurihara
 
PDF
JavaScriptを使って学ぶEnd-to-Endセキュリティ 第3回
byJun Kurihara
 
PDF
JavaScriptを使って学ぶEnd-to-Endセキュリティ 第2回
byJun Kurihara
 
PDF
JavaScriptを使って学ぶEnd-to-Endセキュリティ Appendix
byJun Kurihara
 
PDF
Whitepaper: Digipass Authentication for Pulse Connect Secure
byKappa Data
 
PDF
JWT(JSON WEB TOKEN) hand book for beginner
byHieuHuy9
 
PDF
Crypto Strikes Back! (Google 2009)
byNate Lawson
 
PPTX
39110832_39110863Project (1)certificategeneration.pptx
bySaaimSherif
 
JavaScriptを使って学ぶEnd-to-Endセキュリティ 第1回
byJun Kurihara
 
JavaScriptを使って学ぶEnd-to-Endセキュリティ 第3回
byJun Kurihara
 
JavaScriptを使って学ぶEnd-to-Endセキュリティ 第2回
byJun Kurihara
 
JavaScriptを使って学ぶEnd-to-Endセキュリティ Appendix
byJun Kurihara
 
Whitepaper: Digipass Authentication for Pulse Connect Secure
byKappa Data
 
JWT(JSON WEB TOKEN) hand book for beginner
byHieuHuy9
 
Crypto Strikes Back! (Google 2009)
byNate Lawson
 
39110832_39110863Project (1)certificategeneration.pptx
bySaaimSherif
 

Similar to JavaScriptを使って学ぶEnd-to-Endセキュリティ 第4回

PDF
Revisiting authentication - Systems Distributed NYC, 2024
byFrank Denis
 
PPTX
Microservices Security Patterns & Protocols with Spring & PCF
byVMware Tanzu
 
PDF
Javascript Object Signing & Encryption
byAaron Zauner
 
PDF
IRJET- Survey on Blockchain based Digital Certificate System
byIRJET Journal
 
PDF
introduction to jsrsasign
byKenji Urushima
 
PPTX
Bitcoin developer guide
by承翰 蔡
 
PPT
Key Certificates
byphanleson
 
PDF
What Every Software Engineer Should Know About Security and Encryption
byAll Things Open
 
PPT
15 ma cs and signatures
bydrewz lin
 
PDF
Lecture 8.pdfbjnmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
bylrncourse123
 
PPTX
Crypto academy
byPaul Gillingwater, MBA
 
PPT
Security in computer Security in computer
bySandeepGupta229023
 
PDF
CNIT 141: 7. Keyed Hashing
bySam Bowne
 
PDF
Security in mobile banking apps
byAlexandre Teyar
 
PPTX
Authentication in Node.js
byJason Pearson
 
PPTX
Unit 4 DIGITAL SIGNATURE for class.pptx
byTamilSelvi165
 
PDF
Blockchain and Cyber Defense Strategies in new genre times
byanupriti
 
PPTX
Bitcoin MOOC Lecture 1.pptx
byOluseyi Akindeinde
 
PDF
When Crypto Attacks! (Yahoo 2009)
byNate Lawson
 
PDF
UVic Startup Slam September 2014 (Kiind)
bysendwithus
 
Revisiting authentication - Systems Distributed NYC, 2024
byFrank Denis
 
Microservices Security Patterns & Protocols with Spring & PCF
byVMware Tanzu
 
Javascript Object Signing & Encryption
byAaron Zauner
 
IRJET- Survey on Blockchain based Digital Certificate System
byIRJET Journal
 
introduction to jsrsasign
byKenji Urushima
 
Bitcoin developer guide
by承翰 蔡
 
Key Certificates
byphanleson
 
What Every Software Engineer Should Know About Security and Encryption
byAll Things Open
 
15 ma cs and signatures
bydrewz lin
 
Lecture 8.pdfbjnmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
bylrncourse123
 
Crypto academy
byPaul Gillingwater, MBA
 
Security in computer Security in computer
bySandeepGupta229023
 
CNIT 141: 7. Keyed Hashing
bySam Bowne
 
Security in mobile banking apps
byAlexandre Teyar
 
Authentication in Node.js
byJason Pearson
 
Unit 4 DIGITAL SIGNATURE for class.pptx
byTamilSelvi165
 
Blockchain and Cyber Defense Strategies in new genre times
byanupriti
 
Bitcoin MOOC Lecture 1.pptx
byOluseyi Akindeinde
 
When Crypto Attacks! (Yahoo 2009)
byNate Lawson
 
UVic Startup Slam September 2014 (Kiind)
bysendwithus
 

More from Jun Kurihara

PDF
プライバシ保護のためのインターネットアーキテクチャの進化 (2025-07-11)
byJun Kurihara
 
PDF
TLS 1.3におけるハイブリッド耐量子鍵交換 - Hybrid Post Quantum Key Exchange for TLS 1.3
byJun Kurihara
 
PDF
植松友彦先生 著 「研究読本」の2022年バージョン副読本
byJun Kurihara
 
PDF
Hybrid Public Key Encryption (HPKE)
byJun Kurihara
 
PDF
Mutualized Oblivious DNS (μODNS): Hiding a tree in the wild forest
byJun Kurihara
 
PDF
DNS におけるセキュリティ&プライバシ動向
byJun Kurihara
 
PDF
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
byJun Kurihara
 
プライバシ保護のためのインターネットアーキテクチャの進化 (2025-07-11)
byJun Kurihara
 
TLS 1.3におけるハイブリッド耐量子鍵交換 - Hybrid Post Quantum Key Exchange for TLS 1.3
byJun Kurihara
 
植松友彦先生 著 「研究読本」の2022年バージョン副読本
byJun Kurihara
 
Hybrid Public Key Encryption (HPKE)
byJun Kurihara
 
Mutualized Oblivious DNS (μODNS): Hiding a tree in the wild forest
byJun Kurihara
 
DNS におけるセキュリティ&プライバシ動向
byJun Kurihara
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
byJun Kurihara
 

Recently uploaded

PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
final.pdf
byomarbishtawi04
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
final.pdf
byomarbishtawi04
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 

JavaScriptを使って学ぶEnd-to-Endセキュリティ 第4回

  • 1.
    JavaScript End-to-End 4 1),2) 1) 2) January 26,2020 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 1 / 69
  • 2.
    Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 2 / 69
  • 3.
    1,2,3 End-to-End (E2E) JavaScript AES JavaScript(RSA/ ) 3 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 3 / 69
  • 4.
    3 : EphemeralScheme Ephemeral Scheme 1 Perfect Forward Secrecy1 Perfect Forward Secrecy End-to-End 1 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 4 / 69
  • 5.
    Ephemeral Scheme Ephemeral ? 2 2 JunKurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 5 / 69
  • 6.
    E2E MAC 3 4 JavaScript 3 HMAC (RFC2104https://tools.ietf.org/html/rfc2104) 4 RSASSA PKCS#1-v1.5/PSS (PKCS#1 RFC8017 https://tools.ietf.org/html/rfc8017), ECDSA (FIPS PUB186-4 https://csrc.nist.gov/publications/detail/fips/186/4/final) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 6 / 69
  • 7.
    : Web Web : Bash, Git Node.js,npm, yarn Google Chrome and/or Firefox Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 7 / 69
  • 8.
    : 1 &JS 2 AES 3 4MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 8 / 69
  • 9.
    Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 9 / 69
  • 10.
    JavaScript (Node.js) Hash/MAC/ Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 10 / 69
  • 11.
    src/commands-browser.html Node.JS Ephemeral Scheme Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 11 / 69
  • 12.
    : Node.js (> v10)yarn 5 Google Chrome ( ) Firefox Visual Studio Code WebStorm 5 : npm i -g yarn Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 12 / 69
  • 13.
    JavaScript 1 GitHub 6 Clone $git clone https://github.com/junkurihara/slides-e2e-security-js.git $ cd sample04 2 $ yarn install 3 $ yarn build 6 https://github.com/junkurihara/slides-e2e-security-js/ Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 13 / 69
  • 14.
    : Hash Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 14 / 69
  • 15.
    Hash Hash Hash Hash HashHash 7 7 Hash Message Digest Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 15 / 69
  • 16.
    1 Hash Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 16 / 69
  • 17.
    Hash Hash Checksum Checksum ( ) ⇒ Hash Hash 8 ⇒Hash Checksum ⊆ Hash 8 Hash Table Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 17 / 69
  • 18.
    Hash MD5, SHA-1, SHA-2(SHA-256, 384, 512), SHA-3 Hash MD5 SHA-1 Hash( ) 9 9 MD5 220 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 18 / 69
  • 19.
    Hash SHA-2 bit (= ) bit SHA-1/MD5 Checksum IE/Edge X.509SHA-1 IE/Edge SHA-1 X.509 JavaScript API Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 19 / 69
  • 20.
    JavaScript Hash % yarnexecute gen-hash ’hello hash world!’ // hash ’SHA-256’ <Computed Hash> 70c6b0c909b7a3b4932e6e6d27c6e3c8106b7b9487a4ab9fb27d698b0bee601d // ’SHA-256’ hash ======= % yarn execute gen-hash ’hello hash world!!’ // 1 <Computed Hash> c1a548f16bc6cd013fb76f59c982c6dbc57d390d9a470e09b35d716c7716ab47 // hash ======= % yarn execute gen-hash ’hello hash world!’ -h ’SHA3-256’ // -h hash <Computed Hash> cb352b3d82d5911b99774fcf534bfd024fc58ef58fb67db14f504931da9a333d ======= bash SHA-256 hash % echo -n ’hello hash world!’ | shasum -a 256 70c6b0c909b7a3b4932e6e6d27c6e3c8106b7b9487a4ab9fb27d698b0bee601d - Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 20 / 69
  • 21.
    Hash jscu10 hash (src/test-apis.js) // hashName= ’SHA-256’, ’SHA-384’, ’SHA-512’, ’SHA-1’, ’SHA3-256’, etc... const jscu = getJscu(); // jscu const binary = jseu.encoder.stringToArrayBuffer(data); // string uint8array return jscu.hash.compute(binary, hashName); // hash promise Node.js, SHA3 10 https://github.com/junkurihara/jscu Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 21 / 69
  • 22.
    Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 22 / 69
  • 23.
    2 Message Authentication Code(MAC) ( ) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 23 / 69
  • 24.
    MAC/ MAC/ Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 24 / 69
  • 25.
    MAC pros/cons Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 25 / 69
  • 26.
    Message Authentication Code(MAC) MAC (MAC) MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 26 / 69
  • 27.
    MAC : MAC MAC ⇓ MAC Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 27 / 69
  • 28.
    ( ) 11 11 Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 28 / 69
  • 29.
    : (false ) 12 MAC (=) ⇓ 13 12 13 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 29 / 69
  • 30.
    MAC pros/cons MAC Pros Cons MAC14 MAC 15 16 ⇒ AES/ 14 AES (CMAC) Hash (HMAC) 15 128–512bits 16 ECDSA 256–512bits RSA 2048bits Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 30 / 69
  • 31.
    : MAC Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 31 / 69
  • 32.
    Message Authentication Code(MAC) MAC & ( ) 1 MAC 2 MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 32 / 69
  • 33.
    MAC HMAC; Hash-based MessageAuthentication Code CMAC; Cipher-based Message Authentication Code GMAC; Galois Message Authentication Code etc. JS HMAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 33 / 69
  • 34.
    HMAC; Hash-based MAC HMAC(RFC2104)17 Hash18 Hash MAC HDKF (RFC5869) AWS Signature v419 17 https://tools.ietf.org/html/rfc2104 18 Keyed Hash 19 AWS S3 REST API MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 34 / 69
  • 35.
    Hash Hash (=MAC ) MAC Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 35 / 69
  • 36.
    JavaScript HMAC // HMACHex hash % yarn execute gen-hex-key 32 <Generated Hex Key> 6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f ======= // HMAC SHA-256 -h % yarn execute gen-hmac ’hello hmac world!’ -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ // Hex <Computed HMAC with SHA-256> 862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a46 ======= // HMAC % yarn execute verify-hmac ’hello hmac world!’ -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ // Hex -m ’862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a46’ // Hex HMAC <Verification result of given HMAC> true ======= Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 36 / 69
  • 37.
    // % yarn executeverify-hmac ’hello hmac world!?’ // ? -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ -m ’862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a46’ <Verification result of given HMAC> false ======= // HMAC % yarn execute verify-hmac ’hello hmac world!’ -k ’6c9a34e979fc7701330ec75a1bc6acb589ebaf831c7941e042c9ded0b2741d8f’ -m ’862e28454f635541ce194d3e4919327c9823830cb7174286aaced5fc61e96a47’ // <Verification result of given HMAC> false ======= Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 37 / 69
  • 38.
    HMAC (src/test-apis.js) const jscu= getJscu(); // hex string string uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const binaryKey = jseu.encoder.hexStringToArrayBuffer(key); // Promsie hash = ’SHA-256’, etc... return jscu.hmac.compute(binaryKey, binaryData, hash); HMAC (src/test-apis.js) const jscu = getJscu(); // hex string string uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const binaryKey = jseu.encoder.hexStringToArrayBuffer(key); const binaryMac = jseu.encoder.hexStringToArrayBuffer(mac); // Promise hash = ’SHA-256’, etc... return jscu.hmac.verify(binaryKey, binaryData, binaryMac, hash); MAC OK Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 38 / 69
  • 39.
    MAC (JS ) CMAC;Cipher-based MAC (NIST SP800-38B20 ) (e.g., AES) CBC Hash MAC GMAC; Galois MAC (NIST SP800-38D21 ) (e.g., AES) Galois Counter Mode (GCM) MAC 22 Hash MAC GMAC CMAC/GMAC 20 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf 21 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf 22 F[x]/(x128 +x7 +x2 +x+1) = F2128 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 39 / 69
  • 40.
    MAC JS API23 MAC HMAC CMAC, GMACor npmjs.com 23 WebCrypto API, Node.js Crypto Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 40 / 69
  • 41.
    : Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 41 / 69
  • 42.
    ( ) & : 1D Hash 24 hash h = Hash(D) 2 hash h SK s = Sign(h, SK) D s : 1 D hash h = Hash(D) 2 hash h s PK Verify(h, s, PK) ∈ {True, False} 24 D (e.g, ) (i.e., hash) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 42 / 69
  • 43.
    25 1 hash hs 2 s h h = Hash(D ) 25 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 43 / 69
  • 44.
    RSA : RSASSA PSS RSASSAPKCS#1-v1.5 : ECDSA etc.26 JS RSASSA PSS & PKSC#1-v1.5 ECDSA 26 Digital Signature Algorithm; DSA (FIPS PUB 186-4 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 44 / 69
  • 45.
    AES-128bits RSA: ≥ 3072bits ECC:≥ 256bits (i.e., ) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 45 / 69
  • 46.
    RSASSA; RSA SignatureScheme with Appendix RSASSA PKCS#1-v1.5 RSASSA PSS h = Hash(D) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 46 / 69
  • 47.
    RSASSA PKCS#1-v1.5 (RFC801727 ) RSAESPKCS#1-v1.5 PCKS#1 v1.5 SSL/TLS hash h = Hash(D) DER T m = 0x00||0x01||RandomSequence||0x00||T RSASSA PKCS#1-v1.5 hash 28 PCKS#1 v2.2 (RFC8017) hash RSASSA-PSS 27 https://tools.ietf.org/html/rfc8017 28 Y. Desmedt et al., “A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes,” in Proc. CRYPTO 1985, pp.516–522, 1985. J. Coron (CRYPTO 1999) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 47 / 69
  • 48.
    RSASSA-PSS (Probabilistic SignatureScheme, RFC801729 ) RSAES OAEP RFC3447/PKCS#1 v2.1 (2003 ) D (RandomSalt) Hash 2 Padded data m h = Hash(Hash(D), RandomSalt), m = MaskedDataBlock||h||0xBC, MaskedDataBlock RSASSA PKCS#1-v1.5 OAEP RFC PSS 29 https://tools.ietf.org/html/rfc8017 Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 48 / 69
  • 49.
    : PSS D paddeddata m Salt Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 49 / 69
  • 50.
    JavaScript RSASSA-PSS RFC PSS( ) % yarn execute gen-rsa-key // RSA -b <Generated RSA Public Key> 30820122300d06092a864886f70d01010105000... // <Generated RSA Private Key> 308204be020100300d06092a864886f70d01010... // ======= % yarn execute sign-rsa-pss ’hello rsa-pss world!’ // RSASSA-PSS -s ’308204be020100300d06092a864886f70d0...’ // <Generated RSASSA-PSS Signature> 6e7c4632f62e354f0ac40f65c92cd3e5bec5f6f... // ======= % yarn execute verify-rsa-pss ’hello rsa-pss world!’ // RSASSA-PSS -p ’30820122300d06092a864886f70d0101010...’ // -t ’6e7c4632f62e354f0ac40f65c92cd3e5bec...’ // <Verification Result of RSASSA-PSS Signature> true // ======= hash -h Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 50 / 69
  • 51.
    (src/test-apis.js) const jscu =getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const privateKeyDer = jseu.encoder.hexStringToArrayBuffer(privateKeyHex); const privateKey = new jscu.Key(’der’, privateKeyDer); // DER // hash = ’SHA-256’, saltLength = 32 return jscu.pkc.sign( binaryData, privateKey, hash, // hash {name: ’RSA-PSS’, saltLength} ); RSASSA Hash API Hash Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 51 / 69
  • 52.
    (src/test-apis.js) const jscu =getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const publicKeyDer = jseu.encoder.hexStringToArrayBuffer(publicKeyHex); const signature = jseu.encoder.hexStringToArrayBuffer(signatureHex); const publicKey = new jscu.Key(’der’, publicKeyDer); // DER // hash = ’SHA-256’, saltLength = 32 jscu.pkc.verify( binaryData, signature, publicKey, hash, // hash {name: ’RSA-PSS’, saltLength} ); Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 52 / 69
  • 53.
    RSASSA-PSS Node.js Crypto/WebCrypto WebCrypto OAEPPSS ( OpenSSL ) Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 53 / 69
  • 54.
    ECDSA; Elliptic CurveDigital Signature Algorithm ECDSA (NIST FIPS 186-430 ) ECDH 31 NIST FIPS 186-3 (2009 ) Bitcoin blockchain RSASSA padding hash h Signature = SignECDSA(D, SK), {True, False} VerifyECDSA(Signature, D, PK), API 32 OpenSSL 30 https://csrc.nist.gov/publications/detail/fips/186/4/final 31 32 RSASSA Sign/Verify API RSA Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 54 / 69
  • 55.
    RSASSA ECDSA () Pros Cons RSASSA ECDSA (e.g., 3072bits) ECDSA (e.g., 512bits (256bits key)) ECDSA Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 55 / 69
  • 56.
    JavaScript ECDSA % yarnexecute gen-ecc-key // ECC -c <Generated ECC Public Key> 3059301306072a8648ce3d020106082a8648ce3d03010703... // <Generated ECC Private Key> 308193020100301306072a8648ce3d020106082a8648ce3d... // ======= % yarn execute sign-ecdsa ’hello ecdsa world!’ // ECDSA -s ’308193020100301306072a8648ce3d020106082a8648c...’ // <Generated ECDSA Signature> 58e5d15be4e71f7e6fbd4662cdb31eca463ed855114ef8357bed9.... // ======= % yarn execute verify-ecdsa ’hello ecdsa world!’ -p ’3059301306072a8648ce3d020106082a8648ce3d03010...’ // -t ’58e5d15be4e71f7e6fbd4662cdb31eca463ed855114ef...’ // <Verification Result of ECDSA Signature> true // ======= hash -h Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 56 / 69
  • 57.
    (src/test-apis.js) const jscu =getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const privateKeyDer = jseu.encoder.hexStringToArrayBuffer(privateKeyHex); const privateKey = new jscu.Key(’der’, privateKeyDer); // DER // hash = ’SHA-256’ return jscu.pkc.sign( binaryData, privateKey, hash, // hash ); Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 57 / 69
  • 58.
    (src/test-apis.js) const jscu =getJscu(); // uint8array const binaryData = jseu.encoder.stringToArrayBuffer(data); const publicKeyDer = jseu.encoder.hexStringToArrayBuffer(publicKeyHex); const signature = jseu.encoder.hexStringToArrayBuffer(signatureHex); const publicKey = new jscu.Key(’der’, publicKeyDer); // DER // hash = ’SHA-256’ jscu.pkc.verify( binaryData, signature, publicKey, hash // hash ); RSASSA-PSS Salt API Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 58 / 69
  • 59.
    ECDSA Node.js Crypto/WebCrypto 33 33 JavaScript’P-256K’ Bitcoin blockchain ECDSA jscu pure js Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 59 / 69
  • 60.
    MAC/ Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 60 / 69
  • 61.
    Q: ⇒ OK Jun Kurihara(Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 61 / 69
  • 62.
    1: Trust Anchor End SSHGitHub Trust Anchor Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 62 / 69
  • 63.
    2: PKI Verisign Verisign TrustAnchor (Verisign ) 2 Verisign 1 Trust Anchor 34 34 Let’s encrypt (https://letsencrypt.org/) Let’s encrypt Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 63 / 69
  • 64.
    MAC MAC : 1 ECDH-ephemeral 2 ECDH-ephemeral+ AES HMAC/AES 3 AES HMAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 64 / 69
  • 65.
    : Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 65 / 69
  • 66.
    Jun Kurihara (ZettantInc./U-Hyogo) E2E Security with JS 04 January 26, 2020 66 / 69
  • 67.
    Hash: SHA-2 MAC: JS HMAC : MAC RSASSA:RSASSA-PSS ECDSA: JavaScript / MAC Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 67 / 69
  • 68.
    : iTransfy byZettant Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 68 / 69
  • 69.
    : : recruit@zettant.com URL: https://www.zettant.com JunKurihara (Zettant Inc./U-Hyogo) E2E Security with JS 04 January 26, 2020 69 / 69