“服务通信证书” vs“令牌解密证书” vs“令牌签名证书” [英] "service communication certificate" vs "token-decrypting certificate" vs "token-signing certificate"
问题描述
任何人都明确解释了"服务通信证书"。 vs"令牌解密证书" vs"令牌签名证书"
我知道"令牌解密证书"听起来很明显是解密令牌的证书。
但我不是最好的证书人员。
我想我想要一个关于订单的大图片以及每个人在任何一端的想法沟通..
以及安装的内容和地点....
所以即时设置STS和依赖方虚拟机...
br>对于STS我安装了一个带有文件名的证书...
sts1签署certificate.pfx
在日内瓦服务器上,安装在STS上我应该配置指针到例如,"令牌签名证书"我之前安装的证书。
所以我的理解是签署一条消息,签署它的发件人使用他的私钥..这就是PFX对我意味着什么。
但我是困惑,因为方向没有告诉我在相应的依赖方方面安装任何东西。
我想我需要安装在证书存储区的依赖方方面的公钥才能够重新计算消息的哈希并进行签名比较...
我的逻辑是错误的吗?
这个东西只是背着消息吗?
我猜我很困惑数字签名在签名的SAML令牌和WS-Federation的上下文中的含义
谢谢!!!
Hello Juan,
Token-Signing是Geneva Server STS用于签署其生成的令牌的证书。从日内瓦STS接受令牌的RP和STS需要证书公钥,以便他们可以验证签名。
令牌解密是日内瓦服务器STS将用于解密发送给它的令牌的证书。日内瓦STS信任的STS需要知道证书公钥是什么,因此他们相应地对日内瓦服务器加密令牌。
服务 - 通信是STS在WCF信道级别使用的证书使用信息安全时。
我希望这会有所帮助。
谢谢,
拉米罗
anyone have a clear explanation of
"service communication certificate" vs "token-decrypting certificate" vs "token-signing certificate"
I know it sounds obvious right the "token-decrypting certificate" is the certificate that decrypts the token.
But im not the greatest certificate guy..
i guess i want a big picture of the order these are set up and what each person is thinking at either end of the communication..
and what and where things get installed....
for example
so im setting up the STS and the Relying party VMs...
for the STS I installed a certificate with the file name...
sts1 signing certificate.pfx
in Geneva server, which is installed on the STS
im supposed to configure a pointer to a "token signing certificate"
e.g. the certificate i installed earlier.
so my understanding is that to sign a message the sender who is signing it
uses his private key.. which is what PFX means to me.
but i am confused because the directions have not told me to install anything on the corresponding
relying party side.
I figure I need the public key on the relying party side
installed in the certificate store to be able to recompute the hash of the message and do the signature comparison...
is my logic wrong?
does this stuff just piggy back with the message?
i guess im confused about what a digital signature is in the context of a signed SAML token and WS-Federation
thanks!!!
Hello Juan,
Token-Signing is the certificate that Geneva Server STS will use to sign the token it generates. RPs and STSs accepting tokens from Geneva STS needs what the certificate public key is so they can validate the signature.
Token-Decryption is the certificate Geneva Server STS will use to decrypt tokens sent to it. STSs whom Geneva STS trust need to know what the certificate public key is, so they encrypt the token accordingly to Geneva Server.
Service-Communication is the certificate that is used by the STS at the WCF channel level when using message security.
I hope this helps.
Thanks,
Ramiro
这篇关于“服务通信证书” vs“令牌解密证书” vs“令牌签名证书”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
