IPSec,OpenSSL和PGP [英] IPSec vs OpenSSL vs PGP
问题描述
在IP级别采用IPSec,在传输级别采用SSL,在应用程序级别采用PGP.在某些讲座中,它不是说:
IPSec is employed at the IP level, SSL at the transport level and PGP at the application level. In some lecture not it says:
IPSEC:最通用的解决方案,但最不灵活 SSL:仍然非常通用且具有一定的灵活性 PGP:最不普遍,但非常灵活.
IPSEC: Most general solution but least flexible SSL: Still very general and some flexibility PGP: Least general but very flexibel.
我想一般是指我可以保护哪种协议.使用IPSEC,我可以保护使用TCP或UDP的所有内容. PGP是最不通用的,因为它仅加密电子邮件,因此非常具体.这种理解对吗?
I guess the general refers to what kind of protocol I can secure. With IPSEC I can secure everything that uses TCP or UDP. PGP is the least general because it just encrypts emails and is therefore very specific. Is that understanding right?
但是,在这种情况下,我不知道灵活性是指什么,有人知道吗?这与可扩展性有关吗?
However I have no idea for what the flexibilty refers in this context, anyone an idea? Has this to do with extensibility?
谢谢
推荐答案
IPSEC:它是Internet层协议,表示在IP层之上运行的任何内容,例如TCP或UDP,或任何其他较新的协议,将由IPSEC加密.但是,现在,它是一个用于对其上方的数据包/协议进行加密/身份验证的协议,仅此而已,因此,它在 SOME 意义上比其他两个协议更不灵活,但是如果您需要网络,它仍然相当灵活加密.
IPSEC: Its an Internet layer protocol, which means anything that runs above the IP layer, such as TCP or UDP for example, or any other newer protocol, will be encrypted by IPSEC. Now however, it is a protocol for encryption/authentication of the packets/protocol above it and only this, thus its less flexible in SOME sense compared to the other two but its still fairly flexible if you need network encryption.
SSL:是另一种加密协议,与IPSEC类似(我想),但是它的运行层高于IPSEC.基本上,它在应用程序层上运行,这意味着它是一种在TCP,UDP等之上运行的协议.
SSL: Is another encryption protocol, similar (I guess) to IPSEC, however it operates at a higher layer than IPSEC. Basically it operates on the Application layer which means it is a protocol that runs on top of TCP, UDP, etc...
现在,IPSEC的一个问题是它在某些方面具有灵活性,因为它在网络层中较低,但是这也带来了一个问题,即设备需要支持IPSEC协议本身,而廉价的消费者路由器通常不支持.因此,从某种意义上讲, SSL 比IPSEC更灵活,因为它在更高的层上运行.
Now one problem with IPSEC is that its flexible in some respect in that its lower in the network layer, however this also poses problem in that devices needs to support IPSEC protocol itself, and often cheap consumer routers don't. So in a sense SSL would be more flexible than IPSEC because it operates on a higher layer.
PGP:是与SSL/IPSEC完全不同的域,因为SSL/IPSEC将自身限制为网络加密,因此它们不处理文件或其他任何数据的加密,处理的是对正在通过网络的字节"进行加密,并且另一端读入字节后,将不加密地坐在那里.
PGP: Is a completely different domain from SSL/IPSEC, because SSL/IPSEC restricts their-selves to network encryption, they don't deal with encryption of files or any other data, all they deal with is the encryption of "bytes" that are going over the network and once the other end has read in the bytes its going to be sitting there unencrypted.
现在PGP是一种应用程序/标准,您可以使用它使用目标公用密钥来加密文件,然后只有目标公用密钥才能解密该文件.无论如何,您都可以加密文件,电子邮件或其他方式,然后将其通过网络传输到目的地,这将实现相同的目的.但另一方面,您也可以将文件加密后存储在磁盘上,或者将其复制到外部硬盘驱动器上,然后沿着走廊走到目的地.
Now PGP is an application/standard that you can use to encrypt files with your destination public key and then only the destination's private key can decrypt the file. Anyway you can encrypt a file, email, or what so ever then transport it over the network to the destination and it would achieve the same thing. But on the other hand you can also store the file on disk encrypted or copy it to an external harddrive for example, and walk down the hallway and give it to your destination.
因此,总而言之,IPSEC/SSL大致相同,它们运行在不同的网络层上,PGP与IPSEC/SSL是一个完全不同的域,但是您仍然可以使用PGP加密某些数据,然后通过网络.
So in summary IPSEC/SSL are somewhat roughly equivalent, they run on different network layers, and PGP is an entirely different domain from IPSEC/SSL but you can still use PGP to encrypt some piece of data and then transfer it over the network.
因此,从灵活性的角度来看,尤其是在PGP上下文中,您可以将其用于其他事情,例如将加密文件存储在磁盘上,或者可以使用私钥对某些文档/文件进行签名,任何人可以使用您的公钥来证明它来自您.
So really in the sense of flexibility, especially in the PGP context is in that you can use it for other things such as storing encrypted files on disk, or can use your private key to sign some piece of documentation/file and anyone can use your public key to prove that it came from you.
这篇关于IPSec,OpenSSL和PGP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
