Cryptography & Security: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Jochen (Diskussion | Beiträge) |
Jochen (Diskussion | Beiträge) |
||
| (15 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
= | = OAuth = | ||
== OAuth 2.0 == | |||
* [https://oauth.net/2/ Homepage] | * [https://oauth.net/2/ Homepage] | ||
=== Core === | |||
* [https://tools.ietf.org/html/rfc6749 RFC 6749: The OAuth 2.0 Authorization Framework] | * [https://tools.ietf.org/html/rfc6749 RFC 6749: The OAuth 2.0 Authorization Framework] | ||
* [https://tools.ietf.org/html/rfc6750 RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage] | * [https://tools.ietf.org/html/rfc6750 RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage] | ||
* [https://tools.ietf.org/html/rfc6819 RFC 6819: OAuth 2.0 Threat Model and Security Considerations] | * [https://tools.ietf.org/html/rfc6819 RFC 6819: OAuth 2.0 Threat Model and Security Considerations] | ||
* [https://tools.ietf.org/html/rfc7636 RFC 7636: Proof Key for Code Exchange by OAuth Public Clients] | |||
* [https://tools.ietf.org/html/draft-ietf-oauth-security-topics RFC Draft: OAuth 2.0 Security Best Current Practice] | |||
=== Mobile and Other Devices === | |||
* [https://tools.ietf.org/html/rfc8252 RFC 8252: OAuth 2.0 for Native Apps] | |||
* [https://tools.ietf.org/html/rfc8628 RFC 8628: OAuth 2.0 Device Authorization Grant] | |||
* [https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps RFC Draft: OAuth 2.0 for Browser-Based Apps] | |||
=== Token and Token Management === | |||
* [https://tools.ietf.org/html/rfc7662 RFC 7662: OAuth 2.0 Token Introspection] | |||
* [https://tools.ietf.org/html/rfc7009 RFC 7009: OAuth 2.0 Token Revocation] | |||
* [https://tools.ietf.org/html/rfc7519 RFC 7519: JSON Web Token (JWT)] | |||
=== Discovery and Registration === | |||
* [https://tools.ietf.org/html/rfc8414 RFC 8414: OAuth 2.0 Authorization Server Metadata] | |||
* [https://tools.ietf.org/html/rfc7591 RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol] | |||
* [https://tools.ietf.org/html/rfc7592 RFC 7592: OAuth 2.0 Dynamic Client Registration Management Protocol] | |||
== OAuth 2.1 == | |||
* [https://tools.ietf.org/html/draft-parecki-oauth-v2-1 RFC Draft: The OAuth 2.1 Authorization Framework] | |||
== OAuth Development == | |||
* [https://developers.google.com/oauthplayground/ Google OAuth 2.0 Playground] | * [https://developers.google.com/oauthplayground/ Google OAuth 2.0 Playground] | ||
* [https://developers.google.com/identity/protocols/OAuth2 Using OAuth 2.0 to Access Google APIs] | * [https://developers.google.com/identity/protocols/OAuth2 Using OAuth 2.0 to Access Google APIs] | ||
== Articles == | |||
* [https://pragmaticwebsecurity.com/articles/oauthoidc/localstorage-xss.html Dr. Philippe De Ryck, ''Why avoiding LocalStorage for tokens is the wrong solution''] | |||
<br/> | <br/> | ||
| Zeile 24: | Zeile 60: | ||
* [http://openid.net/specs/openid-connect-frontchannel-1_0.html OpenID Connect Front-Channel Logout 1.0 - draft 01] | * [http://openid.net/specs/openid-connect-frontchannel-1_0.html OpenID Connect Front-Channel Logout 1.0 - draft 01] | ||
* [http://openid.net/specs/openid-connect-backchannel-1_0.html OpenID Connect Back-Channel Logout 1.0 - draft 03] | * [http://openid.net/specs/openid-connect-backchannel-1_0.html OpenID Connect Back-Channel Logout 1.0 - draft 03] | ||
<br/> | |||
= Access / Refresh Token = | |||
* [https://auth0.com/docs/tokens/refresh-token/current Refresh Tokens] | |||
* [https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/ OAuth0 - Refresh Tokens: When to Use Them and How They Interact with JWTs] | |||
* [https://auth0.com/docs/api-auth/tutorials/silent-authentication Silent Authentication] | |||
* [https://auth0.com/blog/5-steps-to-add-modern-authentication-to-legacy-apps-using-jwts/ 5 Steps to Add Modern Authentication to Legacy Apps Using JWTs] | |||
* [https://auth0.com/docs/security/store-tokens Where to Store Tokens] | |||
<br/> | <br/> | ||
= Fast Identity Online (FIDO) = | = Fast Identity Online (FIDO) = | ||
* [https://fidoalliance.org/ FIDO Allianz] | * [https://fidoalliance.org/ FIDO Allianz] | ||
* [https://fidoalliance.org/specifications/download/ Universal Authentication Framework (UAF) / U2F (Universal Second Factor) Specifications] | * [https://fidoalliance.org/specifications/download/ Universal Authentication Framework (UAF) / U2F (Universal Second Factor) Specifications] | ||
| Zeile 43: | Zeile 90: | ||
<br/> | <br/> | ||
= JSON Web Token | = JSON Web Token (JWT) = | ||
* [https://tools.ietf.org/html/rfc7515 RFC 7515: JSON Web Signature (JWS)] | * [https://tools.ietf.org/html/rfc7515 RFC 7515: JSON Web Signature (JWS)] | ||
| Zeile 50: | Zeile 97: | ||
* [https://tools.ietf.org/html/rfc7518 RFC 7518: JSON Web Algorithms (JWA)] | * [https://tools.ietf.org/html/rfc7518 RFC 7518: JSON Web Algorithms (JWA)] | ||
* [https://tools.ietf.org/html/rfc7519 RFC 7519: JSON Web Token (JWT)] | * [https://tools.ietf.org/html/rfc7519 RFC 7519: JSON Web Token (JWT)] | ||
* [https://tools.ietf.org/html/rfc8725 RFC 8725: JSON Web Token Best Current Practices] | |||
<br/> | <br/> | ||
| Zeile 69: | Zeile 117: | ||
* [https://tools.ietf.org/html/rfc6234 RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)] | * [https://tools.ietf.org/html/rfc6234 RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)] | ||
* [http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS PUB 180-4: Secure Hash Standard (SHS)] | * [http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS PUB 180-4: Secure Hash Standard (SHS)] | ||
* [https://tools.ietf.org/html/draft-irtf-cfrg-argon2 RFC Draft: The memory-hard Argon2 password hash and proof-of-work function] | |||
<br/> | <br/> | ||
| Zeile 141: | Zeile 190: | ||
* [https://tools.ietf.org/html/rfc5280 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | * [https://tools.ietf.org/html/rfc5280 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | ||
* [https://tools.ietf.org/html/rfc6818 RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | * [https://tools.ietf.org/html/rfc6818 RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | ||
* [https://tools.ietf.org/html/rfc8398 RFC 8398: Internationalized Email Addresses in X.509 Certificates] | |||
* [https://tools.ietf.org/html/rfc8399 RFC 8399: Internationalization Updates to RFC 5280] | |||
<br/> | <br/> | ||
| Zeile 150: | Zeile 201: | ||
<br/> | <br/> | ||
= | = Encryption Key Management = | ||
== | == Key Management Interoperability Protocol (KMIP) == | ||
* [https:// | * [https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip OASIS Key Management Interoperability Protocol (KMIP) TC] | ||
* [https://wiki.oasis-open.org/kmip/KnownKMIPImplementations KMIP Implementations known to the KMIP TC (OASIS Wiki)] | |||
* [https:// | * [https://de.wikipedia.org/wiki/Key_Management_Interoperability_Protocol Wikipedia (de): Key Management Interoperability Protocol] | ||
* [https:// | * [https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol Wikipedia (en): Key Management Interoperability Protocol] | ||
* [https:// | |||
<br/> | <br/> | ||
| Zeile 165: | Zeile 215: | ||
* [https://tools.ietf.org/html/rfc4648 RFC 4648: The Base16, Base32, and Base64 Data Encodings] | * [https://tools.ietf.org/html/rfc4648 RFC 4648: The Base16, Base32, and Base64 Data Encodings] | ||
* [https://tools.ietf.org/html/rfc4422 RFC 4422: Simple Authentication and Security Layer (SASL)] | * [https://tools.ietf.org/html/rfc4422 RFC 4422: Simple Authentication and Security Layer (SASL)] | ||
<br/> | |||
= Fun = | |||
* [https://de.wikipedia.org/wiki/Internet_Protocol_over_Avian_Carriers Internet Protocol over Avian Carriers] | |||
* [https://tools.ietf.org/html/rfc1149 RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers] | |||
* [https://tools.ietf.org/html/rfc2549 RFC 2549: IP over Avian Carriers with Quality of Service] | |||
* [https://tools.ietf.org/html/rfc6214 RFC 6214: Adaptation of RFC 1149 for IPv6] | |||
<br/> | <br/> | ||
Aktuelle Version vom 2. August 2021, 08:29 Uhr
OAuth
OAuth 2.0
Core
- RFC 6749: The OAuth 2.0 Authorization Framework
- RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- RFC 6819: OAuth 2.0 Threat Model and Security Considerations
- RFC 7636: Proof Key for Code Exchange by OAuth Public Clients
- RFC Draft: OAuth 2.0 Security Best Current Practice
Mobile and Other Devices
- RFC 8252: OAuth 2.0 for Native Apps
- RFC 8628: OAuth 2.0 Device Authorization Grant
- RFC Draft: OAuth 2.0 for Browser-Based Apps
Token and Token Management
- RFC 7662: OAuth 2.0 Token Introspection
- RFC 7009: OAuth 2.0 Token Revocation
- RFC 7519: JSON Web Token (JWT)
Discovery and Registration
- RFC 8414: OAuth 2.0 Authorization Server Metadata
- RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol
- RFC 7592: OAuth 2.0 Dynamic Client Registration Management Protocol
OAuth 2.1
OAuth Development
Articles
OpenID Connect
- Homepage
- OpenID Connect Core 1.0 incorporating errata set 1
- OpenID Connect Discovery 1.0 incorporating errata set 1
- OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1
- OAuth 2.0 Multiple Response Type Encoding Practices
- OAuth 2.0 Form Post Response Mode
- OpenID Connect Session Management 1.0 - draft 27
- OpenID Connect Front-Channel Logout 1.0 - draft 01
- OpenID Connect Back-Channel Logout 1.0 - draft 03
Access / Refresh Token
- Refresh Tokens
- OAuth0 - Refresh Tokens: When to Use Them and How They Interact with JWTs
- Silent Authentication
- 5 Steps to Add Modern Authentication to Legacy Apps Using JWTs
- Where to Store Tokens
Fast Identity Online (FIDO)
- FIDO Allianz
- Universal Authentication Framework (UAF) / U2F (Universal Second Factor) Specifications
Security Assertion Markup Language 2.0 (SAML 2.0)
JSON Web Token (JWT)
- RFC 7515: JSON Web Signature (JWS)
- RFC 7516: JSON Web Encryption (JWE)
- RFC 7517: JSON Web Key (JWK)
- RFC 7518: JSON Web Algorithms (JWA)
- RFC 7519: JSON Web Token (JWT)
- RFC 8725: JSON Web Token Best Current Practices
One Time Passwords
- RFC 2289: A One-Time Password System
- RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm
- RFC 4793: The EAP Protected One-Time Password Protocol (EAP-POTP)
- RFC 6238: TOTP: Time-Based One-Time Password Algorithm
- RFC 6560: One-Time Password (OTP) Pre-Authentication
Einweg-Hashfunktionen
- RFC 1321: The MD5 Message-Digest Algorithm
- RFC 2104: HMAC: Keyed-Hashing for Message Authentication
- RFC 6151: Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
- RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
- FIPS PUB 180-4: Secure Hash Standard (SHS)
- RFC Draft: The memory-hard Argon2 password hash and proof-of-work function
Authentifizierung
- The NTLM Authentication Protocol (PDF)
- RFC 4120: The Kerberos Network Authentication Service (V5)
- RFC 4120: The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2
Challenge Response
- RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms (Updated by RFC 7677)
- RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
Symmetrische Verschlüsselung
- FIPS PUB 46-3: Data Encryption Standard (DES), National Institute of Standards and Technology, October 25, 1999
- FIPS PUB 197: Advanced Encryption Standard (AES), National Institute of Standards and Technology, November 26, 2001
Public-Key Cryptography Standards (PKCS) - RSA Laboratories
- PKCS #1: RSA Cryptography Specifications Version 2.1 (RFC 2313)
- PKCS #1: RSA Cryptography Specifications Version 2.2 (RFC draft-moriarty-pkcs1-03)
- PKCS #3: Diffie-Hellman Key Agreement Standard, Version 1.4
- PKCS #5: Password-Based Cryptography Standard, Version 2.0 (RFC 2898)
- PKCS #5: Password-Based Cryptography Standard, Version 2.1 (RFC draft-moriarty-pkcs5-v2dot1-04)
- PKCS #6: Extended-Certificate Syntax Standard, Version 1.5
- PKCS #7: Cryptographic Message Syntax Standard, Version 1.5 (2315)
- PKCS #8: Private-Key Information Syntax Standard, Version 1.2 (RFC 5208)
- PKCS #8: EncryptedPrivateKeyInfo Media Type (RFC draft-seantek-pkcs8-encrypted-01)
- PKCS #9: Selected Object Classes and Attribute Types Version 2.0 (RFC 2985)
- PKCS #10: Certification Request Syntax Specification Version 1.7 (RFC 2986)
- PKCS #11: URI Scheme (RFC 7512)
- PKCS #12: Personal Information Exchange Syntax Version 1.1 (RFC 7292)
Generic Security Service API (GSS-API)
- RFC 2743: Generic Security Service Application Program Interface Version 2, Update 1
- RFC 5554: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings
- RFC 2479: Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API)
- RFC 2744: Generic Security Service API Version 2 : C-bindings
- RFC 5653: Generic Security Service API Version 2: Java Bindings Update
Pretty Good Privacy (PGP)
Secure / Multipurpose Internet Mail Extensions (S/MIME)
- RFC 1847: Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
- RFC 5751: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 - Message Specification
X.509 Public Key Infrastructure
- RFC 4158: Internet X.509 Public Key Infrastructure: Certification Path Building
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 8398: Internationalized Email Addresses in X.509 Certificates
- RFC 8399: Internationalization Updates to RFC 5280
Transport Layer Security (TLS)
Encryption Key Management
Key Management Interoperability Protocol (KMIP)
- OASIS Key Management Interoperability Protocol (KMIP) TC
- KMIP Implementations known to the KMIP TC (OASIS Wiki)
- Wikipedia (de): Key Management Interoperability Protocol
- Wikipedia (en): Key Management Interoperability Protocol
Misc
- RFC 4648: The Base16, Base32, and Base64 Data Encodings
- RFC 4422: Simple Authentication and Security Layer (SASL)
Fun
- Internet Protocol over Avian Carriers
- RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers
- RFC 2549: IP over Avian Carriers with Quality of Service
- RFC 6214: Adaptation of RFC 1149 for IPv6