f5199588 1ec4e0c4 488987ce 742e8109 689bb379 d2d750c0 d915dca3 46a89f75, $B%1! '(B $B5;=Q3+H/K\It(B ", (B 10 $B%i%&%s%I$r;HMQ$7$J$1$l$P$J$i$J$$(B$B!J(BMUST$B!K(B$B!#(B (B64 $B%P%$%H!K! 4)演算処理(ミックス・コラムス)によるデータ変換 IP $B%X%C%@!J(B20 $B%P%$%H!K! '(B0e $B=PHG$rL\E*$KMxMQ2DG=$J8"MxZ$N%3%T! (B ESP $B%Q%1%C%H$NNc!J(Bping 192.168.123.100$B!K(B "(B128 $B%S%C%H$N80$r;HMQ$7$? "(BNIST $B$+$i$N(B AES $B$N;2>HpJs$b4^$^$l$F$$$k!#(B $BIU2C>pJs(B '(B0xc30e32ffedc0774e6aff6af0869f71aa (B$B!J(BMUST NOT$B!K(B$B!#(B, $B0E9f2=$*$h$SI|9f2=MQ$N80$O! 以下スクリプトに、暗号化するファイルのパス(又は Get-ChildItem で得られる fileinfo)と共通鍵のフルパス又は Base64 文字列(-KeyBase64)を与えると、AES256 で暗号化したファイルを作成します(拡張子 .enc) [SHA2-1] NIST, FIPS PUB 180-2 "Specifications for the Secure Hash Standard," August 2002. http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf, [SHA2-2] "Descriptions of SHA-256, SHA-384, and SHA-512." $B0E9f2=8e$N%G! $B%G! $B80! (B, + $B@$3&Cf$GFC5v8";HMQNA$,L5NA$GMxMQ$G$-$k$3$H(B, + $B:GDc(B 128 $B%S%C%H$N%V%m%C%/%5%$%:$r07$($k$3$H(B, + $B:GDc! '(B ESP $B%Z%$%m! a269add0 47ad2d59 13ac19b7 cfbad4a6, $B%1! 24252627 28292a2b 2c2d2e2f 30313233 34353637 01020304 05060708 090a0a04, SPI$B!"%7! "J#@=$*$h$SB>$KDs6!$9$k$3$H$,$G$-$k!#(B ffffffff ffffffff ffffffff ffffffff, $B%*%j%8%J%k$N(B IP $B%X%C%@!"%Q%G%#%s%0!"%Q%G%#%s%0D9! | | $B%Q%G%#%s%0$O!"0E9f2=$5$l$k%G! f663c25d 325c18c6 a9453e19 4e120849 a4870b66 cc6b9965 330013b4 898dc856 IP $B%X%C%@! $B(B04$B!J(BIP-in-IP$B!K(B, $B%*%j%8%J%k$N(BIP$B%X%C%@!"%Q%G%#%s%0!"%Q%G%#%s%0D9! '(B69d08df7 d203329d b093fc49 24e5bd80, $B%*%j%8%J%k%Q%1%C%H! $B4p=`$H$7$F$$$k;29MJ88%(B  "M=B,IT2DG=$G$J$1$l$P$J$i$J$$(B$B!J(BMUST$B!K(B$B!#(B Rijndael $B$N%[! !#(B, $B%1! $B0E9fJ8(B $B! '(B $B80(B $B! IP $B%X%C%@! +---------------+---------------+---------------+---------------+ IP $B%X%C%@!J(B20 $B%P%$%H!K! '(B0xd0a02b3836451753d493665d33f0e886 [IKE] $B$N$h$&$JF0E*804IM}$r;HMQ$7$F$$$k>l9g$O! SPI$B! '(B01020304 05060708 090a '(B192.168.123.200 IV $B%U%#! (B 16 $B?J?tI=5-$G$"$k!J:G=i$K(B "0x" $B$OIU$+$J$$!K!#(B, (Bhttp://csrc.nist.gov/encryption/aes/rijndael/rijndael-unix-refc.tar$B!K!K$K$h$C$F8!>Z$5$l$? AES $B%[!$NJ,@O$KBP$9$k%]%$%s%?$,$"$k!#(B [MODES] Dworkin, M., "Recommendation for Block Cipher Modes of Operation: Methods and Techniques," NIST Special Publication 800-38A, December 2001. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 08000ebd a70a0000 8e9c083d b95b0700 08090a0b 0c0d0e0f 10111213 14151617 (B$B!J(BMUST$B!K(B$B!#(B '(B0xe353779c1079aeb82708942dbe77181a, $B%1! (B32 $B%P%$%H!K! 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f 30313233 34353637, $BA}2C%G! [HMAC-MD5] Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 within ESP and AH", RFC 2403, November 1998. $B%7! '(B [HMAC-MD5] Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 within ESP and AH", RFC 2403, November 1998. "80AG:`$N:G=i$N(B $B%S%C%HJ,!J(B $B$OI,MW$J80D9$r$"$i$o$9!K$+$i, $B:G8e$N(B 4 $B$D$N%F%9%H%1! (BIV $B$rH(B (B ESP $B$K$*$1$k(B CBC $B%b! '(B4500007c 090d0000 4032f926 c0a87b03 c0a87bc8 '(B (B #4$B! IV $B! 2.4. ESP $B%Z%$%m! "FI, (BBCP-11 $B$G8+$k$3$H$,$G$-$k!#(B (B00008765 00000005 $B$=$7$F!"B3$/%V%m%C%/$KBP$7$F$O!"A0$N0E9fJ8%V%m%C%/$,! IV$B! (B00004321 00000001 $B%7! $B$^$?!"$=$l$O! '(B babatt$B!w(Bnttdata.co.jp, $BK\J8=q$H$=$NK]Lu$O! '(B 155-160, February 1997. http://www.research.att.com/~smb/papers/probtxt.pdf. (The AES-CBC Cipher Algorithm and Its Use with IPsec), (B '(B4500007c 08f20000 4032f9a5 c0a87b03 c0a87b64 http://csrc.nist.gov/encryption/aes/round1/r1-ansic.pdf, [PERF-2] Lipmaa, Helger, "AES/Rijndael: speed." $B0E9fJ8(B $B! $B%O%C%7%e%"%k%4%j%:%`$K4X$9$k9MN8;v9`(B, http://www.esat.kuleuven.ac.be/~rijmen/rijndael/, http://csrc.nist.gov/encryption/aes/rijndael/rijndael-unix-refc.tar, http://csrc.nist.gov/publications/fips/fips197/fips-197. [EVALUATION] Ferguson, N. and B. Schneier, "A Cryptographic Evaluation of IPsec," Counterpane Internet Security, Inc., January 2000. http://www.counterpane.com/ipsec.pdf. "(B96 $B%P%$%H!K! IV$B! (Bhttp://www.esat.kuleuven.ac.be/~rijmen/rijndael/ $B$G$"$k!#(B, AES $B$N%[!(Bhttp://www.nist.gov/aes$B!K$K$O! $B%Q%G%#%s%0! 08009f76 a90a0100 b49c083d 02a20400 08090a0b 0c0d0e0f 10111213 14151617 (B #7$B!'%H%s%M%k%b! '(B 1)入力データの分割 (BAES-CBC $B$r;HMQ$7$F0E9f2=$7$? $BAw?.85%"%I%l%9! AES $B$O! "0[$J$k%i%&%s%I?t$r;HMQ$9$k!#(B (B $B4p=`$H$7$F$$$J$$;29MJ88%(B  ":GDc$G$bpJs$rJ]8n$9$k$N$K==J,$G$"$k$HM=B,$5$l$k!#(B $B;29MJ88%(B  '(B 3. $B$r1Q8l0J30$N8@8l$KK]Lu$9$kI,MW$,$"$k>l9g$O$=$N$+$.$j$G$J$$!#(B, $B>e5-$N@)8B$O1JB3E*$J$b$N$G$"$j!"%$%s%? $B(B01$B!J(BICMP$B!K(B, $B%Q%G%#%s%0!"%Q%G%#%s%0D9! '(B02 "(B256 $B%S%C%H$N80D9$r07$($k$3$H(B, (B IV$B! AESは、鍵長やブロック長が可変の共通鍵方式のブロック暗号である。パラメーターとしては、鍵長は3種類あり、128ビット、192ビット、256ビットのいずれかで、ブロック長は1種類、128ビットのみである。そのため、鍵長によって「AES-128」「AES-192」「AES-256」という3種類の表記がある。ただし、鍵長が多いほど安全性が高いもののそれだけ処理速度などが低下するため、十分にセキュリティがしっかりしているとされる「AES-128」が最もよく利用されている。, 暗号化処理の流れを大ざっぱにまとめると、以下のような工程をたどる。 $B(B01$B!J(BICMP$B!K(B, $B%Q%G%#%s%0!"%Q%G%#%s%0D9! (B #1$B! $B$3$N%5%$%H$K$O! http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf, (B Hilarie Orman $B$K!"80D9! "@Hu67$H$NAj8_:nMQ$K$h$j;HMQ$5$l$F$O$J$i$J$$(B$B!J(BMUST$B!K(B$B80$r;}$C$F$$$k!#(B $B%Q%G%#%s%0D9! '(B4500004c 08fe0000 4032f9c9 c0a87b03 c0a87b64 ", (B 12 $B%i%&%s%I$r;HMQ$7$J$1$l$P$J$i$J$$(B$B!J(BMUST$B!K(B$B!#(B http://csrc.nist.gov/encryption/aes/round1/r1report.pdf, [PERF-4] Schneier, B., J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, "Performance Comparison of the AES Submissions." $B08@h%"%I%l%9! $B$=$N$?$a! "(B192 $B%S%C%H! EMail$B! 02a20400 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 0f3af07a9a31a9c684db207eb0ef8e4e $BAw?.85%"%I%l%9! "(B[PERF-4] $B$r;2>H$9$k$3$H!#(B 128 $B%S%C%H$N80$,;HMQ$5$l$?>l9g! AES $B$O! "(B128 $B%S%C%H! $BJ?J8(B $B! (B1 '(B0102 IV $B! [PERF-3] Nechvetal, J., E. Barker, D. Dodson, M. Dworkin, J. Foti and E. Roback, "Status Report on the First Round of the Development of the Advanced Encryption Standard." '(B192.168.123.3 (B IV $B$r4^$`$3$H$K$h$j!"0lIt$N%G!l9g!"$"$k$$$O%G!l9g$G$b! "$=$Ne5-$NCx:n8"I=(B '(B0x8ce82eefbea0da3c44699ed7db51b7d9 6)鍵長に応じた1)~5)の繰り返し処理 (B #6$B!'%H%i%s%9%]! 暗号化したいテキストを入力します. $BAw?.85%"%I%l%9! $B0E9f2=8e$N%G! AES128暗号化ツール by Excel. http://www.counterpane.com/aes-performance.pdf IV$B! [HMAC-SHA] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within ESP and AH", RFC 2404, November 1998. "(BIKE $BAj8_:nMQ$K$*$1$k@lLgE*$J=u8@!J$=$7$F%5%K%F%#%A%'%C%/!J(Bsanity check$B!K!K$rM?$($F$/$l$?$3$H$KBP$7$F46, (B NTT$B%G! '(B45000054 09040000 4001f988 c0a87b03 c0a87bc8 IETF $B$O$9$Y$F$NJ]>Z$rL@pJs$,$$$+$J$k8"Mx$b?/32$7$F$$$J$$$H$$$&J]>Z$d! AESが提唱されて以来、これまで多くの人の手によって解読の可能性やアルゴリズムに脆弱性がないかなどが検証されてきた。また、総当たり攻撃を行った場合に解読までどのくらいの時間がかかるかなども調査された。 '(B