您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

安全框架:加密 | 缓解措施Security Frame: Cryptography | Mitigations

产品/服务Product/Service 文章Article
Web 应用程序Web Application
数据库Database
IoT 设备IoT Device
IoT 云网关IoT Cloud Gateway
Dynamics CRM 移动客户端Dynamics CRM Mobile Client
Dynamics CRM Outlook 客户端Dynamics CRM Outlook Client
标识服务器Identity Server

只使用批准的对称块加密法和密钥长度Use only approved symmetric block ciphers and key lengths

标题Title 详细信息Details
组件Component Web 应用程序Web Application
SDL 阶段SDL Phase BuildBuild
适用的技术Applicable Technologies 泛型Generic
属性Attributes 不可用N/A
参考References 不可用N/A
步骤Steps

产品必须只使用已由组织中加密顾问明确批准的对称块加密法和关联的密钥长度。Products must use only those symmetric block ciphers and associated key lengths which have been explicitly approved by the Crypto Advisor in your organization. Microsoft 批准的对称算法包括以下块加密法:Approved symmetric algorithms at Microsoft include the following block ciphers:

  • 对于新代码,可接受 AES-128、AES-192 和 AES-256For new code AES-128, AES-192, and AES-256 are acceptable
  • 为了与现有代码向后兼容,可接受三重密钥 3DESFor backward compatibility with existing code, three-key 3DES is acceptable
  • 使用对称块加密法的产品:For products using symmetric block ciphers:
    • 新代码需要使用高级加密标准 (AES)Advanced Encryption Standard (AES) is required for new code
    • 为了向后兼容,允许在现有代码中使用三重数据加密标准 (3DES)Three-key triple Data Encryption Standard (3DES) is permissible in existing code for backward compatibility
    • 其他所有块加密法,包括 RC2、DES、双重密钥 3DES、DESX 和 Skipjack,只能用于解密旧数据,用于加密时必须改用其他算法All other block ciphers, including RC2, DES, 2 Key 3DES, DESX, and Skipjack, may only be used for decrypting old data, and must be replaced if used for encryption
  • 对于对称块加密算法,必须至少指定 128 位的密钥长度。For symmetric block encryption algorithms, a minimum key length of 128 bits is required. 针对新代码建议的唯一块加密算法为 AES(AES-128、AES-192 和 AES-256 都可接受)The only block encryption algorithm recommended for new code is AES (AES-128, AES-192 and AES-256 are all acceptable)
  • 如果已在现有代码中使用三重密钥 3DES,则可接受该算法;建议过渡到 AES。Three-key 3DES is currently acceptable if already in use in existing code; transition to AES is recommended. 行业不再认为 DES、DESX、RC2 和 Skipjack 是安全的。DES, DESX, RC2, and Skipjack are no longer considered secure. 只能出于向后兼容的目的将这些算法用于解密现有数据,应使用建议的块加密法重新加密数据These algorithms may only be used for decrypting existing data for the sake of backward-compatibility, and data should be re-encrypted using a recommended block cipher

请注意,必须以批准的加密法模式使用所有对称块加密法,这要求使用适当的初始化向量 (IV)。Please note that all symmetric block ciphers must be used with an approved cipher mode, which requires use of an appropriate initialization vector (IV). 适当的 IV 通常是一个随机数,绝对不会是常量值An appropriate IV, is typically a random number and never a constant value

经过组织的加密委员会评审后,允许使用传统的或者未批准的加密算法和更短的密钥长度来读取现有数据(但不能写入新数据)。The use of legacy or otherwise unapproved crypto algorithms and smaller key lengths for reading existing data (as opposed to writing new data) may be permitted after your organization's Crypto Board review. 但是,必须针对此要求申请例外处理。However, you must file for an exception against this requirement. 此外,在企业部署中,如果使用弱加密来读取数据,应考虑在产品中向管理员发出警告。Additionally, in enterprise deployments, products should consider warning administrators when weak crypto is used to read data. 此类警告应是自释性的并指明可采取的措施。Such warnings should be explanatory and actionable. 在某些情况下,可能适合使用组策略来控制弱加密的使用In some cases, it may be appropriate to have Group Policy control the use of weak crypto

为使加密灵活可控而允许的 .NET 算法(按优先顺序列出)Allowed .NET algorithms for managed crypto agility (in order of preference)

  • AesCng(符合 FIPS)AesCng (FIPS compliant)
  • AuthenticatedAesCng(符合 FIPS)AuthenticatedAesCng (FIPS compliant)
  • AESCryptoServiceProvider(符合 FIPS)AESCryptoServiceProvider (FIPS compliant)
  • AESManaged(不符合 FIPS)AESManaged (non-FIPS-compliant)

请注意,在未对 machine.config 文件做出更改的情况下,不能通过 SymmetricAlgorithm.CreateCryptoConfig.CreateFromName 方法指定其中的任何算法。Please note that none of these algorithms can be specified via the SymmetricAlgorithm.Create or CryptoConfig.CreateFromName methods without making changes to the machine.config file. 另请注意,在低于 .NET 3.5 的 .NET 版本中,AES 名为 RijndaelManagedAesCngAuthenticatedAesCng 可通过 CodePlex 获取,在底层 OS 中要求使用 CNGAlso, note that AES in versions of .NET prior to .NET 3.5 is named RijndaelManaged, and AesCng and AuthenticatedAesCng are >available through CodePlex and require CNG in the underlying OS

为对称加密法使用批准的块加密法模式和初始化向量Use approved block cipher modes and initialization vectors for symmetric ciphers

标题Title 详细信息Details
组件Component Web 应用程序Web Application
SDL 阶段SDL Phase BuildBuild
适用的技术Applicable Technologies 泛型Generic
属性Attributes 不可用N/A
参考References 不可用N/A
步骤Steps 必须以批准的对称加密法模式使用所有对称块加密法。All symmetric block ciphers must be used with an approved symmetric cipher mode. 批准的模式只包括 CBC 和 CTS。The only approved modes are CBC and CTS. 具体而言,应当避免电子源码书 (ECB) 操作模式;使用 ECB 必须经得组织加密委员会的评审。In particular, the electronic code book (ECB) mode of operation should be avoided; use of ECB requires your organization's Crypto Board review. 使用 OFB、CFB、CTR、CCM 和 GCM 或其他任何加密模式都经常经得组织加密委员会的评审。All usage of OFB, CFB, CTR, CCM, and GCM or any other encryption mode must be reviewed by your organization's Crypto Board. 对采用“流加密法模式”的块加密法(例如 CTR)重复使用相同的初始化向量 (IV) 可能会导致透露已加密的数据。Reusing the same initialization vector (IV) with block ciphers in "streaming ciphers modes," such as CTR, may cause encrypted data to be revealed. 所有对称块加密法也必须结合适当的初始化向量 (IV) 使用。All symmetric block ciphers must also be used with an appropriate initialization vector (IV). 适当的 IV 通常是一个强加密型随机数,绝对不会是常量值An appropriate IV is a cryptographically strong, random number and never a constant value.

使用批准的非对称算法、密钥长度和填充Use approved asymmetric algorithms, key lengths, and padding

标题Title 详细信息Details
组件Component Web 应用程序Web Application
SDL 阶段SDL Phase BuildBuild
适用的技术Applicable Technologies 泛型Generic
属性Attributes 不可用N/A
参考References 不可用N/A
步骤Steps

使用禁止的加密算法会给产品安全性带来重大风险,因此必须避免使用。The use of banned cryptographic algorithms introduces significant risk to product security and must be avoided. 产品必须只使用经过组织加密委员会明确批准的加密算法和关联的密钥长度和填充。Products must use only those cryptographic algorithms and associated key lengths and padding that have been explicitly approved by your organization's Crypto Board.

  • RSA- 可用于加密、密钥交换和签名。RSA- may be used for encryption, key exchange and signature. RSA 加密必须只使用 OAEP 或 RSA-KEM 填充模式。RSA encryption must use only the OAEP or RSA-KEM padding modes. 现有代码只能出于兼容目的使用 PKCS #1 v1.5 填充模式。Existing code may use PKCS #1 v1.5 padding mode for compatibility only. null 填充已被明确禁止使用。Use of null padding is explicitly banned. 对于新代码,要求使用 >= 2048 位的密钥。Keys >= 2048 bits is required for new code. 现有代码只能出于兼容目的,在经得组织加密委员会的评审后,支持 < 2048 位的密钥。Existing code may support keys < 2048 bits only for backwards compatibility after a review by your organization's Crypto Board. < 1024 位的密钥只能用于解密/验证旧数据,对于加密或签名操作,必须改用其他密钥。Keys < 1024 bits may only be used for decrypting/verifying old data, and must be replaced if used for encryption or signing operations
  • ECDSA- 只能用于签名。ECDSA- may be used for signature only. 对于新代码,要求使用密钥 >= 256 位的 ECDSA。ECDSA with >=256-bit keys is required for new code. 基于 ECDSA 的签名必须使用 NIST 批准的三种曲线算法之一(P-256、P-384 或 P521)。ECDSA-based signatures must use one of the three NIST approved curves (P-256, P-384, or P521). 经过全面分析的曲线算法只能在经得组织加密委员会的评审后使用。Curves that have been thoroughly analyzed may be used only after a review with your organization's Crypto Board.
  • ECDH- 只能用于密钥交换。ECDH- may be used for key exchange only. 对于新代码,要求使用密钥 >= 256 位的 ECDH。ECDH with >=256-bit keys is required for new code. 基于 ECDH 的密钥交换必须使用 NIST 批准的三种曲线算法之一(P-256、P-384 或 P521)。ECDH-based key exchange must use one of the three NIST approved curves (P-256, P-384, or P521). 经过全面分析的曲线算法只能在经得组织加密委员会的评审后使用。Curves that have been thoroughly analyzed may be used only after a review with your organization's Crypto Board.
  • 在经得组织加密委员会的评审和批准后,可接受 DSA-DSA- may be acceptable after review and approval from your organization's Crypto Board. 请与安全顾问联系,安排组织加密委员会的评审。Contact your security advisor to schedule your organization's Crypto Board review. 如果使用 DSA 已获得批准,请注意,需要禁止使用长度小于 2048 位的密钥。If your use of DSA is approved, note that you will need to prohibit use of keys less than 2048 bits in length. 从 Windows 8 和更高版本开始,CNG 支持 2048 位和更长的密钥。CNG supports 2048-bit and greater key lengths as of Windows 8.
  • Diffie-Hellman- 只能用于会话密钥管理。Diffie-Hellman- may be used for session key management only. 对于新代码,要求密钥长度 >= 2048 位。Key length >= 2048 bits is required for new code. 现有代码只能出于向后兼容目的,在经得组织加密委员会的评审后,支持密钥长度 < 2048 位。Existing code may support key lengths < 2048 bits only for backwards compatibility after a review by your organization's Crypto Board. 不可使用 < 1024 位的密钥。Keys < 1024 bits may not be used.

    使用批准的随机数生成器Use approved random number generators

    标题Title 详细信息Details
    组件Component Web 应用程序Web Application
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps

    产品必须使用批准的随机数生成器。Products must use approved random number generators. 因此,在此类代码中不得使用伪随机函数,例如 C 运行时函数 rand、.NET Framework 类 System.Random,或 GetTickCount 等系统函数。Pseudorandom functions such as the C runtime function rand, the .NET Framework class System.Random, or system functions such as GetTickCount must, therefore, never be used in such code. 禁止使用双重椭圆曲线随机数生成器 (DUAL_EC_DRBG) 算法Use of the dual elliptic curve random number generator (DUAL_EC_DRBG) algorithm is prohibited

    • CNG- BCryptGenRandom(除非调用方能够以大于 0 [即 PASSIVE_LEVEL] 的任何 IRQL 运行,否则建议使用 BCRYPT_USE_SYSTEM_PREFERRED_RNG 标志)CNG- BCryptGenRandom(use of the BCRYPT_USE_SYSTEM_PREFERRED_RNG flag recommended unless the caller might run at any IRQL greater than 0 [that is, PASSIVE_LEVEL])
    • CAPI- cryptGenRandomCAPI- cryptGenRandom
    • Win32/64- RtlGenRandom(新的实现应使用 BCryptGenRandom 或 CryptGenRandom)* rand_s * SystemPrng(适用于内核模式)Win32/64- RtlGenRandom (new implementations should use BCryptGenRandom or CryptGenRandom) * rand_s * SystemPrng (for kernel mode)
    • .NET- RNGCryptoServiceProvider 或 RNGCng.NET- RNGCryptoServiceProvider or RNGCng
    • Windows 应用商店应用- Windows.Security.Cryptography.CryptographicBuffer.GenerateRandom 或 .GenerateRandomNumberWindows Store Apps- Windows.Security.Cryptography.CryptographicBuffer.GenerateRandom or .GenerateRandomNumber
    • Apple OS X (10.7+)/iOS(2.0+)- int SecRandomCopyBytes (SecRandomRef random, size_t count, uint8_t *bytes )Apple OS X (10.7+)/iOS(2.0+)- int SecRandomCopyBytes (SecRandomRef random, size_t count, uint8_t *bytes )
    • Apple OS X (<10.7)- 使用 /dev/random 来检索随机数Apple OS X (<10.7)- Use /dev/random to retrieve random numbers
    • Java(包括 Google Android Java 代码)- java.security.SecureRandom 类。Java(including Google Android Java code)- java.security.SecureRandom class. 请注意,对于 Android 4.3 (Jelly Bean),开发人员必须遵循 Android 建议的解决方法并更新其应用程序,使用 /dev/urandom 或 /dev/random 中的熵初始化 PRNGNote that for Android 4.3 (Jelly Bean), developers must follow the Android recommended workaround and update their applications to explicitly initialize the PRNG with entropy from /dev/urandom or /dev/random

    不要使用对称流加密法Do not use symmetric stream ciphers

    标题Title 详细信息Details
    组件Component Web 应用程序Web Application
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps 不得使用对称流加密法,例如 RC4。Symmetric stream ciphers, such as RC4, must not be used. 产品不应使用对称流加密法,应使用块加密法,具体而言,密钥长度至少为 128 位的 AES。Instead of symmetric stream ciphers, products should use a block cipher, specifically AES with a key length of at least 128 bits.

    使用批准的 MAC/HMAC/键控哈希算法Use approved MAC/HMAC/keyed hash algorithms

    标题Title 详细信息Details
    组件Component Web 应用程序Web Application
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps

    产品必须只使用批准的消息身份验证代码 (MAC) 或基于哈希的消息身份验证代码 (HMAC) 算法。Products must use only approved message authentication code (MAC) or hash-based message authentication code (HMAC) algorithms.

    消息身份验证代码 (MAC) 是附加到消息的信息片段,可让其接收方使用机密密钥来验证发送方的真实性和消息的完整性。A message authentication code (MAC) is a piece of information attached to a message that allows its recipient to verify both the authenticity of the sender and the integrity of the message using a secret key. 允许使用基于哈希的 MAC (HMAC) 或基于块加密法的 MAC,前提是所有底层哈希或对称加密算法的使用也已获批准;目前,这些算法包括 HMAC SHA2 函数(HMAC-SHA256、HMAC SHA384 和 HMAC SHA512),以及 CMAC/OMAC1 和 OMAC2 基于块加密法的 MAC(基于 AES)。The use of either a hash-based MAC (HMAC) or block-cipher-based MAC is permissible as long as all underlying hash or symmetric encryption algorithms are also approved for use; currently this includes the HMAC-SHA2 functions (HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512) and the CMAC/OMAC1 and OMAC2 block cipher-based MACs (these are based on AES).

    出于平台兼容性目的,允许使用 HMAC-SHA1,但需要对此过程申请例外处理,并接受组织加密委员会的评审。Use of HMAC-SHA1 may be permissible for platform compatibility, but you will be required to file an exception to this procedure and undergo your organization's Crypto review. 不允许截断小于 128 位的 HMAC。Truncation of HMACs to less than 128 bits is not permitted. 使用客户方法来哈希处理密钥和数据的措施未获批准,在使用之前必须接受组织加密委员会的评审。Using customer methods to hash a key and data is not approved, and must undergo your organization's Crypto Board review prior to use.

    只使用批准的加密哈希函数Use only approved cryptographic hash functions

    标题Title 详细信息Details
    组件Component Web 应用程序Web Application
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps

    产品必须使用 SHA-2 系列的哈希算法(SHA256、SHA384 和 SHA512)。Products must use the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512). 如果需要更短的哈希(例如 128 位输出长度)来适应出于缩短 MD5 哈希目的而设计的数据结构,产品团队可以截断 SHA2 哈希之一(通常为 SHA256)。If a shorter hash is needed, such as a 128-bit output length in order to fit a data structure designed with the shorter MD5 hash in mind, product teams may truncate one of the SHA2 hashes (typically SHA256). 请注意,SHA384 是 SHA512 的截断版本。Note that SHA384 is a truncated version of SHA512. 不允许出于安全目的将加密哈希截断至 128 位以下。Truncation of cryptographic hashes for security purposes to less than 128 bits is not permitted. 新代码必须使用 MD2、MD4、MD5、SHA-0、 SHA-1 或 RIPEMD 哈希算法。New code must not use the MD2, MD4, MD5, SHA-0, SHA-1, or RIPEMD hash algorithms. 对于这些算法,哈希冲突在计算上是可行的,这会有效地破解这些算法。Hash collisions are computationally feasible for these algorithms, which effectively breaks them.

    为使加密灵活可控而允许的 .NET 哈希算法(按优先顺序列出):Allowed .NET hash algorithms for managed crypto agility (in order of preference):

    • SHA512Cng(符合 FIPS)SHA512Cng (FIPS compliant)
    • SHA384Cng(符合 FIPS)SHA384Cng (FIPS compliant)
    • SHA256Cng(符合 FIPS)SHA256Cng (FIPS compliant)
    • SHA512Managed (不符合 FIPS 标准) (在对 HashAlgorithm 或 CryptoConfig 的调用中使用 SHA512 作为算法名称)SHA512Managed (non-FIPS-compliant) (use SHA512 as algorithm name in calls to HashAlgorithm.Create or CryptoConfig.CreateFromName)
    • SHA384Managed (不符合 FIPS 标准) (在对 HashAlgorithm 或 CryptoConfig 的调用中使用 SHA384 作为算法名称)SHA384Managed (non-FIPS-compliant) (use SHA384 as algorithm name in calls to HashAlgorithm.Create or CryptoConfig.CreateFromName)
    • SHA256Managed (不符合 FIPS 标准) (在对 HashAlgorithm 或 CryptoConfig 的调用中使用 SHA256 作为算法名称)SHA256Managed (non-FIPS-compliant) (use SHA256 as algorithm name in calls to HashAlgorithm.Create or CryptoConfig.CreateFromName)
    • SHA512CryptoServiceProvider(符合 FIPS)SHA512CryptoServiceProvider (FIPS compliant)
    • SHA256CryptoServiceProvider(符合 FIPS)SHA256CryptoServiceProvider (FIPS compliant)
    • SHA384CryptoServiceProvider(符合 FIPS)SHA384CryptoServiceProvider (FIPS compliant)

    使用强加密算法加密数据库中的数据Use strong encryption algorithms to encrypt data in the database

    标题Title 详细信息Details
    组件Component 数据库Database
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 选择加密算法Choosing an encryption algorithm
    步骤Steps 加密算法定义了未经授权的用户无法轻松逆转的数据转换。Encryption algorithms define data transformations that cannot be easily reversed by unauthorized users. SQL Server 允许管理员和开发人员从多种算法中选择,包括 DES、三重 DES、TRIPLE_DES_3KEY、RC2、RC4、128 位 RC4、DESX、128 位 AES、192 位 AES 和 256 位 AESSQL Server allows administrators and developers to choose from among several algorithms, including DES, Triple DES, TRIPLE_DES_3KEY, RC2, RC4, 128-bit RC4, DESX, 128-bit AES, 192-bit AES, and 256-bit AES

    应该对 SSIS 包进行加密和数字签名SSIS packages should be encrypted and digitally signed

    标题Title 详细信息Details
    组件Component 数据库Database
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 使用数字签名标识包源威胁和漏洞缓解措施(集成服务)Identify the Source of Packages with Digital Signatures, Threat and Vulnerability Mitigation (Integration Services)
    步骤Steps 包源是指创建包的个人或组织。The source of a package is the individual or organization that created the package. 从未知或不受信任的源运行包可能有风险。Running a package from an unknown or untrusted source might be risky. 为了防止有人未经授权篡改 SSIS 包,应使用数字签名。To prevent unauthorized tampering of SSIS packages, digital signatures should be used. 此外,为确保在存储/传输过程中包的机密性,必须将 SSIS 包加密Also, to ensure the confidentiality of the packages during storage/transit, SSIS packages have to be encrypted

    将数字签名添加到关键的数据库安全对象Add digital signature to critical database securables

    标题Title 详细信息Details
    组件Component 数据库Database
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References ADD SIGNATURE (Transact-SQL)ADD SIGNATURE (Transact-SQL)
    步骤Steps 如果必须验证关键数据库安全对象的完整性,应使用数字签名。In cases where the integrity of a critical database securable has to be verified, digital signatures should be used. 可将数据库安全对象(例如存储过程、函数、程序集或触发器)数字签名。Database securables such as a stored procedure, function, assembly, or trigger can be digitally signed. 下面是数字签名的一个用例:假设某家 ISV(独立软件供应商)需要向其一个客户提供软件支持。Below is an example of when this can be useful: Let us say an ISV (Independent Software Vendor) has provided support to a software delivered to one of their customers. 在提供支持之前,该 ISV 想要确保软件中的数据库安全对象不会因为人为失误或恶意入侵而遭到篡改。Before providing support, the ISV would want to ensure that a database securable in the software was not tampered either by mistake or by a malicious attempt. 如果将安全对象数字签名,该 ISV 就可以验证其数字签名和完整性。If the securable is digitally signed, the ISV can verify its digital signature and validate its integrity.

    使用 SQL Server EKM 保护加密密钥Use SQL server EKM to protect encryption keys

    标题Title 详细信息Details
    组件Component 数据库Database
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References SQL Server 可扩展密钥管理 (EKM)使用 Azure Key Vault (SQL Server) 可扩展密钥管理SQL Server Extensible Key Management (EKM), Extensible Key Management Using Azure Key Vault (SQL Server)
    步骤Steps 使用 SQL Server 可扩展密钥管理可将保护数据库文件的加密密钥存储在智能卡、USB 设备或 EKM/HSM 模块等外部设备中。SQL Server Extensible Key Management enables the encryption keys that protect the database files to be stored in an off-box device such as a smartcard, USB device, or EKM/HSM module. 数据库管理员(sysadmin 组的成员除外)还可以使用它启用数据保护。This also enables data protection from database administrators (except members of the sysadmin group). 可以使用外部 EKM/HSM 模块中只能由数据库用户访问的加密密钥来加密数据。Data can be encrypted by using encryption keys that only the database user has access to on the external EKM/HSM module.

    如果不应向数据库引擎透露加密密钥,请使用 AlwaysEncrypted 功能Use AlwaysEncrypted feature if encryption keys should not be revealed to Database engine

    标题Title 详细信息Details
    组件Component 数据库Database
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies SQL Azure、OnPremSQL Azure, OnPrem
    属性Attributes SQL 版本 - V12、MsSQL2016SQL Version - V12, MsSQL2016
    参考References Always Encrypted(数据库引擎)Always Encrypted (Database Engine)
    步骤Steps Always Encrypted 功能旨在保护 Azure SQL 数据库或 SQL Server 数据库中存储的敏感数据,例如信用卡号或国民身份证号(如美国社会安全号码)。Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. 通过 Always Encrypted,客户可在客户端应用程序中加密敏感数据,永远不会向数据库引擎(SQL 数据库或 SQL Server)透露加密密钥。Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine (SQL Database or SQL Server). 因此,Always Encrypted 将数据所有者与数据管理者区分开来,前者可查看数据,而后者无权访问数据。As a result, Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access)

    在 IoT 设备上安全存储加密密钥Store Cryptographic Keys securely on IoT Device

    标题Title 详细信息Details
    组件Component IoT 设备IoT Device
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 设备 OS - Windows IoT Core、设备连接、Azure IoT 设备 SDKDevice OS - Windows IoT Core, Device Connectivity - Azure IoT device SDKs
    参考References Windows IoT Core 上的 TPM设置 Windows IoT Core 上的 TPMAzure IoT 设备 SDK TPMTPM on Windows IoT Core, Set up TPM on Windows IoT Core, Azure IoT Device SDK TPM
    步骤Steps 对称或证书私钥安全存储在受硬件保护的存储(如 TPM 或智能卡芯片)中。Symmetric or Certificate Private keys securely in a hardware protected storage like TPM or Smart Card chips. Windows 10 IoT Core 支持 TPM 用户,另外还可以使用多个兼容的 TPM: https://docs.microsoft.com/windows/iot-core/secure-your-device/tpm#discrete-tpm-dtpmWindows 10 IoT Core supports the user of a TPM and there are several compatible TPMs that can be used: https://docs.microsoft.com/windows/iot-core/secure-your-device/tpm#discrete-tpm-dtpm. 建议使用固件或离散 TPM。It is recommended to use a Firmware or Discrete TPM. 软件 TPM 只应该用于开发和测试目的。A Software TPM should only be used for development and testing purposes. 获取 TPM 并在其中预配密钥后,应该编写生成令牌的代码,但不要对令牌中的任何敏感信息进行硬编码。Once a TPM is available and the keys are provisioned in it, the code that generates the token should be written without hard coding any sensitive information in it.

    示例Example

    TpmDevice myDevice = new TpmDevice(0);
    // Use logical device 0 on the TPM 
    string hubUri = myDevice.GetHostName(); 
    string deviceId = myDevice.GetDeviceId(); 
    string sasToken = myDevice.GetSASToken(); 
    
    var deviceClient = DeviceClient.Create( hubUri, AuthenticationMethodFactory. CreateAuthenticationWithToken(deviceId, sasToken), TransportType.Amqp); 
    

    可以看到,设备主密钥未出现在代码中,As can be seen, the device primary key is not present in the code. 而是存储在 TPM 的槽 0 中。Instead, it is stored in the TPM at slot 0. TPM 设备生成一个用于连接到 IoT 中心的短期生存的 SAS 令牌。TPM device generates a short-lived SAS token that is then used to connect to the IoT Hub.

    生成足够长的随机对称密钥用于向 IoT 中心进行身份验证Generate a random symmetric key of sufficient length for authentication to IoT Hub

    标题Title 详细信息Details
    组件Component IoT 云网关IoT Cloud Gateway
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 网关选项 - Azure IoT 中心Gateway choice - Azure IoT Hub
    参考References 不可用N/A
    步骤Steps IoT 中心包含设备标识注册表,在预配设备时,会自动生成随机对称密钥。IoT Hub contains a device Identity Registry and while provisioning a device, automatically generates a random Symmetric key. 建议使用此项 Azure IoT 中心标识注册表功能来生成用于身份验证的密钥。It is recommended to use this feature of the Azure IoT Hub Identity Registry to generate the key used for authentication. IoT 中心还允许在创建设备时指定密钥。IoT Hub also allows for a key to be specified while creating the device. 如果在设备预配期间在 IoT 中心外部生成密钥,建议创建随机对称密钥或至少 256 位的密钥。If a key is generated outside of IoT Hub during device provisioning, it is recommended to create a random symmetric key or at least 256 bits.

    确保实施要求使用 PIN 并允许远程擦除的设备管理策略Ensure a device management policy is in place that requires a use PIN and allows remote wiping

    标题Title 详细信息Details
    组件Component Dynamics CRM 移动客户端Dynamics CRM Mobile Client
    SDL 阶段SDL Phase 部署Deployment
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps 确保实施要求使用 PIN 并允许远程擦除的设备管理策略Ensure a device management policy is in place that requires a use PIN and allows remote wiping

    确保实施要求 PIN/密码/自动锁定并加密所有数据的设备管理策略(例如 BitLocker)Ensure a device management policy is in place that requires a PIN/password/auto lock and encrypts all data (e.g. BitLocker)

    标题Title 详细信息Details
    组件Component Dynamics CRM Outlook 客户端Dynamics CRM Outlook Client
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps 确保实施要求 PIN/密码/自动锁定并加密所有数据的设备管理策略(例如 BitLocker)Ensure a device management policy is in place that requires a PIN/password/auto lock and encrypts all data (e.g. BitLocker)

    使用标识服务器时确保滚动更新签名密钥Ensure that signing keys are rolled over when using Identity Server

    标题Title 详细信息Details
    组件Component 标识服务器Identity Server
    SDL 阶段SDL Phase 部署Deployment
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 标识服务器-密钥、签名和加密Identity Server - Keys, Signatures and Cryptography
    步骤Steps 使用标识服务器时确保滚动更新签名密钥。Ensure that signing keys are rolled over when using Identity Server. 参考部分中的链接说明了如何在不中断依赖于标识服务器的应用程序的情况下规划密钥滚动更新。The link in the references section explains how this should be planned without causing outages to applications relying on Identity Server.

    确保在标识服务器中使用强加密型客户端 ID 和客户端密码Ensure that cryptographically strong client ID, client secret are used in Identity Server

    标题Title 详细信息Details
    组件Component 标识服务器Identity Server
    SDL 阶段SDL Phase BuildBuild
    适用的技术Applicable Technologies 泛型Generic
    属性Attributes 不可用N/A
    参考References 不可用N/A
    步骤Steps

    确保在标识服务器中使用强加密型客户端 ID 和客户端密码。Ensure that cryptographically strong client ID, client secret are used in Identity Server. 生成客户端 ID 和机密时,应遵循以下指导原则:The following guidelines should be used while generating a client ID and secret:

    • 以客户端 ID 形式生成随机 GUIDGenerate a random GUID as the client ID
    • 以机密形式生成加密的随机 256 位密钥Generate a cryptographically random 256-bit key as the secret