http://phpmaster.com/compiling-php-from-source-on-windows/ 에서 참조

Compiling PHP from source code is more commonly done on Unix-type systems. Those working in a Windows environment are more likely to download and install PHP from precompiled packages. And while I don’t disagree it’s easier to use a precompiled solution, even on Unix systems, there are some advantages that can come with compiling a binary from source. In general:

  • You have the ability to fine tune the final product when you compile. Maybe you want to have a particular extension compiled directly into the binary instead of loading it as an external library. Or, perhaps you want to turn off a particular feature which would normally be available by default.
  • You can make tweaks to the compilation process if you’re so inclined which may enhance performance for your particular environment (of course this assumes you already know what you’re doing in which case you wouldn’t be reading this article).
  • Compiling might be the only way to get things to work if the precompiled binaries were built against older versions of supporting software and libraries than you are running on your system.

But be forewarned: compiling can be a frustrating task, especially on Windows! You must ensure your build environment is set up correctly, learn how to use the compiler and other build tools properly, and satisfy any library dependencies. Hopefully this article is your first step in overcoming many of these obstacles.

Setting Up the Build Environment

PHP is written in C and so a C compiler is necessary if you’re going to build PHP from source. C++ is a super set of C, so a good C++ compiler should be able to compile C code as well, though sometimes this isn’t always the case. For Windows, Microsoft’s Visual C++ Express (to which I’ll refer to as VC++ from here after) should suffice and is freely available from Microsoft’s website. I’m using the 2010 edition for this write up.

When choosing your compiler version, you should keep in mind how you will be running PHP. If you’ll be running mod_php with an officially precompiled Apache binary then you’ll want to compile PHP using Visual Studio 6 since that’s the version used to compile Apache. The module needs to target the same runtime library as Apache, in this case msvcrt.dll. If you’re building Apache from source as well, or if you’re going to run PHP as CLI or FastCGI, then this isn’t an issue and 2010 will work just fine.

You’ll also need to install the Windows Software Development Kit (here after SDK) as well. The SDK supplies us with important header files for the Windows platform which we’ll need for a successful compile. It too is available for free; I’m using version 7.1.

Install the compiler first and then the SDK. I won’t discuss the installation since both have a graphical installation wizard to guide you through the process.

Once you have a working compiler set up, download the binary tools and deps packages from windows.php.net/downloads/php-sdk. The binary tools package (I’m using the 20110915 archive) contains development tools like re2c, bison, and some additional commands you’ll need to build PHP. The deps package (I’m using the 5.4 archive since that matches the version of PHP I’ll be compiling) contains the minimum header and library dependencies needed, such as zlib.h.

It probably goes without saying that you’ll want to download the PHP source as well from windows.php.net/download. At the time of this writing, the current version of PHP is 5.4.6 so that’s the version number you’ll see in my examples.

It’s a good idea to create a workspace to which you can unpack the source code to and compile in without mucking up the rest of your system. Create the folder C:PHP-Dev which will serve as the working directory, and then unpack the binary tools archive into it.

Next, extract the contents of the PHP source archive to C:PHP-Dev so you have the php5.4 source folder there, and then extract the deps archive into a sibling deps folder. Your directory structure should look similar to this:

Open the Windows SDK Command Prompt that was installed with the SDK (Start > Microsoft Windows SDK > Windows SDK Command Prompt) and execute these commands:

setenv /release /xp /x86

cd C:PHP-Dev

binphpsdk_setvars.bat

Using the SDK Command Prompt console is desirable over the ordinary cmd.exe console as it sets many environment variables specific for compiling source code. The compile commands later should also be executed in this console.

The flags to setenv set some build properties for the environment; In this case I’ve set the environment to target a Windows XP 32-bit release build. You can try and build with /x64 if you’re feeling adventurous, but there are still some issues with it. Specifying different versions of Windows such as /vista will most likely yield problems because of some odd defines in the build scripts (PHP still aims to be XP-compatible). Unless you really know what you are doing, it’s probably safest to stick with the recommended values that I used above.

phpsdk_setvars.bat script then goes on to set some additional environment variables so the build process can find the binary tools.

Keep in mind that all this variable setting is only temporarily for your console’s session. If you close out of the prompt and go back to compile later, you’ll need to run the commands again. If you don’t, you’ll receive errors like the following when you run configure later in the process and be unable to proceed:

Checking for bison.exe ...  <not found>

ERROR: bison is required

Making sure you have the correct build environment, the required sources, and any dependencies is the hardest part of the process. So now that your environment is set up and the source code and dependencies are in their proper place, it’s time to compile!

Compiling PHP

In the SDK Command Prompt, navigate to the PHP source folder and run buildconf. The command is responsible for generating a configuration file which will create a Makefile to drive the compilation process.

After buildconf completes (it should only take a second), run configure --help and examine what functionality you wish to enable/disable, and then re-run configure with any desired options. It’s a good idea to inspect the output before moving on since it will warn you if any of the necessary dependencies are not available. If that happens, you can either install the dependencies and re-run configure again or adjust the invocation to disable the extensions that require them.

Finally, run nmake to kick off the compile.

cd C:PHP-Devphp5.4

buildconf

configure

nmake

nmake test

If either configure or nmake fails, there’s a good chance the problem is one of two things: 1) your environment is not set up correctly, or 2) you’ve enabled a feature which depends on an external library and the library is not installed on your system. Double check that you’ve set up the environment according to the instructions above and that any extra libraries which may be necessary based on your configure options have been installed.

When the first nmake compile process has completed you’ll find your shiny new PHP binaries in the Release_TS folder. nmake test runs the new binaries through a battery of bug tests to make sure things are working as they should be. The results of nmake test are forwarded to the QA team which depends on them to improve PHP, so even though it may take a few minutes to run, it’s the responsible thing to do.

At this point you can also take the extra step of running nmake snap which will create ZIP archives with the binaries which you can copy around.

Compiling Extensions

There are two ways to compile PHP extensions: statically and dynamically. A statically-compiled extension is compiled into the PHP binary itself, while a dynamically-compiled one is a separate DLL which can be loaded later through the php.ini file. Extensions are typically compiled as DLLs, although there are some advantages to static compilation as well; it ultimately it depends on your needs.

To compile PHP extensions on Windows, extract the extension’s source code folder into the ext folder of your PHP source directory. Then, rebuild the configure script by running buildconf --force and re-compile PHP using the appropriate flags to enable the extension.

As an example, let’s compile the AOP extension statically. Download the source code from PECL, and extract it’s folder into ext. Then execute the following:

cd C:PHP-Devphp5.4

buildconf --force

configure --enable-aop

nmake

The --force option to buildconf forces it to rebuild the configuration scripts. Afterwards, run configure --help and you should see the option to include the new extension in the output. In this case, it’s --enable-aop.

When nmake finishes, you’ll have a newly built PHP binary with the AOP extension baked right in.

If you want an extension to be available as a DLL and not baked into PHP, you can follow the same steps as above but specify “shared” as a value to configure’s enable option.

buildconf --force

configure --enable-aop=shared

The resulting DLL will be in the Release_TS folder alongside the PHP binary once compilation has finished, in this case named php_aop.dll.

Compiling on Windows is still a bit tricky, especially when it comes to extensions. The windows version of phpize seems to be broken and I have yet been able to compile a DLL after-the-fact, much like how PECL does. There have been tremendous strides made by the PHP team in the past five years or so towards making PHP just as awesome on Windows as it is on Unix, so hopefully the snags and wrinkles will be ironed out in time. In the meantime, I recommend compiling PHP and your shared DLLs at the same time.

Summary

The ability to compile source code is a good skill to have, especially if you later want modify PHP. Perhaps you want to add new functionality, link against a new library, or just be the next great PHP core developer (they can always use the help!). And now that you know how, feel free to hack and build away!

http://phpmaster.com/compiling-php-from-source-on-windows/ 에서 참조

Compiling PHP from source code is more commonly done on Unix-type systems. Those working in a Windows environment are more likely to download and install PHP from precompiled packages. And while I don’t disagree it’s easier to use a precompiled solution, even on Unix systems, there are some advantages that can come with compiling a binary from source. In general:

  • You have the ability to fine tune the final product when you compile. Maybe you want to have a particular extension compiled directly into the binary instead of loading it as an external library. Or, perhaps you want to turn off a particular feature which would normally be available by default.
  • You can make tweaks to the compilation process if you’re so inclined which may enhance performance for your particular environment (of course this assumes you already know what you’re doing in which case you wouldn’t be reading this article).
  • Compiling might be the only way to get things to work if the precompiled binaries were built against older versions of supporting software and libraries than you are running on your system.

But be forewarned: compiling can be a frustrating task, especially on Windows! You must ensure your build environment is set up correctly, learn how to use the compiler and other build tools properly, and satisfy any library dependencies. Hopefully this article is your first step in overcoming many of these obstacles.

Setting Up the Build Environment

PHP is written in C and so a C compiler is necessary if you’re going to build PHP from source. C++ is a super set of C, so a good C++ compiler should be able to compile C code as well, though sometimes this isn’t always the case. For Windows, Microsoft’s Visual C++ Express (to which I’ll refer to as VC++ from here after) should suffice and is freely available from Microsoft’s website. I’m using the 2010 edition for this write up.

When choosing your compiler version, you should keep in mind how you will be running PHP. If you’ll be running mod_php with an officially precompiled Apache binary then you’ll want to compile PHP using Visual Studio 6 since that’s the version used to compile Apache. The module needs to target the same runtime library as Apache, in this case msvcrt.dll. If you’re building Apache from source as well, or if you’re going to run PHP as CLI or FastCGI, then this isn’t an issue and 2010 will work just fine.

You’ll also need to install the Windows Software Development Kit (here after SDK) as well. The SDK supplies us with important header files for the Windows platform which we’ll need for a successful compile. It too is available for free; I’m using version 7.1.

Install the compiler first and then the SDK. I won’t discuss the installation since both have a graphical installation wizard to guide you through the process.

Once you have a working compiler set up, download the binary tools and deps packages from windows.php.net/downloads/php-sdk. The binary tools package (I’m using the 20110915 archive) contains development tools like re2c, bison, and some additional commands you’ll need to build PHP. The deps package (I’m using the 5.4 archive since that matches the version of PHP I’ll be compiling) contains the minimum header and library dependencies needed, such as zlib.h.

It probably goes without saying that you’ll want to download the PHP source as well from windows.php.net/download. At the time of this writing, the current version of PHP is 5.4.6 so that’s the version number you’ll see in my examples.

It’s a good idea to create a workspace to which you can unpack the source code to and compile in without mucking up the rest of your system. Create the folder C:PHP-Dev which will serve as the working directory, and then unpack the binary tools archive into it.

Next, extract the contents of the PHP source archive to C:PHP-Dev so you have the php5.4 source folder there, and then extract the deps archive into a sibling deps folder. Your directory structure should look similar to this:

Open the Windows SDK Command Prompt that was installed with the SDK (Start > Microsoft Windows SDK > Windows SDK Command Prompt) and execute these commands:

setenv /release /xp /x86

cd C:PHP-Dev

binphpsdk_setvars.bat

Using the SDK Command Prompt console is desirable over the ordinary cmd.exe console as it sets many environment variables specific for compiling source code. The compile commands later should also be executed in this console.

The flags to setenv set some build properties for the environment; In this case I’ve set the environment to target a Windows XP 32-bit release build. You can try and build with /x64 if you’re feeling adventurous, but there are still some issues with it. Specifying different versions of Windows such as /vista will most likely yield problems because of some odd defines in the build scripts (PHP still aims to be XP-compatible). Unless you really know what you are doing, it’s probably safest to stick with the recommended values that I used above.

phpsdk_setvars.bat script then goes on to set some additional environment variables so the build process can find the binary tools.

Keep in mind that all this variable setting is only temporarily for your console’s session. If you close out of the prompt and go back to compile later, you’ll need to run the commands again. If you don’t, you’ll receive errors like the following when you run configure later in the process and be unable to proceed:

Checking for bison.exe ...  <not found>

ERROR: bison is required

Making sure you have the correct build environment, the required sources, and any dependencies is the hardest part of the process. So now that your environment is set up and the source code and dependencies are in their proper place, it’s time to compile!

Compiling PHP

In the SDK Command Prompt, navigate to the PHP source folder and run buildconf. The command is responsible for generating a configuration file which will create a Makefile to drive the compilation process.

After buildconf completes (it should only take a second), run configure --help and examine what functionality you wish to enable/disable, and then re-run configure with any desired options. It’s a good idea to inspect the output before moving on since it will warn you if any of the necessary dependencies are not available. If that happens, you can either install the dependencies and re-run configure again or adjust the invocation to disable the extensions that require them.

Finally, run nmake to kick off the compile.

cd C:PHP-Devphp5.4

buildconf

configure

nmake

nmake test

If either configure or nmake fails, there’s a good chance the problem is one of two things: 1) your environment is not set up correctly, or 2) you’ve enabled a feature which depends on an external library and the library is not installed on your system. Double check that you’ve set up the environment according to the instructions above and that any extra libraries which may be necessary based on your configure options have been installed.

When the first nmake compile process has completed you’ll find your shiny new PHP binaries in the Release_TS folder. nmake test runs the new binaries through a battery of bug tests to make sure things are working as they should be. The results of nmake test are forwarded to the QA team which depends on them to improve PHP, so even though it may take a few minutes to run, it’s the responsible thing to do.

At this point you can also take the extra step of running nmake snap which will create ZIP archives with the binaries which you can copy around.

Compiling Extensions

There are two ways to compile PHP extensions: statically and dynamically. A statically-compiled extension is compiled into the PHP binary itself, while a dynamically-compiled one is a separate DLL which can be loaded later through the php.ini file. Extensions are typically compiled as DLLs, although there are some advantages to static compilation as well; it ultimately it depends on your needs.

To compile PHP extensions on Windows, extract the extension’s source code folder into the ext folder of your PHP source directory. Then, rebuild the configure script by running buildconf --force and re-compile PHP using the appropriate flags to enable the extension.

As an example, let’s compile the AOP extension statically. Download the source code from PECL, and extract it’s folder into ext. Then execute the following:

cd C:PHP-Devphp5.4

buildconf --force

configure --enable-aop

nmake

The --force option to buildconf forces it to rebuild the configuration scripts. Afterwards, run configure --help and you should see the option to include the new extension in the output. In this case, it’s --enable-aop.

When nmake finishes, you’ll have a newly built PHP binary with the AOP extension baked right in.

If you want an extension to be available as a DLL and not baked into PHP, you can follow the same steps as above but specify “shared” as a value to configure’s enable option.

buildconf --force

configure --enable-aop=shared

The resulting DLL will be in the Release_TS folder alongside the PHP binary once compilation has finished, in this case named php_aop.dll.

Compiling on Windows is still a bit tricky, especially when it comes to extensions. The windows version of phpize seems to be broken and I have yet been able to compile a DLL after-the-fact, much like how PECL does. There have been tremendous strides made by the PHP team in the past five years or so towards making PHP just as awesome on Windows as it is on Unix, so hopefully the snags and wrinkles will be ironed out in time. In the meantime, I recommend compiling PHP and your shared DLLs at the same time.

Summary

The ability to compile source code is a good skill to have, especially if you later want modify PHP. Perhaps you want to add new functionality, link against a new library, or just be the next great PHP core developer (they can always use the help!). And now that you know how, feel free to hack and build away!

Well after a couple of months ive figure out (on a win32 box at least) how to implement mod_auth_mysql

First the setup
apache 2.2.4
php 5.2.3
mysql 5.0.41

Now we need the auth module (i used DSO or .SO.. same thing)
head over to the XAMPP website and grab this file:
http://www.apachefriends.org/download.php?xampp-win32-1.6.2.zip
(thats the loose pack for their latest release that includes the mod_auth_mysql.so)

grab the file from the archive
xamppapachemodulesmod_auth_mysql.so
and drop that into your current apache modules directory

Configuring Apache to use the module
-Edit your httpd.conf file and add this:
LoadModule mysql_auth_module modules/mod_auth_mysql.so
to the rest of your modules

-at the very bottom add this
<Directory “*****PATH*****”>
AuthName “MySQL Testing”
AuthType Basic
AuthMySQLHost localhost
AuthMySQLUser mod_auth
AuthMySQLPassword mod_auth
AuthMySQLDB mod_auth_mysql
AuthMySQLUserTable user_info
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLPwEncryption md5
AuthMySQLEnable On
require valid-user
</Directory>

(make sure you replace the *****PATH***** to reflect the directory you are protecting)
(also you need to create this directory in your htdocs structure)

Configure mysql
-import this dump inside of a new database called mod_auth_mysql
CREATE TABLE `user_info` (
  `user_id` int(11) NOT NULL auto_increment,
  `user_name` char(30) collate utf8_unicode_ci NOT NULL,
  `user_passwd` varchar(32) collate utf8_unicode_ci NOT NULL,
  `user_group` char(10) collate utf8_unicode_ci default NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=2 ;

And that should work perfectly… hope that helps… feel free to post questions… il ltry to answer them

Well after a couple of months ive figure out (on a win32 box at least) how to implement mod_auth_mysql

First the setup
apache 2.2.4
php 5.2.3
mysql 5.0.41

Now we need the auth module (i used DSO or .SO.. same thing)
head over to the XAMPP website and grab this file:
http://www.apachefriends.org/download.php?xampp-win32-1.6.2.zip
(thats the loose pack for their latest release that includes the mod_auth_mysql.so)

grab the file from the archive
xamppapachemodulesmod_auth_mysql.so
and drop that into your current apache modules directory

Configuring Apache to use the module
-Edit your httpd.conf file and add this:
LoadModule mysql_auth_module modules/mod_auth_mysql.so
to the rest of your modules

-at the very bottom add this
<Directory “*****PATH*****”>
AuthName “MySQL Testing”
AuthType Basic
AuthMySQLHost localhost
AuthMySQLUser mod_auth
AuthMySQLPassword mod_auth
AuthMySQLDB mod_auth_mysql
AuthMySQLUserTable user_info
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLPwEncryption md5
AuthMySQLEnable On
require valid-user
</Directory>

(make sure you replace the *****PATH***** to reflect the directory you are protecting)
(also you need to create this directory in your htdocs structure)

Configure mysql
-import this dump inside of a new database called mod_auth_mysql
CREATE TABLE `user_info` (
  `user_id` int(11) NOT NULL auto_increment,
  `user_name` char(30) collate utf8_unicode_ci NOT NULL,
  `user_passwd` varchar(32) collate utf8_unicode_ci NOT NULL,
  `user_group` char(10) collate utf8_unicode_ci default NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=2 ;

And that should work perfectly… hope that helps… feel free to post questions… il ltry to answer them

Well after a couple of months ive figure out (on a win32 box at least) how to implement mod_auth_mysql

First the setup
apache 2.2.4
php 5.2.3
mysql 5.0.41

Now we need the auth module (i used DSO or .SO.. same thing)
head over to the XAMPP website and grab this file:
http://www.apachefriends.org/download.php?xampp-win32-1.6.2.zip
(thats the loose pack for their latest release that includes the mod_auth_mysql.so)

grab the file from the archive
xamppapachemodulesmod_auth_mysql.so
and drop that into your current apache modules directory

Configuring Apache to use the module
-Edit your httpd.conf file and add this:
LoadModule mysql_auth_module modules/mod_auth_mysql.so
to the rest of your modules

-at the very bottom add this
<Directory “*****PATH*****”>
AuthName “MySQL Testing”
AuthType Basic
AuthMySQLHost localhost
AuthMySQLUser mod_auth
AuthMySQLPassword mod_auth
AuthMySQLDB mod_auth_mysql
AuthMySQLUserTable user_info
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLPwEncryption md5
AuthMySQLEnable On
require valid-user
</Directory>

(make sure you replace the *****PATH***** to reflect the directory you are protecting)
(also you need to create this directory in your htdocs structure)

Configure mysql
-import this dump inside of a new database called mod_auth_mysql
CREATE TABLE `user_info` (
  `user_id` int(11) NOT NULL auto_increment,
  `user_name` char(30) collate utf8_unicode_ci NOT NULL,
  `user_passwd` varchar(32) collate utf8_unicode_ci NOT NULL,
  `user_group` char(10) collate utf8_unicode_ci default NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=2 ;

And that should work perfectly… hope that helps… feel free to post questions… il ltry to answer them

오래된 암호화 방법이다. 대칭키 알고리즘을 흔히 비밀키 알고리즘이라고도 부른다. A B만이 아는 비밀키를 이용해서 암호화 통신을 한다는데서 기인한다. 여기에서 핵심은 대칭키라는데 있다. 키가 대칭을 이룬다? 이것은 암호화키와 복호화키가 동일하다(대칭을 이룬다)라는 데서 정답을 얻을 수 있다.


 

<그림3-1. 대칭키 알고리즘>

 

<그림3-1>의 예제에서 보듯이 대칭키 알고리즘에서는 암호화를 할 때 사용하는 키와 복호화를 할 때 사용하는 키가 동일해야 한다. Alice‘1234’를 키로서 데이터를 암호화했다면 Bob역시 ‘1234’라는 키를 알아야만 복호화를 할 수 있다는 것이다. 이 대칭키 알고리즘을 사용하는 대표적인 암호화 프로토콜로는 DES(Data Encryption Standard, 56bit, ‘데쓰프로토콜로도 읽는다.), 3DES(Triple DES, 168bit)가 있다. DES를 세번 반복하는 3DES는 상대적으로 안전하기는 하지만 당연히 키 길이가 길어짐으로써 더 느려진다는 단점이 있다. 56bit키를 사용하는 DES는 사용을 권장하지 않는다. 현재 대부분의 상업용 암호화는 128비트 이상의 암호화가 구현되는 것이 일반적이다.

 

이러한 대칭키 알고리즘은 작은 키 길이를 사용함으로써 빠르게 암호화와 복호화가 이루어진다는 장점이 있지만 몇가지 문제점을 안고 있다.

 

첫번째 문제는 암호화 키 교환의 어려움이다. Alice‘1234’라는 암호화키를 이용해서 암호문을 만들었다면 암호화된 메시지를 받은 Bob은 역시 ‘1234’라는 키를 알아야만 한다. Bob은 이 키를 어떻게 알 수 있을까? 이때 사용된 암호화키는 웹사이트에 게시하거나 공유폴더에 저장해 둘수는 없다. Bob이 아닌 제3자가 이 Key를 가져간다면 Alice의 암호문을 해독하는 것이 가능하기 때문이다. 전자메일을 사용해서 key를 전송하는 것 역시 조금은 낫지만 바람직한 방법은 아니다. 결국 안전한 방법은 디스켓에 담아서 직접 상대방에게 가져다 주는 방법을 사용해야 할 것이다. 번거로운 일이 아닐 수 없다. 이것을 해결하기 위해서 SSL, Kerberos등의 다른 암호화 방법과 더불어 키 교환을 제공하고 있지만 대칭키 알고리즘 자체로만 보자면 고려되어야 할 부분이다.

 

두번째 문제는 키 관리의 어려움을 들 수 있다. 예를 들어서 웹사이트 하나가 있고 1만명의 회원이 있다고 하자. 1만명의 모든 회원들은 웹서버에 신용카드번호, 유효기간, 비밀번호 등을 전송해야 하는데 당연히 고려할 점은 웹서버가 아닌 어느 누구도 이 데이터를 열수 있어서는 안된다. 이 경우 키는 몇 개가 필요할까? 웹서버가 한대이니 키도 한 개만 있으면 좋겠지만 아쉽게도 키는 1만개가 있어야 한다. 1만명의 회원들에게 각각 고유한 비밀키를 할당해 주어야 한다는 것이다. Alice라는 회원과 Eve라는 회원의 키가 동일하다면 Alice가 암호화한 데이터를 Eve도 해독할 수 있기 때문이다. 그렇게 되면 Confidentiality는 깨지고 만다.

 

이것에 비해 PKI는 보다 유연한 관리를 가능하게 만든다. 하지만 다음장에서 설명할 PKI는 대칭키 방식에 비해서 키 길이가 길고 알고리즘이 복잡하여 성능면에서 상대적으로 떨어진다. 그런 이유로 현재 사용되는 형태를 보면 대칭키 알고리즘과 공용키 알고리즘이 공존하여 쓰이고 있는 형태이다.

오래된 암호화 방법이다. 대칭키 알고리즘을 흔히 비밀키 알고리즘이라고도 부른다. A B만이 아는 비밀키를 이용해서 암호화 통신을 한다는데서 기인한다. 여기에서 핵심은 대칭키라는데 있다. 키가 대칭을 이룬다? 이것은 암호화키와 복호화키가 동일하다(대칭을 이룬다)라는 데서 정답을 얻을 수 있다.


 

<그림3-1. 대칭키 알고리즘>

 

<그림3-1>의 예제에서 보듯이 대칭키 알고리즘에서는 암호화를 할 때 사용하는 키와 복호화를 할 때 사용하는 키가 동일해야 한다. Alice‘1234’를 키로서 데이터를 암호화했다면 Bob역시 ‘1234’라는 키를 알아야만 복호화를 할 수 있다는 것이다. 이 대칭키 알고리즘을 사용하는 대표적인 암호화 프로토콜로는 DES(Data Encryption Standard, 56bit, ‘데쓰프로토콜로도 읽는다.), 3DES(Triple DES, 168bit)가 있다. DES를 세번 반복하는 3DES는 상대적으로 안전하기는 하지만 당연히 키 길이가 길어짐으로써 더 느려진다는 단점이 있다. 56bit키를 사용하는 DES는 사용을 권장하지 않는다. 현재 대부분의 상업용 암호화는 128비트 이상의 암호화가 구현되는 것이 일반적이다.

 

이러한 대칭키 알고리즘은 작은 키 길이를 사용함으로써 빠르게 암호화와 복호화가 이루어진다는 장점이 있지만 몇가지 문제점을 안고 있다.

 

첫번째 문제는 암호화 키 교환의 어려움이다. Alice‘1234’라는 암호화키를 이용해서 암호문을 만들었다면 암호화된 메시지를 받은 Bob은 역시 ‘1234’라는 키를 알아야만 한다. Bob은 이 키를 어떻게 알 수 있을까? 이때 사용된 암호화키는 웹사이트에 게시하거나 공유폴더에 저장해 둘수는 없다. Bob이 아닌 제3자가 이 Key를 가져간다면 Alice의 암호문을 해독하는 것이 가능하기 때문이다. 전자메일을 사용해서 key를 전송하는 것 역시 조금은 낫지만 바람직한 방법은 아니다. 결국 안전한 방법은 디스켓에 담아서 직접 상대방에게 가져다 주는 방법을 사용해야 할 것이다. 번거로운 일이 아닐 수 없다. 이것을 해결하기 위해서 SSL, Kerberos등의 다른 암호화 방법과 더불어 키 교환을 제공하고 있지만 대칭키 알고리즘 자체로만 보자면 고려되어야 할 부분이다.

 

두번째 문제는 키 관리의 어려움을 들 수 있다. 예를 들어서 웹사이트 하나가 있고 1만명의 회원이 있다고 하자. 1만명의 모든 회원들은 웹서버에 신용카드번호, 유효기간, 비밀번호 등을 전송해야 하는데 당연히 고려할 점은 웹서버가 아닌 어느 누구도 이 데이터를 열수 있어서는 안된다. 이 경우 키는 몇 개가 필요할까? 웹서버가 한대이니 키도 한 개만 있으면 좋겠지만 아쉽게도 키는 1만개가 있어야 한다. 1만명의 회원들에게 각각 고유한 비밀키를 할당해 주어야 한다는 것이다. Alice라는 회원과 Eve라는 회원의 키가 동일하다면 Alice가 암호화한 데이터를 Eve도 해독할 수 있기 때문이다. 그렇게 되면 Confidentiality는 깨지고 만다.

 

이것에 비해 PKI는 보다 유연한 관리를 가능하게 만든다. 하지만 다음장에서 설명할 PKI는 대칭키 방식에 비해서 키 길이가 길고 알고리즘이 복잡하여 성능면에서 상대적으로 떨어진다. 그런 이유로 현재 사용되는 형태를 보면 대칭키 알고리즘과 공용키 알고리즘이 공존하여 쓰이고 있는 형태이다.