完美前向保密

¥Perfect forward secrecy

术语 前向保密 或完全前向保密描述了密钥协商（即密钥交换）方法的一个特性。也就是说，服务器和客户端密钥用于协商新的临时密钥，这些密钥专门用于且仅用于当前通信会话。实际上，这意味着即使服务器的私钥被泄露，如果攻击者设法获得专门为会话生成的密钥对，通信也只能被窃听者解密。

¥The term forward secrecy or perfect forward secrecy describes a feature of key-agreement (i.e., key-exchange) methods. That is, the server and client keys are used to negotiate new temporary keys that are used specifically and only for the current communication session. Practically, this means that even if the server's private key is compromised, communication can only be decrypted by eavesdroppers if the attacker manages to obtain the key-pair specifically generated for the session.

完美前向保密是通过在每次 TLS/SSL 握手时随机生成密钥对的密钥对来实现的（与对所有会话使用相同的密钥相反）。实现此技术的方法称为 "ephemeral"。

¥Perfect forward secrecy is achieved by randomly generating a key pair for key-agreement on every TLS/SSL handshake (in contrast to using the same key for all sessions). Methods implementing this technique are called "ephemeral".

目前通常使用两种方法来实现完全前向保密（注意传统缩写后面附加的字符 "E"）：

¥Currently two methods are commonly used to achieve perfect forward secrecy (note the character "E" appended to the traditional abbreviations):

• DHE：Diffie-Hellman 密钥协议的临时版本。

  ¥DHE: An ephemeral version of the Diffie-Hellman key-agreement protocol.

• ECDHE：椭圆曲线 Diffie-Hellman 密钥协议的临时版本。

  ¥ECDHE: An ephemeral version of the Elliptic Curve Diffie-Hellman key-agreement protocol.

要将 DHE 与 node:tls 模块一起使用完全前向保密，需要生成 Diffie-Hellman 参数并使用 tls.createSecureContext() 的 dhparam 选项指定它们。下面说明了如何使用 OpenSSL 命令行接口来生成此类参数：

¥To use perfect forward secrecy using DHE with the node:tls module, it is required to generate Diffie-Hellman parameters and specify them with the dhparam option to tls.createSecureContext(). The following illustrates the use of the OpenSSL command-line interface to generate such parameters:

openssl dhparam -outform PEM -out dhparam.pem 2048 拷贝

如果使用 ECDHE 使用完全前向保密，则不需要 Diffie-Hellman 参数，并且将使用默认的 ECDHE 曲线。在创建 TLS 服务器时可以使用 ecdhCurve 属性来指定要使用的受支持曲线的名称列表，有关详细信息，请参阅 tls.createServer()。

¥If using perfect forward secrecy using ECDHE, Diffie-Hellman parameters are not required and a default ECDHE curve will be used. The ecdhCurve property can be used when creating a TLS Server to specify the list of names of supported curves to use, see tls.createServer() for more info.

完美前向保密在 TLSv1.2 之前是可选的，但对于 TLSv1.3 不是可选的，因为所有 TLSv1.3 密码套件都使用 ECDHE。

¥Perfect forward secrecy was optional up to TLSv1.2, but it is not optional for TLSv1.3, because all TLSv1.3 cipher suites use ECDHE.