Shulou(Shulou.com)06/01 Report--

One: symmetric encryption

In symmetric encryption algorithms, encryption and decryption use the same key.

Two: asymmetric encryption

In asymmetric encryption algorithm, the key used in encryption is different from that used in decryption. One is as a public key, and the other is as a private key that no one can give.

Three: digital certificate

1. Brief introduction of Digital Certificate

Digital certificates are columns of data that mark the identity of each party in Internet communications, providing a way to verify your identity on Internet. Similar to the driver

Driver's license or ID card.

It is issued by an authoritative body-CA (Certificate Authority). People can use it to identify each other on the Internet.

A digital certificate is a file digitally signed by a certificate authority that contains information about the owner of the public key and the public key. The simplest certificate contains a public key, name, and certificate authorization

The digital signature of the center. In general, the certificate also includes the validity time of the key, the name of the issuing authority, the serial number of the certificate and other information. The format of the certificate follows

ITUT X.509 international standard.

two。 A standard X.509 digital certificate contains:

a. Version information of the certificate

b. Serial number of the certificate, each certificate has a unique certificate serial number

c. The signature algorithm used by the certificate

d. The name of the issuer of the certificate. The naming rules are generally in X.500 format.

e. The validity period of the certificate, now the general certificate generally uses the UTC time format, its timing range is 1950-2049

f. The name of the person used in the certificate. The naming rules are generally in X.500 format.

g. The public key of the certificate owner

h. The signature of the certificate by the certificate publisher

3. Basic functions of digital certificate

a. Confidentiality of information

b. Certainty of the identity of the trader

c. Undeniability

d. Can not be modified

Four: the principle of digital certificate

1. The digital certificate establishes a strict identity authentication system by using symmetric and asymmetric cryptography, so as to ensure that the information is except the sender and the receiver.

It will not be stolen by others; the information will not be tampered with during transmission; the sender can confirm the identity of the receiver through the digital certificate; the sender will

One's own information cannot be denied.

two。 The digital certificate adopts the public key system, that is, a pair of matching keys are used for encryption and decryption. Each user sets a private key and uses it for decryption

And signatures. At the same time, a public key is set and disclosed by myself, which is used to encrypt and verify the signature.

3. The user can use his own private key to process the information, and since the private key is only owned by himself, a file that cannot be generated by others is generated.

Digital signature. The use of digital signature can guarantee that the information is sent by the signer's own signature, and the signer cannot deny it or it is difficult to deny it.

No changes have been made until it is received, and the documents issued are authentic.

Fifth: digital signature method

1. According to the Hash algorithm agreed by both parties, a fixed number of digits of the message is obtained. Mathematically guarantee: as long as you change any one of the messages, re-

The calculated message digest will only be inconsistent with the original. This ensures that the message can not be modified.

two。 The digest value of the newspaper is encrypted with the sender's private key, and then sent to the receiver together with the original message, and the resulting message is called digital signature.

3. After receiving the digital signature, the receiver uses the same Hash algorithm to calculate the digest value of the message, and then decrypts the digest value with the sender's public key.

By comparison. If equal, it means that the message does come from the so-called sender.

Six: CA Certificate Authority

As a trusted third party in e-commerce transactions, CA bears the responsibility of verifying the legitimacy of public keys in public key systems. The CA Center is responsible for every user using a public key

Issue a digital certificate that proves that the user listed in the certificate legally owns the public key listed in the certificate.

Seven: the working mode of HTTPS

1. The client initiates a conversation to the server and negotiates to transmit the encryption algorithm. For example, symmetric encryption algorithms include DES,RC5. Key exchange algorithms include RSA and DH, digest algorithm

There are MD5 and SHA

two。 The server sends the server digital certificate to the client. For example, use the combination of DES-RSA-MD5 to communicate. The client can verify the identity of the server

Decide whether to establish a communication.

3. The client transmits the key of this conversation to the server. After checking whether the digital certificate of the server is correct, the server certificate is verified by the certificate issued by the CA institution.

The client generates a key for the local conversation encrypted using the server's public key and sends it to the server after the real validity of the.

4. The server decrypts it with its own private key to obtain the key of this communication.

5. The communication between the two sides officially began.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.