Shulou(Shulou.com)06/02 Report--

Https how to achieve one-way authentication and two-way authentication, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

1. Http

HyperText Transfer Protocol, Hypertext transfer Protocol, is the most widely used protocol on the Internet, and all WWW files must follow the standard. The data transmitted by HTTP protocol is unencrypted, that is, plaintext, so it is very insecure to use HTTP protocol to transmit private information.

Using the TCP port is: 80

II. Https

Hyper Text Transfer Protocol over Secure Socket Layer, secure Hypertext transfer Protocol and Netscape Formula SSL (Secure Sockets Layer) protocol is designed to encrypt the data transmitted by Http protocol to ensure the security during the session.

Using the TCP port defaults to 443

III. SSL protocol encryption

SSL protocol uses both symmetric encryption and asymmetric encryption (public key encryption). When establishing the transmission link, SSL first uses the public key to encrypt the key of symmetric encryption. After the link is established, SSL uses symmetric encryption for the transmission content.

Symmetrical encryption

High speed, large encrypted content, used to encrypt messages during the session

Public key encryption

Encryption is slower, but provides better authentication technology to encrypt keys for symmetric encryption

IV. One-way authentication

Before establishing a Socket connection, Https needs to shake hands as follows:

1. The client sends the SSL protocol version number, encryption algorithm type, random number and other information to the server.

2. The server returns the SSL protocol version number, encryption algorithm type, random number and other information to the client, as well as the server-side certificate, that is, the public key certificate.

3. The client uses the information returned by the server to verify the validity of the server, including:

Whether the certificate expires

Is the CA of the hairstyle server certificate reliable?

Whether the returned public key can correctly unlock the digital signature in the returned certificate

Whether the domain name on the server certificate matches the actual domain name of the server

After the verification is passed, the communication will continue, otherwise, the communication will be terminated.

4. The client sends the symmetric encryption scheme that it can support to the server for the server to choose.

5. The server chooses the encryption method with the highest degree of encryption among the encryption schemes provided by the client.

6. The server will return the selected encryption scheme to the client in clear text.

7. After receiving the encryption method returned by the server, the client uses the encryption method to generate a random code, which is used as the key for symmetric encryption in the communication process, and the public key returned by the server is used for encryption. The encrypted random code is sent to the server.

8. After receiving the encrypted information returned by the client, the server uses its own private key for decryption to obtain the symmetric encryption key. In the next session, the server and client will use the password for symmetric encryption to ensure the security of the information in the communication process.

V. two-way authentication

The principle of two-way authentication and one-way authentication is basically the same, except that the client needs to authenticate the server, and the server authenticates the client. The specific process is as follows:

1. The client sends the SSL protocol version number, encryption algorithm type, random number and other information to the server.

2. The server returns the SSL protocol version number, encryption algorithm type, random number and other information to the client, as well as the server-side certificate, that is, the public key certificate.

3. The client uses the information returned by the server to verify the validity of the server, including:

Whether the certificate expires

Is the CA of the hairstyle server certificate reliable?

Whether the returned public key can correctly unlock the digital signature in the returned certificate

Whether the domain name on the server certificate matches the actual domain name of the server

After the verification is passed, the communication will continue, otherwise, the communication will be terminated.

4. The server requires the client to send the client's certificate, and the client will send its own certificate to the server.

5. Verify the certificate of the client. After verification, the public key of the client will be obtained.

6. The client sends the symmetric encryption scheme that it can support to the server for the server to choose.

7. The server chooses the encryption method with the highest degree of encryption among the encryption schemes provided by the client.

8. Encrypt the encryption scheme by using the previously obtained public key and return it to the client

9. After receiving the encryption scheme ciphertext returned by the server, the client uses its own private key to decrypt and obtain the specific encryption method, and then generates the random code of the encryption method, which is used as the key in the encryption process. After encrypting with the public key previously obtained from the server certificate, it is sent to the server.

10. After receiving the message sent by the client, the server uses its own private key to decrypt and obtain the symmetric encryption key. In the following session, the server and the client will use the password for symmetric encryption to ensure the security of the information in the communication process.

After reading the above, have you mastered how https realizes one-way authentication and two-way authentication? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.