Shulou(Shulou.com)06/03 Report--

Today, the editor will bring you an article about SSL/TLS protocol. The editor thinks it's pretty good, so I'll share it for you as a reference. Let's follow the editor and have a look.

TLS is called Transport layer Security Protocol (Transport Layer Protocol), which is a set of encrypted communication protocols. Its predecessor is the SSL protocol (secure Sockets layer Protocol, Secure Sockets Layer). The two protocols work similarly, but the TLS protocol makes some improvements to the SSL protocol. SSL/TLS protocol uses encryption to achieve encrypted communication in an open Internet environment, so that both sides of the communication can whisper at ease.

Encrypt

The SSL protocol is based on encryption technology. Encryption and decryption have been in existence since ancient times. For example, the secret affair between men and women in ancient times cannot be known by the two families who have a deep feud with each other. The boy asked the girl if she wanted to elope together. A reply came from the girl the next day, which read:

K FQ

The boy thought over and over with this string of characters for a long time, but did not understand what the girl meant, so he thought that the girl did not want to give up her generous life and elope with him. Until ten years later, the boy had a flash of inspiration and found that if each letter was replaced with two letters in advance of the alphabet, the three characters would become:

I DO

This encryption method is to disrupt the original information according to a certain law. The way to scramble is called the encryption algorithm, and the parameter in the scrambling process is called the cipher code. The above girl's encryption is to replace the original letters with fixed letters on the alphabet. The key is a fixed number of digits of 2. The person who sends the message encrypts the message according to the key, while the person who receives the message uses the same key to decrypt the message. It's like a box with a lock. The sender puts the message in a box and locks it with a key. The person who receives the message opens it with the same key. Encryption and decryption use the same key, which is called symmetric encryption (symmetric encryption).

If one-on-one, then two people need to exchange a key. In theory, if the key is absolutely secure and the encryption algorithm is absolutely complex, symmetric encryption is difficult to crack. However, it is difficult for both sides of the communication to absolutely guarantee the security of the key. Once someone else steals the key, all communications become insecure. Especially in the case of one-to-many, if the same set of keys are shared, then the cracking of one party's communication means the cracking of all communications. Much of the allied intelligence warfare in World War II came from cracking this symmetric encryption key. The allies cracked the encryption of a German agent, so they knew about the encryption of the Nazi headquarters.

The legendary German encryption machine in World War II: Enigma

The weakness of symmetric encryption is that it gives too many people's keys. If you change the way of thinking, only give the secret service lock, and the headquarters keep the key, it will be easy. The agent locks the information into a box and no one can open it unless he goes to headquarters with a single key. It's just that in this way, agents have to wear a lot of locks every time they go out, which is too easy to be identified. The boss of the headquarters thought about it and simply made the lock-making technology public. Agents, or anyone else, can use local materials to make locks according to drawings, but not keys according to drawings. The only key is the one at headquarters. The key above is that the lock is different from the key. If you know the lock, you can't know the key. In this way, the headquarters can publish the method of "making locks" to all users. Each user can use locks to encrypt their credit card information. Even if you are bugged by others, don't worry: only headquarters has the key! In asymmetric encryption, the lock for everyone is called the public key, and the key kept by the headquarters itself is called the private key. Such an encryption algorithm in which keys and locks are separated is called asymmetric encryption (asymmetric encryption).

Asymmetric encryption

The principle of symmetric encryption is relatively intuitive, while asymmetric encryption sounds magical. The ciphertext generated by asymmetric encryption, even if you know the encryption method, can not know the original text. The classical algorithm to realize asymmetric encryption is RSA algorithm. It comes from the wonderful combination of number theory and computer counting. Let's experience the beauty of the RSA algorithm in the following scenario.

I'm undercover at the Dragon and Phoenix Restaurant. You want the following information to be sent to headquarters in an encrypted way:

A CHEF HIDE A BED

The cook hid a bed! This is so important that headquarters needs to be notified immediately. It is important not to let counter-revolutionary cooks know.

The first step is to transcode, that is, to convert English into a corresponding number. This correspondence is easy to establish, such as:

ABCDEFGHI123456789

Transcode the above information to get the following sequence of numbers:

A CHEF HIDE A BED1 3856 8945 1 254

There is nothing secret about this string of numbers. After the cook found the string of numbers, it was easy to guess the alphabet according to the order of the numbers.

In order to compete with the cunning cook, we need to further encrypt this string of numbers. Use the locks sent to us by headquarters, two numbers: 3 and 10. We deal with it in two steps. The first step is to find the multiplier. The first number is 3, that is, the head office instructed us to find the third power of the above number string:

Original string: 1 3 8 5 6 8 9 4 5 1 2 5 4

Cubic power: 1 27 512 125 216 512 729 64 125 1 8 125 64

The second step is to find the remainder. The second locked number is 10. Divide each of the above cubic times by 10 to get the rest:

Remainder: 1 7 2 5 6 2 9 4 5 1 8 5 4

Send this string of numbers back to headquarters. I was secretly seen by the cook on the way, but I couldn't understand the meaning for a moment. If you still correspond to the alphabet as before, the message is:

AGBEFBIDEAHED

This string of letters contains no normal words at all.

The message arrived at headquarters. Headquarters began to interpret it with magic keys. This key is 3. In this simple particle, the key is accidentally the same as a number in the previous lock. But it's just a coincidence. In complex situations, it is easy to make the lock different from the key. The unlocking process is also two steps. The first step is to find the power of the key, that is, the third power. The second step is to find the remainder of dividing them by 10 (one of the locks).

Encrypted information: 1 7 2 5 6 2 9 4 5 1 8 5 4

Cubic power: 1 343 8 125 216 8 729 64 125 1 512 125 64 (here is the "3" of the key)

Except for ten: 1 3 8 5 6 8 9 4 5 1 2 5 4

It's the message we sent. Corresponding to the alphabet, the headquarters can know the original information immediately. At this point, we simply experience the use of the RSA algorithm. In view of the limited space here, the principle of the RSA algorithm will not be explained in detail here. If you are interested, you can refer to my other article: "No power, old wet!" RSA encryption and cracking

SSL protocol

As you can see, asymmetric encryption is more secure than symmetric encryption. But there is no such thing as a free lunch. The operation cost of asymmetric encryption is also high. In order to take into account both efficiency and security, SSL protocol uses both asymmetric and symmetric encryption. It uses a symmetric encryption algorithm to encrypt the information itself. However, for the symmetric encryption keys with fragile security, asymmetric encryption is used to transmit.

SSL protocol is divided into client side and server side. The core steps of communication are simple:

1. The two sides use plaintext communication to establish the encryption algorithm used.

two。 Use asymmetric algorithm to communicate and exchange a key.

3. The key is used in the symmetric encryption algorithm to encrypt the following communication body.

As you can see, the key to the SSL protocol is to exchange a symmetric key in a very secure way. The process of exchange will be a little more complicated than that described above.

1. When a customer initiates a request, a client random number (client random) will be attached in addition to the asymmetric encryption algorithm he supports.

two。 When the server replies to the request, it determines the asymmetric encryption algorithm and hash function, along with the public key. In addition, the server will attach a server-side random number (server random) to this communication.

3. The client will generate a third random number (Premaster secret), and then use the asymmetric encryption algorithm and public key determined by the server to encrypt the random number, and then send it to the server.

4. The client decrypts the third random number with its own private key.

4. In this way, both the client and the server know three random numbers. Both parties use the agreed hash function to obtain the symmetric encryption key from three random numbers.

Even if some information is eavesdropped when communicating in plaintext, the asymmetric encrypted communication part of the third step can ensure that the eavesdropper can not get three random numbers completely. In this way, the eavesdropper still does not know what the key of symmetric encryption is. In this way, the key of symmetric encryption is obtained in a secure environment. For further security, the public key of the server is included in a digital certificate and sent to the customer. In this way, customers can also verify the identity of the server through digital certificates to avoid problems with the server itself.

The more and more widely used HTTPS protocol this year is to communicate on the basis of the SSL/TLS protocol. HTTP protocol has to go through multiple routes in the process of communication, so it is easy to be eavesdropped. Even if the information encrypted by the SSL protocol is eavesdropped, it can only be interpreted by the people at the destination of the communication, thus ensuring the security of the information. Therefore, if the website you visit does not use the HTTPS protocol, think twice before entering sensitive information such as bank account numbers and passwords.

When the lock symbol appears in the browser, it indicates that the accessed resource uses HTTPS communication

These are the details of the SSL/TLS agreement. Have you gained anything after reading it? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.