Shulou(Shulou.com)06/01 Report--

To understand SSL, you must understand cryptography, message digest functions (one-way or hash functions), and digital signatures, which are the topics discussed in many literature (such as [AC96), and provide the basis for confidentiality, integrity, and authentication.

Cryptographic system

Suppose Alice wants to send a message to her bank to transfer funds, and wants the message to be kept secret because it contains information such as her account number and the amount of the transfer. One solution is to use a cryptographic system in which the information to be transmitted is converted into encrypted form so that it can only be read by those who want him to understand it. Once encrypted in this form, the message may only be deciphered with a key, and if not, the message is useless because a good cryptosystem can make it so difficult for people to think that the original text is not worth the effort.

Regular password: also known as symmetric password, requires the sender and receiver to share a key: a small piece of secret information used to encrypt and decrypt. If the key is confidential, then the message may not be readable except for the sender and receiver. If Alice and the bank share a key, they can send confidential information to each other. However, the choice of private communication keys itself may not be unassailable.

Public key cryptography: also known as asymmetric cryptography, defines an algorithm that uses two keys to solve the problem of key exchange, one key for encryption and the other for decryption, which makes it possible to simply publish a key (public key, abbreviation: public key) and retain the other (private key, abbreviation: private key) to receive secret messages.

Anyone can encrypt a message with a public key and only allow the holder of the private key to read it. In this way, Alice may use the public key to encrypt its secret message and send it to the holder of the private key (the bank), which only the bank can decrypt.

Message digest

Although Alice may encrypt its message to make it private, it should be noted that some people may tamper with or replace their original message to transfer funds to their own accounts. One way to ensure the integrity of an Alice message is to send a simple summary of its message to the bank at the same time, so that the bank can compare it with the message itself, and if it matches, the message is correct.

Such methods are called message digests, one-way functions, or hash functions. A message digest is used to establish a shorter and equal representation of a larger and longer message. It is designed to make it extremely difficult to restore a digest to a message, and it is almost impossible to generate the same digest for two different messages, thus ruling out the possibility of replacing one message and maintaining the same digest for the other.

Another challenge for Alice is to ensure that the summary is securely sent to the bank so that the integrity of the message can be ensured.

One solution is to include digital signatures in the digest.

Digital signature

When Alice sends a message to the bank, the bank needs to confirm that the message was indeed sent by her, not by someone who embezzled her account. To do this, you can include a digital signature established by Alice in the message.

Digital signatures are established with encrypted message digests and other information (such as a serial number) and the sender's private key. Although anyone can decrypt the signature with a public key, only the issuer knows its private key, that is, only the holder of the key can sign it. The digest included in the signature is valid only for that message to ensure that no one can change the digest and keep the signature unchanged.

In order to prevent the signature from being deciphered and reused later, the signature contains a serial number. In this way, in case (hypothetically) Alice did not send the message, although she may have signed it, the bank can avoid her fraudulent charges.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.