Shulou(Shulou.com)06/01 Report--

SSL protocol data encryption process is how, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

The following describes the process of data encryption in SSL protocol, the concepts of digital certificate, symmetric encryption, asymmetric encryption and SSL handshake.

SSL

As long as you have heard of HTTPS, you can not have heard of SSL protocol, SSL protocol is a security protocol.

HTTP+SSL = HTTPS

The reason why HTTPS is secure is that it encrypts the transmitted data with the SSL plug-in, so what is the specific encryption method?

Please listen to me. Let's first look at the following two concepts:

Symmetrical encryption

Asymmetric encryption

Do you know what the above two concepts mean? ?

OK, whether you understand it or not, let me explain it to you in my own way:

Honey, have you ever cheated? ? Don't tell me that you haven't cheated during your long student career (how boring your student life is). What are our common methods of cheating? The student who wrote the answer on the note on his arm and thigh asked you to go out. Thank you. Encrypted, of course! For example, out of humanitarianism, I want to help Xiaoming cheat. First of all, before the exam, we will agree on a code to pass the answer to the multiple choice question, touch the hair-A, touch the ear-B, cough-C, stamp the foot-D. so an encryption method was born.

This encryption method is only known to me and Xiaoming. Although the teacher saw me scratching my ear and scratching my cheek, he at best regarded me as a psychopath, and there was no direct evidence that I cheated. Well, Xiao Ming and I know that the encryption method that others do not know is a symmetric encryption algorithm, and the symmetric encryption algorithm is also the most common encryption algorithm in our daily life. This algorithm? Only one, encryption and decryption all use the same key, once? The leak will be over.

With the progress of the times, people find that encryption and decryption actually do not use the same hand. It's OK, as long as the encryption and decryption of the two? As long as there is some kind of relationship.

As a result, an endless stream of asymmetric encryption algorithms have been studied, so what is it based on? Please keep the following sentence in mind:

It is easy to multiply an and b to get the product c, but it is extremely difficult to derive an and b from the product c. That is, it is extremely difficult to decompose a large number.

Do not understand the factorization of children's shoes to face the wall for 5 minutes, so many years of learning math in vain? Throw you Wikipedia links and make up lessons by yourself: factorization

Okay, let's go on, there are two more concepts in the asymmetric encryption algorithm-- the public key c and the private key b.

The usage is as follows: public key encrypted ciphertext can only be decrypted with private key, private key encrypted ciphertext can only be decrypted with public key.

We can disclose the public key freely, because others know that the public key is useless, and the encrypted ciphertext can only be decrypted by the private key. It is extremely difficult to derive an and b from the public key. However, it is clear that using asymmetric encryption is not as efficient as symmetric encryption, because asymmetric encryption requires the process of calculating two keys.

We explain the process of this asymmetric encryption algorithm through two typical Alice and Bob characters in cryptography:

The client is called Alice and the server is called Bob.

Alice: Bob, I'm going to send you a message. Give me your public key.

Bob: OK, this is my public key: 234nkjdfdhjbg324

Alice: received the public key. The message I sent you went like this after being encrypted with the public key: # $# $@ @! $% * (@

Bob: OK, got it, honey. I'll decrypt it with my private key to see what you're really going to send me.

The above process is an asymmetric encryption process, is this process secure? It seems to be safe, even if Charlie (the third participant in the communication) intercepts the ciphertext and the public key and still can't get the plaintext without a private key.

But if the third party Charlie sends Alice his own public key, and then Alice uses the public key given by Charlie to encrypt the ciphertext, and Charlie decrypts it through his own private key, won't the information be leaked? We need to find a way for Alice to judge whether the public key is from Bob or not. So there is the concept of digital certificate.

Digital certificate

Digital certificate is a series of numbers that mark the identity information of all parties in Internet communication, which provides a way to verify the identity of communication entities on Internet. Digital certificate is not a digital ID card, but a seal or seal on the digital ID card (or a signature added to the digital ID card).

The official explanation above seems to have a big head. In fact, it is a message.

The contents of the digital certificate are as follows:

The institution that issued the certificate

Bob's encryption algorithm

The Hash algorithm used by Bob

Bob's public key

Certificate expiration time

Wait

Digital certificates are issued by CA institutions, which are authoritative institutions. We absolutely trust this institution, as for the security of CA institutions. Anyway, 99.99% is safe.

In order to prevent someone from changing the contents of the certificate, there is a concept of digital signature. The so-called digital signature is to do a Hash operation on all the above content, get a fixed length and then pass it to Bob. However, what if someone intercepts the certificate and changes the content while generating a new hash value? With this in mind, the CA institution encrypts the Hash value with its own private key when issuing the certificate, thus preventing the digital certificate from being tampered with.

Okay, let's sort out the whole process:

Step 1: first, when Alice opens a new browser to visit Bob for the first time, she will first ask Alice to install a digital certificate whose main information is the public key of the CA institution.

Step 2: Bob sent the digital certificate issued to him by the CA institution. Alice decrypted CA's Hash-an encrypted with a private key through the public key obtained in the first step (this process is asymmetric encryption), and then used the passed HASH algorithm to generate a Hash-b. If Hash-a = = Hash-b means the authentication is passed, it is indeed sent by Bob.

As mentioned above, this is the whole process of using digital certificates.

By the way, there are many practical examples of asymmetric encryption besides SSL, such as SSH, electronic signature and so on.

As mentioned above, asymmetric encryption has a large amount of computation and is not as efficient as symmetrical encryption. What do we pay most attention to when we open a web page? It's speed! It's speed! It's speed! ???

SSL is very clever at this point. Both sides of the communication encrypt the ciphertext through symmetric encryption, and then use asymmetric encryption to transfer the key used by symmetric encryption. In this way, efficiency and safety can be guaranteed.

Handshake process of SSL Protocol

First of all, let's explain in words:

Step 1: Alice gives information such as the SSL protocol version number, a client random number (Client random, please note that this is the first random number), the encryption method supported by the client, etc.

Step 2: after Bob receives the message, he confirms the encryption method used by both parties and returns information such as digital certificate, random number generated by a server (Server random, note that this is the second random number), etc.

Step 3: Alice confirms the validity of the digital certificate, then generates a new random number (Premaster secret), and then uses the public key in the digital certificate to encrypt the random number and send it to Bob.

Step 4: Bob uses his private key to get the random number sent by Alice (that is, Premaster secret); (the third and fourth steps are the process of asymmetric encryption)

Step 5: Alice and Bob use the agreed encryption method (usually the AES algorithm) to generate a conversation key using the first three random numbers to encrypt the next communication

As the saying goes, a picture is worth a thousand words. I drew a picture to illustrate the process:

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.