Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "will the SSL certificate be cracked?". In the operation of the actual case, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

In recent years, with the increasing frequency of online payment and online trading business, SSL certificate has been favored by many business scenarios, such as online banking, fund trading platform, e-commerce shopping and so on. As the major search engines announced the priority to include https sites, many small and medium-sized websites also began to install and use SSL certificates.

The biggest advantage of SSL certificate is to protect the security of data transmission. When the client sends a request to the server, they will start a series of operations between them, using asymmetric encryption to transfer the session key and establish a connection.

Keys are very important to data security, which makes us wonder whether if the private key of the server is stolen by a third party, does it mean that historical data, data being transmitted, and data to be transmitted in the future will all be cracked?

First of all, we need to understand a question: how do the SSL of both sides of the communication write the encryption / decryption key?

There are two ways:

RSA Key Exchange

First of all, the client authenticates the real identity of the server one-way and trusts the public key of the server's RSA certificate. The client uses pseudorandom functions to randomly generate a string (Pre-Master Key), which is used to encrypt and decrypt transmissions on both sides of the communication, so it is a symmetric encryption.

The client then uses the server's public key to encrypt the Pre-Master Key and send it to the server. The server decrypts with the private key corresponding to the public key to get the Pre-Master Key sent by the client.

Finally, the two sides use the Hash algorithm to calculate the same Master Key and derive the encryption / decryption key and the HMAC algorithm key, which is used for data verification.

After completing the above steps, both sides of the communication know the key, and you can use the key to communicate.

Obviously, the private key of the server is critical, if leaked, there will be a man-in-the-middle attack, it can eavesdrop at will.

DHE Key Exchange

DHE is the abbreviation of Diffie-Hellman Ephemeral, one-time DH key exchange algorithm.

First of all, based on the SSL certificate, the client authenticates the real identity of the server, and the two sides exchange their own public key. Note that the public key is dynamically calculated and not saved, and the two sides will exchange their own random codes.

After getting the other party's public key, calculate the Pre-Master Key with your own private key. Then use the random code to calculate the Master Key. The next process is the same as the first method.

It is not difficult to see that the function of the server private key is only to ensure that the public key will not be tampered with by the middleman during transmission.

Therefore, even if the private key of the server is stolen, the third party cannot get the Pre-Master Key and the encryption / decryption key, and naturally cannot decrypt the encrypted data.

So, what if a third party wants to decrypt the data? You only need to have the private key of either party.

However, because the private key is temporary and disposable, after the communication parties get the Pre-Master Key, it will be deleted and will not be transmitted on the network, so the third party can not get the private key at all.

This is the end of the content of "will the SSL Certificate be cracked?" Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.