Shulou(Shulou.com)11/24 Report--

This article comes from the official account of Wechat: low concurrency programming (ID:dibingfa). The original title: "Bad things | send notes in HTTPS". Author: flash.

Xiao Yu and I have a puppy love and always talk in class.

The teacher divided our seats very far. I was in the first row and she was in the last row. There were a lot of people between us.

But we still want to communicate by passing a note.

Although the students among us have a lot of bad intentions, the good thing is that they can guarantee that the note will be delivered in place, so we have been secretly exchanging feelings by passing the note.

But the good times didn't last long, and we gradually found that these students were particularly unreliable, and there were two kinds of bad behavior:

Take a peek at the note and use our sweetness as their after-dinner conversation.

Tampering with the content caused a lot of misunderstandings between us.

It's not bad. I have to think of something!

Single key lock so I invented a box and equipped it with a lock and a key.

This lock is different from an ordinary lock. You need a key to unlock it, and you need a key to lock it at the same time.

I made a copy of the key and gave it to Xiao Yu, so that every time I wrote her a note, I put it in a box and locked it with the key.

After receiving the box, Xiao Yu unlocked it with the key before he could take out the note inside.

At the same time, if Xiao Yu wants to return the note to me, he also needs to put the note in the box, lock it with the key, and pass it to me.

In this way, because the students in the middle do not have a key, they will not be able to peek into the contents or tamper with them, and the problem will be solved perfectly.

But the good times are not long, because when I gave the key to Xiao Yu, it was also passed through my classmates, and a classmate secretly copied another copy at that time, so I got a key.

So every time he received the box I passed to Xiao Yu, he unlocked it with the key, peeked at the content, and sometimes even modified the content, put it back in the box, and then locked it with the key.

It's not bad. I have to think of another way!

Two-key lock-tamper proof

After racking my brains and staying up all night for several days, I finally invented a particularly magical lock.

Corresponding to this lock, there are two different keys An and B. the magic is that if you add a lock with key A, you must use key B to unlock it. Instead, use key B to add the lock, and you must use key A to unlock it.

I am very satisfied with my invention! I feel like I can apply for a patent!

I named this lock a double-key lock, and naturally the simple lock before it was called a single-key lock.

And the two-key lock this way of adding and unlocking, I gave the name, called asymmetric plus unlock, naturally, the corresponding way of the single-key lock is called symmetrical plus unlocking.

With this invention, I only need to give the key B to Xiao Yu. Every time I write a note, I encrypt it with key A, and then the box goes to Xiao Yu. She only needs to decrypt it with key B to see my content.

It doesn't matter if this key B is copied, the bad guy can only use key B to open the box and peek at my content, but if he wants to tamper with the content, he must use key A to lock the box, and key A has always been in my hand and has never been passed on. No one knows.

Of course, the bad guys can also lock the box with key B, but the box locked with B can only be unlocked with A, so if Xiao Yu unlocks it with B in his hand and finds that it cannot be unlocked, he will know that the content has been tampered with.

Now, the problem of content tampering is perfectly solved.

There is also the problem that the content has not been peeked, that is, the content is leaked.

Two-key lock-leak prevention I had an idea, came up with an idea.

I found that Xiao Yu already has key B, if Xiao Yu uses B to lock, only key A can be unlocked, and key An is the only one here, so Xiao Yu's note locked with key B, no one can see and tamper with it!

With this line of thinking, because we have a completely symmetrical relationship, as long as Xiao Yu creates a similar magic lock, and then assigns two keys C and D.

Then Xiao Yu gives me key D and keeps key C by himself, so that as long as I lock my content with key D, only Xiao Yu can unlock it!

In this way, the security of two-way communication is guaranteed! The bad students in the middle can neither read nor tamper with our content, because they will be discovered by us.

But the good times are not long, we found that the design of this double-key lock is too complex, resulting in the efficiency of locking and unlocking is really too low. Every time a note is passed, it takes a lot of effort to lock and unlock, which greatly reduces the number of times we communicate every day. I'm not happy.

It's not bad. I have to think of something!

Single and double key locks cooperate with each other. I remember that when I used that single key lock, it was very efficient, just because it was easy to be seen by bad people in the process of transmitting the key, so that a copy could be copied so that we could monitor and tamper with our subsequent communications.

Can we use the security of the double-key lock to safely transmit the key of the single-key lock to each other, and then use the single-key lock to communicate efficiently? In this way, security and efficiency are guaranteed!

I hastened to come up with a wonderful plan!

1. Xiao Yu designed a two-key lock with two keys C and D, and then gave me the key D.

two。 I have a single key lock on my side, with a key M, put it in the box, lock it with the key D given to me by Xiao Yu, and pass it to Xiao Yu.

3. In the process of transmission, because the locked box of key D can only be unlocked with key C, the middleman cannot view and tamper with the content, and finally the key M is safely transmitted to Xiao Yu.

4. At this point, we both have the key M and the corresponding single key lock, and this key M is unknown to anyone.

5. After that, we use the key M to encrypt our information, and the other party decrypts our information with the key M, thus reaching the condition of secure communication.

To put it simply, Xiao Yu gave me the key D, and I used D to lock my M and passed it to Xiao Yu, and then we used the key M to communicate symmetrically.

Of course, the bad guy in the middle can secretly change it to another key E when Xiao Yu gives me key D, but after I use E to lock my key M, Xiao Yu cannot unlock it with key C, so he knows that someone in the middle has tampered with it. Then we'll stop our correspondence.

In other words, the middleman can stop our communications, but can no longer peep and read our communications.

This is awesome! It is incredible that we have achieved secure communication on a communication link where the middleman is completely unreliable.

But the good times don't last long.

There is a bad and smart bad guy, unexpectedly also developed this kind of two-key lock technology!

These villains also have a two-key lock for themselves and are equipped with two keys X and Y.

At this time, he did this in the way we used to communicate.

1. Xiao Yu designed a two-key lock with two keys C and D, and then gave me the key D.

two。 This man didn't give me the key D, but gave me the key Y he made, but I thought Xiao Yu gave it to me.

3. I have a single key lock on my side, with a key M, put it in the box, lock it with the key given to me by Xiao Yu (actually the key Y given to me by the bad guy), and pass it to Xiao Yu.

4. The man received the locked box and easily unlocked it with his own key X, because the lock was unlocked by Y. After unlocking, he took out the key M inside, made a copy, and then added the lock with Xiao Yu's key D.

5. Xiao Yu unlocked the lock with C and got the key M inside. I did give this, but Xiao Yu didn't know that he had been known by the bad guys at this time, and at the same time, I didn't know about it.

6. So we use the key M plus lock to unlock the communication, and the bad guys also use the key M to peep or tamper with our information.

To put it simply, I thought I was encrypted with Xiao Yu's key, but it belonged to the bad guy. Xiao Yu thought it was M that I encrypted with her key and passed to her, because she could unlock it, but it was camouflaged by the bad guy. Neither of us knows anything about it.

The villain is really a roll, ah, such an exquisite design can also come up with, just to peep at me and Xiao Yu's small note, gossip is really the first productivity of human beings.

I'm sure it won't work. I have to think of another way.

Looking for the monitor to do notarization, I thought hard and found a solution.

First of all, we have at least once, that is, the key that was transmitted for the first time, cannot be encrypted and will be seen by everyone in the middle. This is inevitable, otherwise it will have been naughty.

But can we do it so that each other can see it, but we can't tamper with it?

In other words, the bad guy passed me the fake key Y, so I can know that this is the bad guy's?

It was almost impossible to rely on the two of us, so I asked the monitor for help.

I asked the monitor to prepare a two-key lock, then configured two keys J and K, and then made the key K public for everyone to know.

When Xiaoyu was ready to give me the key D for the first time, he no longer gave it to me directly, but asked the monitor to put the key D in a box and let the monitor lock it with his own key J.

Then Xiao Yu passed me the box locked with the key J, and I unlocked the box with the monitor's public key K, and I could get Xiao Yu's key D.

In this way, the bad guy in the middle can open the box with the open key K and see the key D that Xiao Yu is going to give me.

However, they could not pass on their forged key Y to me, because in order to lock the box, there must be a key J, and the key J is known only to the monitor.

In other words, the current content, the bad guys in the middle can only read, can not be modified!

If I can't modify it, I can successfully use the real key D given to me by Xiao Yu to lock the key M that we want to communicate with, so the key M is safely passed to Xiao Yu, and then we can use the key M, which no one knows, to chat happily with the matching single key lock!

But what if the monitor colludes with the bad guys to leak J or sell it to the bad guys? There's nothing that can be done, which means he doesn't deserve to be a monitor!

There are so many keys that I can't tell them apart. This part involves a lot of keys.

My single key M: for the future communication between Xiao Yu and me by symmetrical locking, we need to find a way to safely pass it to Xiao Yu.

Xiao Yu's double key CD: to allow me to safely pass M to her, by passing the public key D to me, and I use the key D to lock my M, so that only she can unlock it with her own secret key C. the middleman can't know.

Bad guy's double key XY: the forged key Y used to pass me the fake key made me think that it was the key D passed to me by Xiao Yu.

Monitor's double key JK: used to lock Xiao Yu's key D to prevent the bad guys in the middle from tampering with this value.

In the field of security, it corresponds to symmetric encryption and asymmetric encryption respectively.

A single key is symmetric encryption, which is very fast and can be used to encrypt data in the process of transmission to prevent middlemen from viewing and tampering with information. But how to pass the secret key of symmetric encryption safely is a problem.

Double key is asymmetric encryption, the speed of asymmetric encryption is slow, can be used to encrypt a small amount of data, but also can be used to sign to prevent tampering, why? Look at the back.

In the secret key of asymmetric encryption, what is publicly known to others is the public key, such as the key D of Xiao Yu or the key K of the monitor.

What stays with others is the private key, such as Xiaoyu's key C or monitor's key J, etc.

You can encrypt the data with the private key and decrypt the data with the public key. You can also encrypt data with a public key and decrypt it with a private key.

Public key encryption, private key decryption, this is called encryption, in order to ensure the security of the content, because the private key is only known to ensure that this information will not be unlocked by the middleman.

Private key encryption, public key decryption, this is called signature, in order to prevent the content from being tampered with, because everyone in the public key knows, everyone can see this information for verification.

However, if you want to tamper with the original information, you must tamper with the original information and encrypt it with a private key in order to get the original effect. Unfortunately, the private key is not public.

There is also an irreversible hash function, which is called a summary, which cannot be decrypted. We will talk about this later.

In the link just now, Xiao Yu first asked the monitor to encrypt his public key D with the private key J and pass it to me. This is private key encryption and public key decryption. This purpose is to sign and prevent the public key D from being tampered with by others in the process of transmission.

After I get the public key D, encrypt my symmetric encryption key M, pass it to Xiao Yu, this is the public key encryption and private key decryption, this purpose is encryption, so that the middleman does not know what my M is.

Of course, our later data transmission process can also be played in this way of asymmetric encryption, but unfortunately, the complexity of asymmetric encryption is very high and the performance is very low, so it is only suitable for this process of transferring secret key M. the amount of data is very small, and only once.

After that, the transmission is carried out through the symmetric key M we negotiated, which is also encryption, which is the same as the goal of public key encryption and private key decryption, but it is different from the suitable scenario. The efficiency of symmetric encryption is several orders of magnitude higher than that of asymmetric encryption.

The process of HTTPS passing notes between me and Xiao Yu is how HTTPS works.

Oh no, I repeat this sentence, this stupid thing is HTTPS.

I am the client, Xiao Yu is the server, the monitor is the CA organization, and the bad guys in the middle are the transmission links, indicating that the transmission links are unreliable, and there are many middlemen who want to sabotage or peek into our information.

This article comes from the official account of Wechat: low concurrency programming (ID:dibingfa). Author: flash.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.