Shulou(Shulou.com)06/01 Report--

Network transmission is divided into plaintext transmission and encrypted transmission, it is obvious that encrypted transmission is a secure transmission.

A common plaintext transmission protocol: http,smtp,dns,pop3,imap4

The most common encrypted transmission: https

two。 How to encrypt data:

Symmetric encryption: the encryption and decryption parties use the same key, which has the advantage of fast encryption and decryption, which is suitable for the encryption of a large number of data. The disadvantage is that it is impossible to exchange keys.

Public key encryption (asymmetric encryption): encrypts using the recipient's public key, and the receiver is decrypting using its own private key. The disadvantage is that the encryption efficiency is low, which is generally not used in data encryption, but usually used in the key exchange of data encryption.

One-way encryption (abstract algorithm): the signature of obtaining data, which is characterized by fixed-length output, irreversible encryption process, avalanche effect, also known as butterfly effect. The algorithm, also known as hash algorithm and hash algorithm, can convert data of arbitrary length into a fixed-length and irreversible number. As long as the original text is different, the result of the calculation must be different (there is almost no need to consider repetition). The algorithm is used to compare whether the information source is consistent, because as long as the data source changes, the summary information must be different, which is usually used for signature verification.

3. Digital signature

Digital signature uses both asymmetric encryption and digest encryption to ensure that the file is not tampered with. Principle: the sender uses the digest algorithm to obtain the summary of the published content, then encrypts the digest with the private key (the encrypted data is a digital signature), and then sends the published content, the digital signature and the public key to the receiver. After receiving the content, the receiver first takes out the public key to decrypt the digital signature to obtain the digest data of the text, then uses the same digest algorithm to calculate the digest data, and compares the calculated digest with the decrypted digest. If consistent, it means that the published content has not been tampered with.

Note: as long as you get the public key, you can read the file summary. However, the summary cannot be modified, because it cannot be encrypted without a private key, and because the summary cannot be modified, the original text cannot be modified, otherwise the result of the hash algorithm does not match. Therefore, the digital signature can guarantee that the document will not be tampered with. Not even if you know the public key. (personal understanding)

4. Certificate and digital certificate

Signer

Certificate purpose

Public key

Encryption algorithm

HASH algorithm

Expiry time of certificate, etc.

Digital certificate (CA), a digitally signed digital certificate. Ca makes certificates for certificate applicants and digitally signs the contents of the certificate to ensure that the certificate will not be tampered with.

For example, SSL/TLS is the most commonly used transport encryption protocol:

The basic idea of SSL/TLS protocol is to use the public key encryption method, that is to say, the client first requests the public key from the server, then encrypts the information with the public key, and after receiving the ciphertext, the server decrypts it with its own private key. In order to ensure that the public key will not be tampered with, just put the public key in the digital certificate.

Public key encryption is so computationally expensive that for every conversation (session), the client and server generate a "conversation key" (session key), which is used to encrypt information. Because the "conversation key" is symmetrical encryption, the operation speed is very fast, while the server public key is only used to encrypt the "conversation key" itself, which reduces the time consuming of the encryption operation.

SSL/TLS communication process:

1. Client sends request information (client hello):

Including: supported protocols, such as TLS 1.0

Generate a random number that is used to generate the conversation key

Supported encryption methods: such as RSA public key encryption

Supported compression methods

2 Server response (SeverHello):

Confirm the version of the encrypted communication protocol you are using, such as TLS 1.0. If the browser does not match the version supported by the server, the server turns off encrypted communication.

A random number generated by a server that is later used to generate a "conversation key".

Confirm the encryption method used, such as RSA public key encryption.

Server certificate.

3. Client response

A random number. The random number is encrypted with the server public key to prevent eavesdropping.

Code change notification, indicating that subsequent information will be sent using the encryption method and key agreed upon by both parties.

The end of the client handshake notification indicates that the client handshake phase has ended. This item is also the hash value of all the previously sent content, which is used for verification by the server.

4. Final response from the server

After receiving the third random number pre-master key from the client, the server calculates the session key used to generate this session. Then, the following information is finally sent to the client.

(1) Encoding change notification, indicating that subsequent information will be sent using the encryption method and key agreed upon by both parties.

(2) the notification of the end of the server handshake indicates that the handshake phase of the server has ended. This item is also the hash value of all the previously sent content, which is used for client verification.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.