Apparently there's been deserted for a long time (well, never too busy ...), but starting today, we set sail together again! After the fight (must) be kept updated at least once a week. Let this blog really play a role, do something useful to share. Nonsense is not to say, start today.
The first article us say HTTPS
HTTPS is actually HTTP + SSL implementation, the establishment process should be this:
① client browser sends the version number of the type of client SSL protocol, encryption algorithm to the server, random number generation, and various other information between the server and client communications needs.
SSL version number ② transfer protocol server to the client, the type of encryption algorithm, random number and other relevant information, and the server will transmit its own certificate to the client.
③ customers to use information server pass over the authentication server legitimacy , the legitimacy of the server include: whether the certificate is expired, CA issuing server certificate is authentic, the public key certificate issuer's ability to correct unlock the server certificate "issuer digital signature ", the domain name on the server certificate and the server's actual domain name matches. If legality verification does not pass, the communication will be disconnected; legality verification if adopted, would proceed to step four.
④ UE randomly generated "symmetric cryptography" for later communications, and then using the public key of the server (server's public key from the certificate obtained in step ② server) encrypts it , and then "pre-encrypted master password "to the server.
⑤ if the server requires client authentication (optional during the handshake), users can create a random number and its signature data, this will contain the signature of the random number and the customer's own certificates and encrypted "pre-main password "together to the server.
⑥ if the server requires client authentication, the server must verify the legitimacy of the client certificate and the signature of the random number, the specific legality verification process include: the use of client certificate date is valid, CA certificate to provide customers with the reliability, the issue of CA the public key can unlock the correct client certificate issuing CA's digital signature, check the customer's certificate in the certificate Revocation list (CRL) in. If you do not pass inspection, communication interrupted immediately;
⑦ If verified, the server will decrypt the encrypted "pre-master password" with its private key , and then a series of steps to produce a master communication code (client will also have the same primary communication password by the same method).
⑧ servers and clients with the same master password is "password talk", a symmetric key encryption for secure data communications in SSL communication protocol. At the same time we must complete integrity of data communications in SSL communication process, to prevent any change in the data communications.
⑨ client sends the server information, the master password specified later step ⑦ to be used in data communication is a symmetric key, and the server notifies the client of the handshake process is completed.
Step ⑦ ⑩ master password server sends information to the client, indicating the latter to be used in data communication is a symmetric key, and notify the client server handshake ends.
Part of SSL handshake ends, SSL secure data communications channel begins, the client and server to start using the same symmetric key for data communication, and to test the integrity of the communication.
In the following attach a simple image:
As can be seen from the above process (bold), asymmetric encryption communication used in the SSL handshake phase, used in the data transfer phase is to be encrypted. Common symmetric encryption algorithms DES, 3DES, AES, common asymmetric encryption algorithms are RSA, DSA, ECC. These algorithms are written inside an open source cryptographic library called OpenSSL. . . From the above it can be seen HTTPS established in many places have used this open source libraries, so it is not hard to understand why so much noise this thing will be so big.
Reproduced in: https: //www.cnblogs.com/tstcxxzx/p/3704056.html