Talk symmetric / asymmetric encryption using the HTTPS

Others 2019-10-24 18:23:17 views: null

The most commonly used encryption algorithm is divided into three categories:

  • Symmetric encryption algorithm

  • Asymmetric encryption algorithm

  • Message-Digest Algorithm

In the Internet, the information protection mainly involves two aspects: information theft and tampering. Symmetric / asymmetric encryption algorithm information theft can be prevented, and the message digest algorithm is possible to avoid tampering information.

Symmetric encryption algorithm

The sender and the recipient needs to hold the same key both send messages and receive messages using the key.

With respect to the asymmetric encryption, symmetric encryption and decryption with a higher speed, but both need to know in advance the key, the key may be stolen during transmission, high safety because no asymmetric encryption.

Asymmetric encryption algorithm

Before sending a message recipient needs to generate a public key and private key in advance, and then sends the public key to the sender. After sending the received public key to put the data to be transmitted by public key encryption, is sent to the recipient. After receiving the data is received, the decryption with the private key.

In this process, the public key encryption is responsible for, in charge of the private key to decrypt the data even if intercepted during transmission, the attacker because there is no private key, and therefore can not crack.

Speed ​​of encryption and decryption of the asymmetric encryption algorithm lower than symmetric encryption algorithm, but more secure.

Message-Digest Algorithm

Message digest algorithm can verify whether information has been tampered with.

Before data transmission, the first to use the message digest algorithm to generate the signature data, the signature and then sent to the recipient along with the data. After the receiver data is received, the received data using the message digest algorithm to obtain a signature, the signature is consistent with the final comparison, in order to determine whether to modify data occurring during transmission.

No matter how long the message is entered, the length of the calculated message digest is always fixed. Application of e.g. MD5 message digest algorithm 128 bits, using SHA-1 algorithm with a final message digest bits of output 160, SHA-1 variants may produce a 192-bit and 256-bit message digest of the bits. It is generally believed that a summary of the final output of the longer, the more secure the digest algorithm. Input variable-length, fixed-length output.

As long as different input message, after its abstract message digest generated will also vary; however, the same input will produce the same output. This is good news digest algorithm has the properties: input changes, the output also changes; message digest two similar indeed not similar, or even different. In theory, no matter what kind of digest algorithms to use, there must be two different messages, corresponding to the same summary. Because the input is an infinite set, and the output is a finite set, so mathematically speaking, there must be many to one relationship. But in fact, it is difficult or impossible to artificially create have the same summary of two different messages. So we have chosen digest algorithm, pay attention to their safety. For example, now MD5 is unsafe, it has been cracked domestic Wang Xiaoyun.

Message digest is a one-way, irreversible. Only forward the message digest, and can not recover any of the original message from the digest, or simply can not find any information related to the original information. Of course, brute-force attack method can be used, that is to try every possible piece of information, a summary calculation to see if the same as the existing summary, if you do, will eventually resume a summary of the message. But in fact, to get the information may be one of an infinite number of messages, so this brute-force attack almost ineffective.

Message digest algorithm derived from the CRC algorithm, originally CRC algorithm is used to verify data integrity, that is our common parity, cyclic redundancy check, the CRC on the basis of the development of the MD and SHA large family of algorithms, CRC should be earlier than the algorithms, MD algorithm earlier than SHA algorithm, SHA algorithm is an improvement MD algorithm. Later he developed a message digest algorithm -MAC algorithm with a password.

Message digest algorithm comprises three categories, MD, SHA and MAC algorithm, MD classification is according to a predetermined version, SHA is in accordance with the applicable classification message length:

  • MD algorithm: Message Digest Algorithm, the current mainstream is the MD5 algorithm for the fifth edition of the algorithm, before there MD2, MD3, MD4 algorithm.

  • SHA algorithm: Secure Hash Algorithm (Secure Hash Algorithm) is mainly applied to Digital Signature Standard (Digital Signature Standard DSS) which defines the Digital Signature Algorithm (Digital Signature Algorithm DSA).

  • MAC algorithm: Message Digest algorithm with password information, is the evolution of MD and SHA algorithms and improvements, including HmacMD2, HmacMD4, HmacMD5, HmacSHA-256 and so on.

Application of symmetric / asymmetric encryption algorithm HTTPS protocol

HTTPS is actually composed of two parts: HTTP + SSL / TLS, i.e. on an HTTP module added a layer of processing encrypted information. Service and client information transmitted is encrypted by TLS, so after the data transmission is encrypted data. How is specific encryption, decryption, authentication, Look at FIG.

  1. The client initiates HTTPS request
    this nothing to say, is that users enter a https URL in the browser, and then connect to port 443 of the server.

  2. Configure the server
    using the HTTPS protocol server must have a digital certificate, you can make your own, you can also apply to the organization. Difference is that the certificate issued by their own needs through client authentication before they can continue to access, and use a trusted certificate is not filed for pop-up prompt page (startssl is a good choice, a 1-year free service). This certificate is actually a public and a private key. If you do not understand public and private key, can be imagined as a key and a lock, but the whole world only you have the key, you can lock to others, you can use this to lock important things lock up, and then sent to you, because only you have the key, so only you can see the lock is locked things up.

  3. Transfer certificate
    This certificate is actually a public key, but contains a lot of information, such as authority, expiration date, etc. certificate.

  4. The client certificate resolve
    this part of the work is the client's TLS to complete, will first verify that the public key is valid, such as authority, expiration date, etc., if abnormal, a warning box will pop up, there is a problem prompted the certificate. If the certificate is no problem, then immediately generate a value. Then encrypts the random number value certificate. Just like the above said, the random value lock locked up, so unless there is a key, or see the contents are locked.

  5. Transmit encrypted information
    that is part of the transmission of random values certificate encryption, the purpose is to allow the server to get this random value, after the communication client and server can be encrypted decrypted by the random value.

  6. Segment decryption information service
    server the decrypted private key to obtain a pass over the client random value (private key), and then the encrypted symmetric content value. The so-called symmetric encryption is that the private information and by some algorithm mixed together, so unless you know the private key, or can not get content, but just the client and server are aware of this private key, so long as the encryption algorithm sturdy enough, private complex enough, enough data security.

  7. Traffic encryption information
    which is part of the service information segment encrypted with the private key information, the client may be reduced

  8. The client decrypts the information
    private key to decrypt Services segment generated before the end use customer information passed over, then get the decrypted content. Even if a third party to monitor the entire process data, but also helpless.

Asymmetric encryption algorithm performance is very low, because a large prime number to find, calculate large numbers, data division takes many CPU cycles, it is generally only HTTPS connection using asymmetric encryption in the first handshake, a handshake exchange symmetric key encryption, symmetric encryption walking after a communication.

Guess you like

Origin www.cnblogs.com/aspirant/p/11733708.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com