The story also from month to her husband Liang Liang sent a message.
Bright home from work at night, just a door
"to my knees,"
"a loud noise, a young married woman?", Asked the mouth, but the shiny body is still very honest.
"You do not send me a message saying not to go home tonight?" Said Moon took out the phone
, "upon my honor I never said that, I got your message today or do you call me", but also bright He took out his cell phone
"Good magic, we received the news and sent out the message of Jesus is not the same, is it that we hackers intercepted information."
He got up and patted the shiny gray Speaking on his knees: "Yes definitely, do not let me see him, or I played his mother did not know him."
At night, the young couple lying in bed thing happened today still think of not smile, decided to find a way to solve the problem of insecure communications, this day could not have otherwise.
"Liangliang, you said we supposed to do? You're a programmer, you say there is any way even if hackers intercept to our information there is no way to know is what, just like Spy Game film inside the same"
"Yes you can, you send message to me when encrypted with a key, and then I get a message with the same algorithm, the same key to decrypt on the line, which is a technical term is called symmetric encryption "
"Sounds good, but you have the problem that way, and you'd be such a person communication, but communication with other people how to do it? I do and how they negotiated key?"
"All right, this is easy for me, we can also use asymmetric encryption algorithm, which has two keys, one called the public key, called a private key, public key encryption private key to decrypt the data can only be the same , private encrypted data can only be decrypted public key, the private key can only be held by you, the public key held by me (can network distribution), you want to talk to me later put the key with the private key encryption, I am here decrypted with the public key, and then we talked about before like that with a key to encrypt messages to communicate. people want to chat with you, you put him on the line for the public key "
"Why do not we use asymmetric encryption algorithm to communicate it?"
"Asymmetric encryption not only slow but also supports encryption only small amounts of data, you do not know that much."
"There is also a problem Yeah, this expose to the public so that hackers can replace it into his public, so people send me messages is equivalent to sending a message to the hacker."
"This allows a third party guarantee, let me assure the public key is correct. The structure we call third-party CA"
"How does it guarantee it?"
"CA is actually using asymmetric encryption algorithm, the first to use CA's private key to our public-key cryptography, then return it will give you a certificate, which contains a public key encryption after, then you use the local CA public key to decrypt the certificate can get to our public .You my husband is not a very smart way? "
"Smart? Oh. I told you you're still too naive, CA can give you a certificate can also give hackers certificate, how do you ensure that the certificate is not stealthily, I received the certificates are not held by a hacker?"
Shiny whisper to: "One day and thoughts, the hacker can there be so much time guarding you every day."
"What did you say?"
"I said, we can verify through a number of certificates in the local certificate whether it is true we? let certificate information is generated based on a series of message digest, and then use the key to encrypt the message digest form a digital signature into the CA certificate inside, then our local to produce a message digest based on the same rules, then decrypt the digital signature in the certificate they pairwise comparison of two on the line ah. "
Series on behalf of that issuer, certificate use the information we need to transfer public key encryption algorithm, HASH algorithm, the expiration time for the web sites as well as domain name
"Sounds good, but the premise of all this is CA's public key credible way, in case the built-in certificate's browser and the operating system can not be trusted how to do it?"
"If these two are broken, and it everything is divorce, and the world can there be absolutely safe way, if you care about the information leak, then you do not access good. "
" forget it, or do not think so much, sleep, all at 2 o'clock tomorrow I certainly there are dark circles, blame you. "
NetScape have developed a SSL1.0, SSL2.0, SSL3.0, later taken over by the ISOC organization, released a 1.0 TLS (and SSL3.0 almost no difference, can downgrade down), TLS1.0 also known SSL3. 1, and then through TLS1.1, TLS1.2, and now the latest is TLS1.3. Most tour is basic support TLS1.2.
Our access network commonly used protocol is HTTP protocol, but it's not secure the communication process, it is easy to intercept, monitor, tampering. The SSL / TLS can ensure information security, so they combined to make up what we are saying today protagonist HTTPS (HTTPS = HTTP> + SSL / TLS).
Thumbs concern is not lost
