SSL protracted
Author: Fan Xiaoming Joined: 2003-12-21 Views: 293 RSA public key cryptography is widely used in authentication and encryption in the computer industry. The license can be encrypted from the RSA public key obtained from RSA Data Security Inc.. Public key encryption is a method of using a pair of asymmetric password encryption or decryption. Each pair of password consists of a public key and a private key. The public key is widely released. The private key is hidden and does not open. Data encrypted with public key can only be decrypted by private key. Conversely, data using private key encryption can only decrypt with public key. This asymmetric characteristic makes the public key encryption are useful. Using public key encryption method authentication authentication is an identity process. In the following examples, including A and B, the public key encryption is very easy to verify the identity. Symbol {data} key means "data" has been encrypted or decrypted using passwords. If you think of the identity of the school. B has a pair of passwords, one is open, the other is private. B is revealed to the public key of him. A random information is sent to B. ->: Random-Message B Use his private key encryption message, return to the message after encryption. B -> A: {random-message} The private key armor is received this message and then decrypts the previously disclosed public key used. He compares the message after decryption and he originally sent to B. If they are exactly the same, they will know that they are talking to B. Any middle person will not know the private key of B, and cannot correctly add the random message for secret examination. Unless you know the message you encrypted. Encrypt the message with private key, and then send it to others not a good idea. Because encryption values may be used to deal with you, you need to pay attention to: Because only you have a private key, only you can encrypt the message. So, instead of the original message sent by the encrypad, B created an information segment and encrypts. The information segment is taken from random-message and has the following useful features: 1. This information section is difficult to restore. Even if anyone is disguised into B, it cannot be obtained from the information segment; 2. The counterfeit will find the same information segment value of different messages; 3. Use the information segment, and B can protect yourself. He calculates the random information segment from the A, and the result is encrypted, and the encrypted information segment returns to A. A can calculate the same information segment and decrypt the Message B. This technology only depicts a digital signature. By the random message generated by the encrypted A, B has been signature the message generated by the A. Therefore, our certification agreement also needs to encrypt. Some messages are generated by B., is you? B-> A: A, I am B. Agreement, B knows the news he sent to B, he does not mind signing it above. He first sends the information that does not encrypt, "A, I am B." and then send a message version encrypted by the information segment. A can be very convenient to check B is B, at the same time, B has not signed on the information he didn't want. Submit the public key, how does B will submit his public key in a trusted manner? Look at the certification agreement as follows: -> B {information [A, I am B]} The private key of B is under this agreement, anyone can become "B". All you want is just a public key and private key. You send it to A, you are B, so your public key replaces the password of B. Then, you send a message encrypted with your private key to prove your identity. The armor can't find that you are not b. In order to solve this problem, the Standards organization has invented a certificate. A certificate has the following content: * Document issuer's name * Organizational * Title of the certificate * The public key * postmark certificate is encrypted using the issuer's private key encryption.
Everyone knows the public key of the certificate issuer (so, the issuer of each certificate has a certificate). Certificate is a protocol that binds the public key and the name. By using the certificate technology, everyone can check the certificate of B and determine whether it is fake. Suppose B is controlled his private key, and he is indeed a certificate of the certificate, it is good. These are the revised agreement: A-> B: Hello B-> A: Hey, I am B, B, the checklist -> B: Prove It B-> A: A, I am B {Information Segment [A, I am B]} The private key is now received by the first message from B, he can check the certificate, sign (as described above, using the information segment and public key), then check the title (Name of B), determined to be B. He can believe that the public key is the public key and requires B to prove his identity. B through the above process, make an information segment, reply with a signature version. The information segments you can check B can be used to check the results from the certificate. If a hacker is called H A-> H: Hello H -> Can't create a message from B letter from B. Switching password (Secret) Once the armor has verified B, he can send it to the message that can be decrypted. Keys the above information. The switch password is another method that effectively uses the password encryption. Even if the communication between A and B is listened, only B can get a password. Use the password as another Secret-Key to enhance the security of the network, but this time this is a symmetrical encryption algorithm (such as DES, RC4, IDE). Because the armor produces a password before sending it to B, it knows the password. B knows the password because of the private key, can decrypt the information. But they all know the password, they can initialize a symmetric cryptographic algorithm and start sending encrypted information. This is amended, the agreement: A-> B: Hello B-> A: Hey, I am B, B: Check 1 -> B: Prove It B-> A: A, I am B {information paragraph [A, I am B]}} 私 私 私 甲 ->> 乙 乙 乙 公 公 钥 公 公 钥 钥 公 公 公 公 公 公 公 公 公 公 公 公 公 公 公 公 公 公Stealing, if there is a malicious hacker h in the middle of A and B, although you can't find a password that A and B has exchanged, you can interfere with their conversation. He can let most of the information, choose to destroy certain information (this is very simple because he knows the agreement adopted by A and B.).
