First, the public key 1, the public key, and the private key are paired 2, the public key is called the public key, only the private key 3 of themselves knows, the data encrypted with the public key can decrypt 4, Data encrypted with private key can only decrypt 5, if you can decrypt it with a public key, it is inevitably a corresponding private key plus, if you can decrypt it with a private key, it is inevitably a corresponding public key addition. White?
Suppose I found two numbers, one is 1, one is 2. I like 2 this number, keep up, don't tell you, then I tell you, 1 is my public key.
I have a file, I can't let others see, I will use 1 encrypted. Others have found this file, but he doesn't know 2 is the private key to decrypt, so he can solve it. Only I can use numbers 2, it is my private key to decrypt. This way I can protect the data.
My good friend X encrypts characters a with my public key 1, encrypts B, put it online. Others steal this document, but others can't solve, because others don't know 2 is my private key, only I can decrypt, get A after decrypting. In this way, we can transfer encrypted data.
Now we know the public key encryption, then use the private key to decrypt, you can solve the problem of secure transmission. If I encrypt a data in private key (of course I can only encrypt with private key, because I only know 2 is my private key), all people have seen my content, because they all know my public key Is 1, then what is the use of this encryption?
But my good friend X said that someone pretended to send him a letter. How to do it? I put the letter I want, the content is C, use my private key 2, encrypted, encrypted content is D, send it to X, and tell him to decrypt to see if it is C. He decided with my public key 1 and found that it was C. At this time, he will think of the data that can be decrypted with my public key, inevitably use my private key plus secret. Only I know that I have to have a private key, so he can confirm that it is true. This way we can confirm the sender's identity. This process is called a digital signature. Of course, the specific process is slightly more complicated. Use private keys to encrypt data and use is a digital signature.
Ok, let's review: 1. Public key private key to appear 2, private key only I know 3, everyone can use my public key to send me a letter 4, everyone uses my public key to solve the content See if you can solve it, you can solve it.
Sumplifrate: 1. Encrypt data with public key, decrypt data 2. Use private key to encrypt data (digital signature), use public keys to verify the digital signature.
In actual use, the public key will not appear separately, always appear in the way of digital certificates, which is for the security and validity of the public key.
Second, SSL I have good friends X, to communicate safely. This kind of communication can be QQ chat, very frequent. Encrypted data with my public key, because: 1, my good friend X doesn't have a public private key, how do I send him a message? (Note: In the actual situation, you can have a public private key pair in both parties) 2. Take time with public private key encryption, very slow, affecting QQ effect.
Ok, good friends x, find a number 3, use my public key 1, send it to me, say, let's use this number to encrypt information in the future. After I declined, I got the number 3. In this way, only our two people know this secret number 3, others don't know, because they neither know what figures, the encrypted content cannot be unspeakable, we call this secret number called session key. Then, we choose a symmetric key algorithm, such as DES, (symmetric algorithm, the encryption process and decryption process is symmetrical, encrypted with a key, can be decrypted with the same key. Algorithm using public-private key is asymmetric Encryption algorithm) to encrypt the communication content between us. Others because I don't know 3 is our session key, so I can't decrypt.
Ok, review: 1, SSL to achieve secure communication 2, communication between the two parties use the public key of the two parties to deliver and agreed the session key (this process is called handshake) 3, the two parties use the session key to encrypt the communication content of both parties
The above is the principle. Everyone may feel more complicated, in actual use, more complicated than this. Fortunately, the kind pioneers realize this layer (Layer) in the operating system or related software, and a unhealthy name is SSL, (Secure Socket Layer).