What is ssl?

Keywords: ssl encryption method

With the development of computer network technology, the convenient and fast Internet makes people accustomed to sending and receiving e-mails, shopping and shopping from web pages.

Transaction, when the web page needs to transmit important or sensitive data, such as the user's bank account, password, etc. , so the network is secure.

This has become an urgent problem in the application of modern computer network.

At present, large-scale online trading systems such as online banking and e-commerce generally adopt the combination of HTTP and SSL. Server-side adoption

For the Web server supporting SSL, the client uses the browser supporting SSL to realize secure communication.

SSL is the abbreviation of Secure Socket Layer, which can provide secret transmission on the Internet.

When Netscape launched its first web browser, it put forward the SSL protocol standard, which currently has version 3.0. SSL adopts public

Key opening technology. Its goal is to ensure the confidentiality and reliability of communication between two applications, which can be supported on both server and client.

Hold on. At present, SSL protocol using public key technology has become an industrial standard for secure communication on the Internet. This article focuses on

This paper discusses the author's understanding of SSL from two aspects: SSL protocol and SSL program design.

Preliminary study on SSL protocol

Secure Sockets Layer protocol can prevent the communication between user/server applications from being eavesdropped by attackers and always authenticate the server.

You can also choose to authenticate users. SSL protocol is required to be based on reliable transport layer protocol (TCP). The advantage of SSL protocol is that

Independent of application layer protocols, high-level application layer protocols (such as HTTP, FTP, TELNET, etc. ) can be transparently built on.

Higher than SSL protocol. SSL protocol completes encryption algorithm, communication key negotiation and server authentication before application layer protocol communication.

Work. After that, the data transmitted by the application layer protocol will be encrypted, thus ensuring the privacy of communication.

From the above description, the secure channel provided by SSL protocol has the following three characteristics:

1. data confidentiality

Information encryption is to convert plaintext input files into encrypted files through encryption algorithm to realize data confidentiality. The encryption process requires

Encrypt data with a key, and then decrypt it. Without the key, the encrypted data cannot be decrypted. After the data is encrypted, there is only the key.

It needs to spread in a safe way. Encrypted data can be transmitted publicly.

2. Consistency of data

Encryption can also ensure the consistency of data. For example, the message authentication code (MAC) can verify the encrypted information provided by the user, and the receiver can

In order to verify the encrypted data with MAC and ensure that the data has not been tampered with during transmission.

3. Security verification

Another purpose of encryption is personal identification, and the user's key can be used as the identification of his security verification.

SSL uses public key encryption technology (RSA) as an encrypted communication protocol between client and server when transmitting confidential data.

At present, SSL technology is widely supported by most Web servers and browsers. When the browser tries to connect to the client using SSL authentication plus,

The secret server will wake up an SSL session and the browser will check the authentication. The following three conditions must be met:

1) has a certification authority. Of course, you can create a self-signed certificate (x509 structure).

2) The certificate cannot expire.

3) The certificate belongs to the server to which it is connected.

Only when these three conditions are met can the browser successfully complete the authentication. Through these three conditions, users can confirm their browser connection.

Go to the right server instead of connecting to some fake servers that want to steal important information such as user passwords.

In today's e-commerce, another widely used security protocol is the SET protocol. SET (secure electronic transaction,

Secure electronic transaction) protocol is a specification jointly launched by VISA and MasterCard in May 1997. The unit can be used for power.

Sub-transaction links provide greater trust, more complete transaction information, higher security and less possibility of fraud. Set intersection

Easy to be divided into three stages: users buy from merchants and determine payment; The merchant checks with the bank; The bank pays the merchants. Each stage

It involves RSA encryption and RSA digital signature of data. Using SET protocol, encryption and decryption operations must be completed many times in a transaction.

Therefore, it has high security, but the SET protocol is more complicated than SSL protocol, and both merchants and banks need to transform their own systems to achieve interoperability.

Under Linux, OpenSSL server is popular to support SSL authentication. The OpenSSL project is a cooperative project to develop a

Robust, commercial and complete open source toolkit, using powerful encryption algorithm to realize secure socket layer.

(secure sockets layer, SSL v2/v3) and transport layer security (TLS v 1).

This project is managed and developed by volunteers from all over the world.

How to configure OpenSSL server under Linux, first from OpenSSL homepage (/

Fan Xiaoming

RSA public key encryption is widely used in authentication and encryption of computer industry. RSA Public Key Encryption License provided by RSA Data Security Company is a method of encryption or decryption using a pair of asymmetric passwords. Each pair of passwords consists of a public key and a private key. Public keys are widely distributed. The private key is secret, not public. Data encrypted with a public key can only be decrypted with a private key. On the contrary, data encrypted with a private key can only be decrypted with a public key. This asymmetry makes public key encryption very useful.

Authentication using public key encryption

Authentication is a process of identity authentication. In the following examples, including A and B, public key encryption can verify identity very easily. The symbol {data} key indicates that "data" has been encrypted or decrypted with a password. Suppose A wants to verify B's identity. B has a pair of passwords, one is public and the other is private. B reveals his public key to A. A generates a random message and sends it to B. A-> b:random-message

B encrypts the message with his private key and returns the private key of the message .. B-> A: {random-message} B encrypted by A ..

A receives this message and decrypts it using B's previously published public key. He compares the decrypted message with the message he originally sent to B. If they are exactly the same, they will know that they are talking to B. No middleman will know B's private key and can't encrypt the random message checked by A correctly. ..

Unless you clearly know the information you encrypted. It is not a good idea to encrypt a message with a private key and then send it to others. Because the encrypted value may be used against you, it should be noted that only you can encrypt the message, because only you have the private key. Therefore, instead of encrypting the original message sent by A, B creates a message segment and encrypts it. Information segments are taken from random messages and have the following useful characteristics:

1. This information segment is difficult to recover. Even if someone pretends to be B, they can't get the original information from the information fragment;

2. The impostor will find different messages and calculate the same information segment value;

3. By using information segments, B can protect itself. He calculates the random information segment sent by A, encrypts the result, and sends the encrypted information segment back to A..a can calculate the same information segment and decrypt B's message authentication B. ..

This technique only describes digital signatures. By encrypting the random message generated by A, B signed the message generated by A. Therefore, our authentication protocol needs to be encrypted again. Some messages are generated by b:

A-> B: hello, are you b?

B-> A: A, this is B.

{information segment [A, this is B]} B's private key.

When you use this agreement, B knows the message he sent to B, and he doesn't mind signing it. He sends an unencrypted message, "A, this is B", and then sends an encrypted message. It's easy for A to verify that B is B, and B didn't sign the information he didn't want.

Submit public key

So, how does B submit his public key in a credible way? View the authentication protocol as follows:

A-> B: Hello.

B-> A: hi, I'm the public key of B.

Prove it

B-> A: A, I'm the private key of B {information segment [A, I'm b]}.

Under this agreement, anyone can become "B". All you want is a public key and a private key. You send to A that you are B, so your public key replaces B's password. Then you send a message encrypted with your private key to prove your identity. A can't realize that you are not B. In order to solve this problem, the standards organization invented the certificate. The certificate contains the following contents:

* Name of the certificate issuer

* The organization that issued the certificate.

* the public key of the title

* postmark

The certificate is encrypted with the publisher's private key. Everyone knows the public key of the certificate issuer (so that each certificate issuer has a certificate). A certificate is a protocol that binds a public key to a name. Using certificate technology, everyone can check B's certificate and judge whether it is forged or not. Assuming that B has a good control of his private key, and that he is indeed the B who got the certificate, everything will be fine.

The following is the revised agreement:

A-> B: Hello.

B-> A: hello, I'm the auditor of B.

Prove it

B-> A: A, I'm the private key of B {information segment [A, I'm b]}.

Now, when A receives B's first message, he can check the certificate, sign it (as mentioned above, using the information segment and public key to decrypt it), and then check the title (B's name) to make sure it is B. He can believe that the public key is B's public key and ask B to prove his identity. Through the above process, B made an information segment and replied to A with a signed version. A can verify B's information segment by using the public key obtained from the certificate and check the result.

If a hacker's name is h.

A-> A: Hello.

H- > cannot establish a message from b to convince a.

Password exchange (secret)

Once A verifies B, he can send a message to B that only B can decrypt and read:

A-> B:{ secret} B's public key.

The only way to find the password is to decode the above information with B's private key. Exchanging passwords is another effective way to use password encryption. Even if the communication between A and B is intercepted, only B can get the password.

Using password as another key enhances the security of the network, but this time it is a symmetric encryption algorithm (such as DES, RC4, IDE A). Because A generated the password before sending it to B, A knows the password. B knows the password, because B has a private key, which can decrypt A's information. But they all know the password, so they can initialize a symmetric encryption algorithm and start sending encrypted information. This is the revised agreement:

A-> B: Hello.

B-> A: hello, I'm the auditor of B.

Prove it

B-> A: A, I'm the private key of B {information segment [A, I'm b]}.

A-> B: ok, b, here is a secret {secret} B public key.

B-> A:{ a message} key

Hacker eavesdropping

So if there is a malicious hacker H between A and B, although the passwords exchanged between A and B can't be found, it can interfere with their conversation. He can put down most of the information and choose to destroy some information (this is simple because he knows the protocol used by A and B).

A-> A: Hello.

H-> B: hello.

B-> H: hi, I'm checker from B.

H-> A: hello, I'm the auditor of B.

Answer-> answer: prove it.

H-> b: prove it.

B-> H: A, I am the private key of B {information segment [A, I am B]}.

H-> A: A, I am the private key of B {information segment [A, I am B]}.

A-> h: OK B, here is a secret {secret} B public key.

H-> b: ok, b, here is the public key of secret {secret} B.

B-> h:{ a message} key

H-> a: garbled [{a message} key]

H Ignore some data and don't modify it before A and B exchange passwords. Then H interferes with B's message to A. At this time, A believes B, so he may believe the interfered message and try his best to decrypt it.

It should be noted that H does not know the password, and all he can do is destroy the data encrypted with the secret key. Based on the protocol, H may not be able to generate a valid message. But what about next time?

In order to prevent this kind of destruction, Party A and Party B generate a message authentication code in their agreement. A check code message (MAC) is a part of data generated by a password and some transmission messages. The above characteristics described by the information segment algorithm are its resistance to H:

MAC = Digest[ some news, secrets]

Because H doesn't know the password, he can't get the correct value. Even if H randomly interferes with the message, as long as the amount of data is large, his chances of success are slim. For example, using HD5(RSA good encryption algorithm invented by RSA), A and B can send 128-bit MAC values and their messages. The probability of H guessing MAC is close to118,446,744,073,709,551,6 16, which is equal to zero.

This is another revised agreement:

A-> B: Hello.

B-> A: hello, I'm the auditor of B.

Prove it

B-> A: hello, I'm the auditor of B.

A, this is B.

{information segment [A, this is B]} B's private key.

Ok b, here is the public key of a secret b.

{Some messages, MAC} keys

Now H is at his wit's end. He interfered with all the information he received, but the MAC computer could find him. A and B can find forged MAC values and stop talking. H can no longer communicate with B.

OpenSSL FAQ