(1) OpenSSL basic concept

1.1 Background knowledge

symmetric encryption: encrypted decryption uses the same key, and the decryption speed is fast. As the number of people increases, the number of keys increases by N (n-1)/2.

Asymmetric Encryption: Use the public private key pairing and decryption, slow. The public key is extracted from the private key, generally with the other public key encryption to ensure data security, with their own private key encryption to prove the identity of the data source .

One-way encryption: not encryption, also known as hashing, is used to generate unique checksums (or fingerprints, signatures) to ensure data integrity and consistency, such as MD5, SHA. With the avalanche effect, any bit of data changes, the generated checksum value changes very large.

Internet data Security and reliability conditions:

1. The data source is credible, that is, the data sender identity is credible.

2. The data is complete , i.e. the data has not been modified.

3. Data security , that is, the data will not be leaked, others can not decrypt after interception.

1.2 Details of Internet Data encryption

There are three ways to encrypt data: symmetric encryption, private key encryption, and public key cryptography.

Three methods only one of them has an intolerable disadvantage, so consider using them together.

Considering the characteristics of these three kinds of encryption algorithms, the public private key encryption is slow and symmetric encryption is fast.

Therefore, you can use symmetric encryption for the data section first . Further consideration, public key can be obtained, if the use of their own private key encryption, the data is intercepted directly after the interception (public key can be obtained by anyone, and the private key only own, so the use of private keys to encrypt data is not guaranteed, anyone with a public key can decrypt the data, so use public key encryption data, private key < Only own > Decrypt data), so use the other party's public key encryption, and because the public key encryption is slow, so you can use the other public key to encrypt the symmetric key part .

When the recipient of the data is decrypted, the first layer is decrypted using its own private key (that is, using the private key to decrypt the first layer of encrypted symmetric key), the data is encrypted after the symmetric key, and then decrypted with the symmetric key, so that the final data can be obtained.

As shown in the whole process of encryption and decryption, respectively.

There are many methods of encryption, but the above method is a simple encryption method which is more mature after the Internet security is considered.

Encryption with the above method ensures the security of the data, but it does not guarantee the integrity, consistency and reliability of the data source.

1.3 Details of Internet data signing

Internet Data encryption: usually use the other party's public key to encrypt data (or encrypt encrypted data symmetric key), the data sent to the other side, the other side use their own private key to decrypt the data (or decrypt the encrypted data symmetric key)

Internet Data Signature: Use your own private key to encrypt the digest information () of the data, get the digital signature,

After ensuring the security of the data, it is necessary to ensure the integrity, consistency and reliability of the data source.

For data integrity and consistency, using a one-way encryption algorithm , through the hash function to calculate the unique checksum of the data , This check code is called "Message Digest".

for data source reliability, you can verify your identity with your own private key encryption , because the data is not decrypted by using the public key after you obtain the data, which proves that it is not encrypted with a paired private key. However, the private key encryption is slow, so the digest information is only encrypted with the private key , and the encrypted digest information is called "Digital signature (Signature)".

The user obtains the digital signature data , first uses the data source side public key decryption, thus obtains the data and the information summary part, and confirms the data source reliability. Since this time the data part is not encrypted, so the user can also use the same one-way encryption algorithm to calculate the summary information, and then compare the source of summary information and their own computed summary information, if the equivalent proves that the data has not been modified, is complete and consistent.

as a result, the reliability of data source, data integrity and consistency can be ensured by using digital signature .

Is the entire process of digitally signing and confirming data, respectively.

The data signature only guarantees the reliability and integrity of the data, and does not encrypt the data.

1.4 Details of the safe transmission of Internet data

To securely transfer data on the Internet, ensure that the data source is reliable, the data has not been modified, and data loss is not compromised .

If the data transmission both Zhang San and Li Four do not care about the leakage of loss, then the data can not be encrypted, as long as the digital signature. That is, the security of data can be sacrificed, as long as the integrity, consistency and reliability of the data, even if the intermediary Harry intercepted even intercepted after the modification of the John Doe also does not matter, because John Doe can be based on digital signatures to verify the source of data and data integrity, if found to be modified after the big deal. Now on the internet a lot of time to download the software to provide signature verification, the use of this mechanism, regardless of whether the software is intercepted, as long as the installer can verify, such as.

But what if you care about data leaks? You need to combine digital signatures and encryption with

There are two types of scenarios:

1. Encrypt the data first and then digitally sign the encrypted whole;

2. Digitally sign the data first, then encrypt the whole after signing (the internet is commonly used).

The second method is basically used on the Internet, and the user finally verifies the data part only and does not validate the encrypted data .

Specific details are as follows:

First Digitally sign , then use symmetric encryption to encrypt the whole of the signature, and then use the other party's public key to encrypt only the symmetric key portion . This guarantees the encryption speed, also guarantees the data security, the reliability and the integrity. You can reverse the decryption. ：

But then there is a vulnerability, the problem is in the digital signature process of private key encryption and the subsequent public key decryption of the security. In the figure John Doe is decrypting the public key A, is this public key a really Zhang San's public key? Perhaps Zhang San transfer public key to John Doe process was Harry truncated, Harry claimed to be Zhang San, and put their public key to John Doe, and then Harry with their own private key to the Trojan sign, symmetric encryption and then use John Doe public key encryption, finally transmitted to John Doe, so John Doe thought Harry is Zhang San, The result is John Doe Full trust in the Trojan program.

How to solve this loophole? as long as the John Doe to ensure that the public key a really comes from Zhang San can , how to guarantee it? Under the Internet, the two ends of data transmission may not know who, who do not believe who, so ultimately rely on third-party organizations--ca.

1.5 CAs, PKI, and trusted CAs

CA (Certificate authority) is a digital certificate Certification Center , often referred to as a certification authority , the applicant submits their public key and some personal information (such as the applicant country, name, unit, etc.) to the CA, CA to the requester of this information one-way encryption to generate summary information, and then use their own private key to encrypt the entire summary information, so that the CA to the applicant's digital signature, on the digital signature plus the CA's own information (such as the CA's organization name, CA hierarchy path, etc.) and information about the certificate (such as the validity period of the certificate), a so-called digital certificate is obtained.

Process such as.

If a user trusts the CA, the CA's public key is obtained (in fact, one of the roles of the CA is to obtain the CA public key), and the public key is used to decrypt the digital certificate to verify the requester's information and the requester's public Key's reliability (the requester's public key is encrypted only by the CA's private key. After decrypting the private key, only authentication reliability is required.

The key here is that the CA uses its own private key to encrypt the requester, so how do you ensure that the CA is trustworthy and legitimate?

a root CA is a self-signed digital certificate that advertises its credibility and legitimacy by issuing a legal digital certificate from the root CA, and the second level until all sub-CAs are issued with a digital certificate from a previous sub-ca. for multi-level sub-CAs, only the root CA needs to be trusted, because the public key of the root CA is obtained, the certificate of the first-level sub-CA can be decrypted and the public key of the first-level sub-CA is obtained, and the level of progression is finally obtained to the institution that issued the digital certificate for the requester and obtains its public

It is these root CAs and the sub-CAs that make up the PKI

after you trust a CA, each time you receive a digital certificate that needs to be decrypted, you also go to the Certificate revocation list (CRL) of the authority's specified Web site to query whether the certificate is revoked, and the revoked certificate should not be trusted, which is the second role of the trusted CA . The possibility of a certificate being revoked, such as the applicant's private key is obtained by hackers, the applicant applies for revocation and so on.

There are also companies that use self-signed certificates, such as some banks, and12306 sometimes require that certificates be downloaded and installed. The benefits of using a self-visa book are of course economical and convenient

1.6 Digital certificate types and content

Two implementations of PKI both TLS and SSL use a certificate format that is basically equivalent to X509,TLSV1 and SSLv3, except that SSL is implemented in the middle of the application and transport layers in the OSI 4 layer model, and TLS is implemented at the transport layer.

There is another way to implement PKI, GPG, its certificate is not used in the X509 format.

The information contained in the digital certificate includes the applicant's public key , the certificate validity period, the legal owner of the certificate, how the certificate is used, theCA's information , andthe CA's digital signature of the requester's information .

1.7 SSL handshake mechanism

With the digital certificate issued by the CA, the mechanism of communication is completely different.

Each piece of data is signed encrypted, with a digital certificate has actually verified the identity, do not need to sign each segment of data, this can improve efficiency.

The vulnerability in is that it is not possible to confirm that the acquired public key A is trustworthy, and that a digital certificate has been able to confirm that public key A is trustworthy . But the problem is that public key A is intended to decrypt the digital signature, with the digital certificate does not require a digital signature, the public key A is not redundant, if redundant, the public key A to the CA is not redundant?

Not redundant, because the handshake mechanism and the digital signature mechanism of SSL are completely different .

The following is a one-way verification mechanism that validates only the server:

The first step: Visitor gives the protocol version number, a client random number, and the encryption method supported by the client .

Step Two: Server confirms the encryption method used by both parties, and a random number generated by the server (server random).

Step three: Server sends a digital certificate to visitor.

Fourth Step: Visitor confirm that the digital certificate is valid (view the certificate status and query the certificate revocation list), and use the public key of the trusted CA to decrypt the digital certificate to obtain the server's public key , and then generate a new A 46-byte random number (called the prestaged master key pre-master secret)and is sent to the server using the server's public key cryptographic prestaged master key (this process is asymmetric encryption).

Fifth step: The server uses its own private key to decrypt the prestaged master key sent by visitor.

The sixth step: bothVisitor and server have the (client random number + service-side random number + Preliminary master key), both of which according to the agreed encryption method, using these three random numbers to generate a symmetric key-the master key (also known as dialog key session keys), Used to encrypt the entire conversation that follows .

Seventh step: After both sides verify the validity of Session key, theSSL handshake mechanism is finished . all data is then encrypted with the "conversation key", eliminating the need for redundant encryption mechanisms.

It is necessary to note that thesession key is not a true symmetric encryption key, but the session key is a hash algorithm to get a hash value, from this hash value to infer the symmetric encryption process required key (that is, symmetric encryption required in the plaintext cipher part), salt (called Mac secret in the RFC document) and IV vectors .

In the future, each time the client transmits data, it is necessary to use the key + salt +iv vector to complete the symmetric encryption, and the server only needs a key and a negotiated encryption algorithm to decrypt it. The same is true when the server transmits data to the client.

Note:

1. In the SSL handshake mechanism, three random numbers (client random number + server random number + master key) are required; 2. From start to finish the client and server only have one asymmetric encryption action ———— that is, the client uses the service-side public key obtained in the certificate to encrypt the master key.
3. The above-mentioned SSL handshake mechanism of the premise of one-way authentication, no need to verify the client,  if need to verify the client may require the client's certificate or the client to provide the signature, etc.

Server and visitor communication, the server sends the digital certificate to visitor, the most critical point is visitor to ensure the validity of the certificate, by viewing the certificate status and go to the CA's revocation list to see if the server's certificate is revoked. only the server certificate is available to ensure the security of the first link.

As you can see, using SSL is much simpler than the "digital signature + Encryption" described earlier, and the authentication and key generation is completed at the beginning of the session, without the need for each data transfer process, which is the handshake communication process using SSL encryption mechanism such as HTTPS .

(1) OpenSSL basic concept