Encryption type and its related algorithms

In the process of Internet communication, how to ensure the security of data?

In the communication process, data security mainly from three aspects of consideration: confidentiality (the content of the data can not be stolen)

Completeness (the contents of the data cannot be modified)

Authentication (identification of both sides of the communication)

Encryption Type: 1. Symmetric encryption, encryption and decryption using the same key, but the key how to secure the transfer is more important, symmetric encryption several faster, suitable for encrypting data

2. One-way encryption, extract data fingerprint, mainly used to ensure the integrity of the data

One-way encryption features: the same input will be the same output

Avalanche effect: Small changes in input can cause a huge contrast in results

Fixed-length output

3. Asymmetric encryption, using a pair of keys (Public-key and Private-key), encrypted data is slow, generally not used to encrypt data, mainly used for authentication

Symmetric encryption Features: Public key encryption, only the private key can be decrypted

Private key encryption, only public key can decrypt

In the use of symmetric encryption, the two sides need to determine the key, you can generally use the key exchange protocol, such as the Diffie-hellman algorithm. Related algorithms :

Symmetric encryption-related algorithms: DES

3DES

Aes

One-Way encryption algorithm: (the sender uses an algorithm to extract the data fingerprint after attaching to the data sent, the receiver through the same algorithm to extract the fingerprint of its received data, and then compared with the received data fingerprint, if the same, it proves that the data has not been tampered with)

MD5,MD4,SHA1,SHA384,SHA512, etc.

Asymmetric encryption algorithm: Rsa,dea, etc.

Because asymmetric encryption at the time of encrypting data is slow, so do not encrypt data, but can use its encryption data fingerprint, the sender uses their own private key to encrypt the data fingerprint, then if the receiver can use the other side of the public key to decrypt, then prove the identity of the sender, but also received the data fingerprint, Ensures the integrity of the data. Then the focus falls on the public key delivery, how to trust the sender to pass the public key to rely on the third-party organization CA (certificate authority)

CA principle: The server generally needs to send its public key to the CA, the CA uses the CA's own private key to encrypt the public key of the request server, add the relevant information such as digital signature, then generate a certificate, send this certificate to the server, when the server communicates with the client, it sends its own certificate to the client. If the client can use the CA's public key to decrypt the certificate, it can verify that the certificate is legitimate (because it was issued by the certificate authority) and that it can obtain the public key of the server. So how to trust the CA's public key: The safest way is to copy its public key to the certification authority

At this point, the integrity of data and authentication can be guaranteed by a high degree of security, then how to ensure the confidentiality of the data: in a reliable access to the other party's public key since, you can generate a random number, using the other public key to encrypt this random number, So as long as the other person can be confidential this random number (because only the public key corresponding to the private key can be confidential), you can use this random number as the data symmetric encryption key, and can be changed periodically to improve security (this is the mechanism of SSL Adoption)

ssl:secure socket layer, Secure socket layers

Tls:transport layer Security, Transport layer safety

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/74/A8/wKioL1YluunTfmtzAAG8QuudK3Y602.jpg "title=" Ssl.png "alt=" Wkiol1yluuntfmtzaag8quudk3y602.jpg "/>

SSL or TLS are both the application layer and the transport layer in the TCP/IP model, because many application layer protocols are plaintext (HTTPD,FTP,SMTP, etc.), then when passing the encapsulation down layer, you can call the relevant library file of SSL/TLS, Encrypt the data, so as to ensure the security of the data, such as Https,ftps, the application layer implementation of the function and http,ftp are the same, but in the downward layer when the transfer of the encryption library, so HTTPS in HTTP is no longer the same protocol

SSL is divided into two levels: 1.ssl recording protocol: Based on a reliable transport protocol, to provide high-level protocol data encapsulation, compression, encryption and other functions of the support

2.SSL Handshake Protocol: Established in the SSL recording protocol IQ, used for actual transmission before the communication parties to authenticate, negotiate encryption algorithm, Exchange encryption protocol

The following is an example of HTTP and HTTPS to analyze SSL:

1. The traditional HTTP protocol after the TCP three handshake, the client begins to send the request to the server side to communicate

2. In the HTTPS protocol, the TCP protocol is still the first three handshake, and then the client sends an SSL session setup request

A. The client browser sends an SSL session request ( because the SSL session is based on an IP address, so there can be only one SSL session on an IP address, that is, there can be only one HTTPS server on an IP address, a central host, or one of many virtual hosts) )

B. Negotiate SSL protocol version, algorithm and other information

C.server sends its own certificate to the client

D. Client-side validation certificate legitimacy

E. The client uses a certificate to decrypt the public key to encrypt a randomly generated random number sent to the server

F. Client-initiated HTTPS request (URL request)

G.server can use this random number as the key to encrypt the data, use the private key to encrypt the fingerprint and so on to start sending data

So how do you implement secure communication on Linux based on SSL Httpds or other application layer protocols?

On Liunux, the tool for implementing the SSL protocol is OpenSSL

Installing OpenSSL will primarily generate:

: 650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/A8/wKioL1YlvkuTj3SpAAC9ppbtlCc535.jpg "title=" HKGJ] 0cw_80c0zdw41vzfgs.png "alt=" Wkiol1ylvkutj3spaac9ppbtlcc535.jpg "/>

Three sections: Encryption library

SSL Related library files

OpenSSL tool (can implement various encryption decryption and create private CA)

This article is from the "Zxcvbnm Xuan ye" blog, please be sure to keep this source http://10764546.blog.51cto.com/10754546/1704479

Encryption type and its related algorithms