HTTPS principle Detailed

From:http://hi.baidu.com/zkheartboy/blog/item/02cc5a0878454f920b7b827c.html

HTTPS (full name: Hypertext Transfer Protocol over secure Socket Layer) is a security-targeted HTTP channel and is simply a secure version of HTTP. The SSL layer is added under HTTP,The security foundation for HTTPS is SSL, so for more information on encryption, see SSL.
It is a URI scheme (abstract identifier system) with syntax similar to http: System. For secure HTTP data transfer.https:url indicates that it uses HTTP, but https there is a default port different from HTTP and an encryption/authentication layer (between HTTP and TCP). The initial development of the system, conducted by Netscape, provides an authentication and encryption method of communication, which is now widely used in security-sensitive communications on the World Wide Web, such as transaction payments. The
is developed by Netscape and built into its browser to compress and decompress the data and return the results sent back on the network. https actually applied Netscape Secure Sockets Layer (SSL) as a child layer of the HTTP application layer . (https uses port 443 instead of using port 80来 and TCP/IP to communicate like HTTP. SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is appropriate for the encryption of business information. https and SSL supports the use of the digital authentication of the number, and the user can confirm who the sender is if needed.
that is, its main role can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission, the other is to confirm the authenticity of the site.

Restrictions
      Its security relies on the correct implementation of the browser and the support of the server software and the actual encryption algorithm. A common misconception is that "bank users online use https: They can fully and thoroughly protect their bank card numbers from theft. "In fact, the encrypted connection with the server can protect the part of the bank card number, only the user to the server connection and the server itself, and does not absolutely ensure that the server itself is secure, which is even exploited by attackers, a common example is to mimic the bank domain name of the phishing attack. A few rare attacks occur when a website transmits customer data, and an attacker attempts to eavesdrop on the data in transit.
      commercial sites are expected to quickly introduce new special handlers to the financial gateway, leaving only the transmission code (transaction number). But they often store bank card numbers in the same database. Few of those databases and servers can be attacked and compromised by unauthorized users.
before TLS 1.1
For conditions prior to TLS 1.1. Because SSL is at the next level of HTTP and does not understand higher-level protocols, SSL servers are typically only allowed to be certified to specific ip/port combinations. This means that it often cannot be combined with HTTP on a virtual host (domain-based)HTTPS. This has been updated in the coming TLS 1.1-the domain-based virtual host is fully supported.
SSL Introduction
SSL (Secure Socket Layer) has been developed by Netscape to secure data transmission over the Internet, and the use of encryption (encryption) technology ensures that data is not intercepted and tapped during transmission over the network. At present, the general specification is the safety standard of the double bit, the United States has introduced the higher security
Standard, but restrictions on exit. As long as the 3.0 version above the i.e. or Netscape browser can support SSL. The current version is 3.0. It has been widely used for authentication and encrypted data transfer between Web browsers and servers.
The SSL protocol is located between the TCP/IP protocol and various application layer protocols, providing security support for data communication. The SSL protocol can be divided into two tiers: SSL record Protocol (SSL recorder Protocol): It is based on a reliable transport protocol (such as TCP) to provide high-level protocol data encapsulation, compression, encryption and other basic functions of support. SSL Handshake Protocol (SSL handshake Protocol): It is based on the SSL logging Protocol, which is used to authenticate, negotiate cryptographic algorithms, exchange encryption keys, etc. before the actual data transfer begins.
The services provided by the SSL protocol are mainly:
1) Authenticate users and servers to ensure that data is sent to the correct client and server;
2) Encrypt data to prevent the data from being stolen in the middle;
3) Maintain the integrity of the data and ensure that the data is not changed during transmission.
the workflow of the SSL protocol:
Server Authentication phase: 1) The client sends a start message "Hello" to the server to start a new session connection; 2) The server determines whether a new master key needs to be generated based on the customer's information and, if necessary, the server will contain the information needed to generate the master key when responding to the customer's "Hello" information ; 3) The customer generates a master key based on the received server response information, encrypts it with the server's public key and transmits it to the server; 4) The server recovers the master key and returns it to the customer with a master key authentication information to enable the client to authenticate the server.
User authentication phase: Prior to this, the server has passed the customer certification, this phase is mainly to complete the customer certification. The certified server sends a question to the customer, and the customer returns a (digital) signature question and its public key, thereby providing authentication to the server.
From the service provided by the SSL protocol and its workflow, it can be seen that the SSL protocol runs on the basis of the merchant's commitment to the confidentiality of consumer information, which is beneficial to the merchant and not the consumer. In the initial stage of e-commerce, because the operation of e-commerce enterprises are mostly reputable large companies, so this problem has not been fully exposed. However, with the development of e-commerce, small and medium-sized companies are also involved, so that in the electronic payment process of the single certification problem is more and more prominent. Although digital signatures and digital certificates can be used in SSL3.0 to authenticate both the browser and the Web server, there are still some problems with the SSL protocol, such as only providing mutual authentication between the client and the server in the transaction, and in the electronic transactions involving multiple parties, The SSL protocol does not coordinate secure transport and trust relationships between the parties. In this case, the two major credit card organizations, Visa and MasterCard, set up a set agreement that provides a global standard for online credit card payments.
The handshake process of the SSL protocol in order to facilitate better understanding and understanding of the SSL protocol, this article focuses on the SSL protocol Handshake protocol. SSL protocol uses both public-key cryptography and symmetric encryption technology, although symmetric encryption technology is faster than public-key cryptography, but public key cryptography provides better authentication technology. The SSL handshake protocol is very effective in enabling mutual authentication between the client and the server, and the main process is as follows:
The browser of the ① client transmits the version number of the client SSL protocol to the server, the type of cryptographic algorithm, the random number generated, and the various information needed to communicate between the server and the client.
The ② server transmits the version number of the SSL protocol to the client, the type of encryption algorithm, the random number, and other related information, the server will also deliver its own certificate to the client.
③ customers use the information sent by the server to verify the legality of the server, the legitimacy of the server includes whether the certificate expires, whether the CA that issued the server certificate is reliable, if the public key of the publisher's certificate correctly unlocks the publisher's digital signature for the server certificate, and whether the domain name on the server certificate matches the actual domain name of the server. If the legitimacy verification is not passed, the communication will be disconnected, and if the legitimacy validation passes, the fourth step will continue.
The ④ client randomly generates a "symmetric password" for subsequent communication, encrypts it with the server's public key (obtained from the server's certificate in step ②), and then passes the encrypted "pre-master password" to the server.
⑤ If the server requires a customer's authentication (optional during the handshake), the user can create a random number and then sign the data to the server with the random number of signatures, along with the client's own certificate and the encrypted "pre-master password".
⑥ If the server requires client authentication, the server must verify the legitimacy of the client certificate and the signature random number, the specific legality verification process includes: whether the customer's certificate use date is valid, whether the CA that provides the certificate to the customer is reliable, the public key of the issuing CA can correctly unlock the digital signature of the issuing CA of the client certificate, and check whether the customer's certificate is in the certificate revocation list (CRL). If the test is not passed, the communication is interrupted immediately; If authenticated, the server will use its own private key to unlock the encrypted "master password" and then perform a series of steps to generate the primary communication password (the client will also generate the same master communication password in the same way).
⑦ server and client use the same master password as the "Call password", a symmetric key for the SSL protocol of Secure data communication encryption and decryption communication. At the same time in the process of SSL communication to complete the integrity of data communication, to prevent any changes in data communication.
The ⑧ client sends a message to the server that indicates that subsequent data traffic will use the master password in the ⑦ as the symmetric key, and notifies the server client that the handshake process is complete.
The ⑨ server sends a message to the client indicating that the subsequent data traffic will use the master password in the ⑦ as the symmetric key, and notifies the client that the server side of the handshake process is complete.
⑩ssl The handshake part ends, the SSL secure channel data communication begins, the client and the server begin to use the same symmetric key for data communication, while the integrity of the communication test.
the specific process of two-way authentication SSL protocol
The ① browser sends a connection request to the secure server.
The ② server sends its own certificate, along with the information associated with the certificate, to the customer's browser.
③ the client browser checks if the certificate sent by the server is issued by the CA center that you trust. If it is, continue to execute the agreement; if not, the customer's browser gives the customer a warning message: Warn the customer that the certificate is not trustworthy and ask the customer if they need to continue.
④ then the client browser compares the messages in the certificate, such as the domain name and the public key, whether the message that the server has just sent is consistent, and if it is consistent, the client's browser recognizes the legitimate identity of the server.
the ⑤ server requires customers to send their own certificates. Upon receipt, the server verifies the client's certificate and denies the connection if it is not authenticated, and if authenticated, the server obtains the user's public key.
The ⑥ client browser tells the server that it can support a symmetric password scheme for communication.
⑦ server from the customer sent over the password scheme, select a cryptographic scheme of the highest encryption, with the customer's public key after the notification browser.
⑧ Browser for this password scheme, select a call key, and then use the server's public key to be sent to the server.
The ⑨ server receives the message sent by the browser, decrypts it with its own private key, and obtains the call key.
⑩ server, browser Next communication is a symmetric cipher scheme, symmetric key is over-dense.
Described above is the two-way authentication SSL protocol specific communication process, this situation requires both the server and the user has a certificate. The one-way authentication SSL protocol does not require the customer to have the CA certificate, the specific process is relative to the above steps, only need to remove the server-side validation of the client certificate, and in the negotiation of symmetric password scheme, symmetric call key, the server sent to the customer is no encryption (this does not affect the SSL process security) password scheme. In this way, the two sides of the specific communication content, is to add over the dense data, if there is a third-party attack, access to only encrypted data, the third party to obtain useful information, it is necessary to decrypt the encrypted data, this time the security depends on the security of the password scheme. Fortunately, the current cipher scheme, as long as the communication key length is long enough, is sufficient security. This is why we emphasize the requirement to use 128-bit encrypted communication.
meaning of each part of the certificate
Version certificate revision number, different versions of the certificate format different Serial number serial numbers, certificates issued by the same authentication authority serial number unique
Algorithm Identifier Signature algorithm, including the necessary parameters Issuer identification information of the authentication authority
Period of validity validity
Identification information of the Subject certificate holder
Subject ' s public key certificate holder's key
Signature Authentication Authority signature of the certificate </FONT>
Certificates issued by the certificate's Format Certification Center follow the V3 standard, which has the following basic format:
Certificate version number (Certificate Format version)
Meaning: Used to specify the version number of the certificate to use for the format.
Certificate serial Number (Certificate Serial numbers)
Meaning: Used to specify a unique sequence number for a certificate to identify all public key certificates issued by the CA.
Signature (Signature) algorithm identification (algorithm Identifier)
Meaning: Used to specify the signature algorithm used by the CA to issue certificates.
Name of the CA that issued this certificate (Issuer)
Meaning: Used to specify the X.500 unique name (DN, distinguished name) of the CA that issued the certificate.
Certificate validity period (validity Period) Start date (Notbefore) End Date (notafter)
Meaning: Used to specify the certificate start date and end date.
User name (Subject)
Meaning: The X.500 unique name (dn,distinguished name) used to specify the certificate user.
User key information (Subject public key information) algorithm (algorithm) algorithm identification (algorithm Identifier) User public key (Subject publicly key)
Meaning: The algorithm used to identify the public key, and contains the public key itself.
Certificate Extensions section (extended domain) (Extensions)
Meaning: Used to specify additional information.
The expanded portion of the V3 certificate (extended domain) and the implementation method are as follows:
CA's public key identification (Authority key Identifier)
Public key identification (SET not used) (key Identifier)
Identification of the issuer of the certificate of issue of the certificate (Certificate Issuer)
Serial number of the person who issued the certificate (Certificate Serial numbers)
Expanded portion of the V3 certificate (extended domain) and implementation of the CA's public key identification (Authority key Identifier)
Public key identification (SET not used) (key Identifier)
The identification name of the issuer of the certificate that issued the certificate (Certificat the serial number of the certificate of the person who issued the certificate (Certificate Serial No.)
Meaning: The key pair used by the CA signing certificate uniquely identifies the user's public key identity (Subject key Identifier)
Meaning: Used to identify the specific key associated with the public key in the certificate for decryption.
Public key usage in certificates (Key usage)
Meaning: Used to specify the public key purpose.
User's private key validity period (private key Usage Period) Start date (note before) End date (note after)
Meaning: Used to specify the start date and end date of the user's signature private key.
List of certificate policies recognized by CA (Certificate policies)
Meaning: Used to specify the policy that the user certificate applies to, the certificate policy can be represented by an object identifier.
User's proxy name (substitutional name)
Meaning: Used to specify the user's surrogate name.
Proxy name for CA (Issuer Alt name)
Meaning: Used to specify the proxy name of the CA.
Basic constraints (Basic Constraints)
Meaning: Used to indicate whether the certificate user is an end user or a CA. There are some private extensions (extended domains) in the SET system Hashed root Key meaning: Used only in the root certificate, backtracking when used for certificate updates.
Certificate type (Certificate type)
Meaning: Used to distinguish different entities. This item is required.
Merchant Information (Merchant data)
Meaning: Contains all merchant information required by the payment gateway.
Cardholder Certificate requirements (Card Cert Required)
Meaning: Shows whether the payment gateway supports transactions with cardholders who do not have a certificate.
SET Extension (setextensions)
Meaning: Lists the SET information extensions for payment commands supported by the payment gateway.
CRL data Definition versions (version)
Meaning: Displays the version number of the CRL.
Issuer of the CRL (Issuer)
Meaning: Indicates the screened name of the CA that issued the CRL.
The CRL release time (this update) expects the next CRL update time (next update) to revoke the certificate information directory (revoked certificates) CRL extension (CRL Extension) of the CA's public key identity (authority Key Identifier) CRL numbers (CRL number)

HTTPS principle Detailed