Asymmetric encryption, digital signature, public key private key, OPENSSL,HTTPS,TLS/SSL and other concept description

Source: Internet
Author: User
Tags asymmetric encryption

This article will introduce some concepts and simple configuration about public key, Openssl,https,tls/ssl and so on by personal tone, at the present time point (May 7, 2017), the personal level is limited, there is a lot of knowledge understanding is not deep enough, hope forgive me, This blog post will be supplemented after a new harvest.

For basic concepts such as HTTP and the Web, welcome to my other blog post: "The difference between http,https,www,web and other meanings"

Post link address: http://watchmen.blog.51cto.com/6091957/1922919

This article refers to a reference link:

1, https://www.zhihu.com/question/23341334

2, https://zh.m.wikipedia.org/zh-hans/%E5%85%AC%E5%BC%80%E5%AF%86%E9%92%A5%E5%8A%A0%E5%AF%86

3, Http://baike.baidu.com/link?url=ida6z7jFkozSq--Z4EWORisdZAZRorbUd5PbTFRoTZug-oDdLzTq4nlzf1yM3AoaSSwiw_ Pbspc7jggse4gd_ij1b7cudz7j-ddbin4vfwo6rouznabpq-2fvolzlzyu

4, https://www.zhihu.com/question/25912483

HTTPS is a protocol that equals HTTP+TLS (SSL3.0 is replaced by TLS1.0 for historical reasons).

OpenSSL is a set of open source tools with two main features:

1, the realization of the ssl2,ssl3,tlsv1,tlsv1.1,tlsv1.2 protocol.

2, the implementation of the current commonly used encryption algorithm.

There is no very precise way to determine whether HTTPS uses OpenSSL, and conservatively estimate that at least 70% of sites are using OpenSSL. Windows-series servers, including Iis,windows server, are implemented using the Schannel and do not use OpenSSL


That is, HTTPS is HTTP based on the TLS (previously SSL) protocol to achieve, and the TLS protocol required by the public key, such as can be generated by OpenSSL, or other tools can be generated.

Then take our Kung Pao chicken, in the case of Kung Pao chicken This dish does not put salt is http (definitely can eat, but not delicious, you do not want to eat sent to me to eat), the case of salt is HTTPS, then this more than the S is the salt is our TLS protocol, We know that we go to the supermarket to buy salt, the classification of this salt is more, there are cheap and expensive, there are salt and mineral salts and so on. Then this OpenSSL is the most frequently sold medium salt group (I eat his home sea salt anyway), and the public key is the salt produced by the Salt group.

Also known as OpenSSL is an open source implementation of SSL/TLS, with no connection to HTTP.

Or you can say:

The relationship between HTTPS and SSL is like the relationship between HTTP and TCP

The relationship between SSL/TLS and OpenSSL is like the relationship between OS and Windows


So why not use SSL now, using the TLS protocol?

The SSL protocol was developed by the American Netscape Company, which released the V3.0 version in 1996 (the latest and final version). SSL 3.0 has been in existence for more than 15 years, and most browsers currently support this version. Usually the user's browser uses the new version of the security protocol to connect with the server, in order to maintain compatibility, when the browser security protocol connection fails, it will try to connect the old version of the security protocol, including SSL 3.0. However, at the SSL protocol level, there will be poodle attacks, the principle is that hackers deliberately create a security protocol connection failure, triggering the browser to downgrade from TLS using SSL 3.0, and then use a special means, from the SSL 3.0 covered by a secure connection to extract a certain length of privacy information. Therefore, after the Google 40 version, Google lifted the downward support for SSL. So now the main encryption protocols are using TLS.

The above explains the relationship between HTTPS and OpenSSL, and we'll go on to learn about cryptography.


So why do we use HTTPS, what are asymmetric secrets, what are public key private keys, and how do they work?


Asymmetric Encryption: (Asymmetric cryptography) also known as public key encryption (Public-key cryptography)

(in cryptography, public key cryptography, referred to as public key cryptography, also known as asymmetric cryptography) This is a cryptographic algorithm type, in which a pair of keys is required, one is a private key, and one is a public key. These two keys are mathematically related, and the information that is encrypted with a user's key can only be decrypted by using the user's decryption key.

Just know one of the keys (the key here refers to the public key and the private key, if there is no special instructions, the public and private keys can be called the key, in this case, please note), can not calculate another key, therefore, the external disclosure of the content of a key, does not affect the security of another key, Therefore, even if the public key is intercepted on the internet, it cannot be decrypted if there is no private key that matches it. Here, we will call the external key public key, the private key that is not exposed is called the secret key.

Note: You can also use the private key for encryption, and then decrypt it with the public key, without explicitly encrypting the data using the public key only. We'll talk about this special situation.

Summary: using a public key to encrypt data, this operation of decrypting data with a private key is called asymmetric encryption


Public Key cryptography: The user encrypts the data using the public key and transmits the encrypted data to the owner of the private key, which is called Public-key Cryptography (narrowly). This is the normal choice, let's talk about what we just said. Using the private key for encryption


Digital Signature: But if we use the private key to encrypt the data (the private key is never released), it can be decrypted with the public key, which is used by the client to verify that the data published by the party with the private key or whether the file is accurate and complete, the recipient of the public key can judge the data, It is known whether the true identity of this data release is indeed someone with a private key.

that is: digital signature = data encrypted with the private key


Digital certificates: The public key we have is saved as a digital certificate. Also known as: Public key = Data Certificate


Summary: The digital signature technique is to encrypt the digest information with the sender's private key, and send it to the receiver with the original text. The recipient only uses the sender's public key (a digital certificate, which can be obtained by everyone ) to decrypt the encrypted digest information (digital signature), and then uses the hash function to generate a summary of the received text, in contrast to the decrypted summary information. If the same, the information received is complete, not modified during transmission, otherwise the information is modified so that the digital signature verifies the integrity of the information. the entire process also uses digital certificates to verify digital signatures

Encryption: Since it is encrypted, then certainly do not want others to know my message, so only I can decrypt, then you can use the public key is responsible for encryption, the private key is responsible for decryption.

Signature: Since it is a signature, it is certainly not hoped that someone will impersonate me to send messages, so only I can publish this signature, so I can draw the private key is responsible for the signature, the public key is responsible for authentication.


One of the most common public-key cryptography algorithms we use in practice is RSA (two large prime numbers (P,Q) products (n) that are difficult to reverse), that is, the public key uses this algorithm to encrypt data, and the private key decrypts the data using this algorithm.





Using OpenSSL to generate the key to implement HTTPS content and CA certification related knowledge, in my other blog post

Post address: Being prepared, follow-up supplement





This article is from the "Breeze Month Blog" blog, please be sure to keep this source http://watchmen.blog.51cto.com/6091957/1923426

Asymmetric encryption, digital signature, public key private key, OPENSSL,HTTPS,TLS/SSL and other concept description

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.