Configuration of the 3.Https server

1. Preface: 　

The so-called blockchain, in short, is a data structure, each of which is like every page of the ledger records the transaction information on the network, and many chunks are connected sequentially on the basis of time.

To form a blockchain. Blockchain can digitally identify and track transactions, and share this information through a distributed network of computers, creating a distributed trust network in a sense. Blockchain provides

Distributed ledger technology provides a transparent and secure means to track ownership of assets, transaction information, and transfer of assets

In fact, the blockchain is not a completely new technology, in the book of the Bitcoin is also just to focus on the financial thinking, distributed data storage, workload proof POW mechanism and so on combined with that ancient

And mysterious cryptography in the "asymmetric Encryption" technology derived from the product. The key to blockchain is to focus, trust and security, and the most fundamental and bottom-line technology to achieve this is cryptography.

2.Http Protocol and HTTPS protocolconcept of the 1.1Http protocol

　　　　Hyper text Transfer Protocol, Hypertext Transfer Protocol, is the most widely used network protocol on the Internet. All WWW files must follow this protocol.　

concept of the 1.2HTTPS protocol

The Hyper Text Transfer Protocol over Secure Socket layer is a secure socket-based HTTP protocol, in short, a secure version of the HTTP protocol

3. Symmetric encryption3.1 pioneer of modern cryptography----"Caesar password"

Caesar was the first person to use the password for military purposes and to record it. In the Book of Gaul, in which he celebrated his exploits, Caesar described the vomited he sent to the place.

In the midst of the siege, the verge of surrender of Cicero's hands. Caesar was very fond of the use of Tantra, the later generations of "Caesar biography" detailed Records of Caesar's use of a secret text. And this encryption method is very

to today. Caesar's approach is to replace each letter with the letter of the three-digit letter in the alphabet. That is, the letter A with the letter D instead, the letter B with the letter E

Generation. For example abroad, Caesar was replaced with DEURDG when he wrote letters in ciphertext. This move letters generate passwords in a way that is later also known as Caesar passwords

3.2 Concepts

Symmetric encryption refers to encrypting and decrypting cryptographic algorithms that use the same key. Sometimes called the traditional cryptographic algorithm, the encryption key can be inferred from the decryption key, while the decryption key can also be

To derive from the encryption key. In symmetric algorithms, the encryption key and decryption key are the same, requiring the sender and receiver to agree on a key before communicating securely. Symmetry calculation

The security of the method relies on the key, which means that anyone can decrypt the message they send or receive, so the confidentiality of the key is critical to the security of the communication.

3.3 Characteristics

Fast encryption, High encryption efficiency: The reason is that the encryption algorithm is much simpler than "asymmetric encryption".

　　Security, such as the use of DES algorithm, using 64-bit key technology to encrypt data, the actual only 56 bits valid, 8 bits for verification. Then there is the possibility of 2 of the 56 kinds of passwords.

Defect: Because both are encrypted and decrypted using the same key, the security of the key transfer and the security of password management need to be ensured. Once the password is lost on either side

Will cause the ciphertext to be cracked.

4, asymmetric Encryption 4.1 concept

Unlike symmetric encryption algorithms, an asymmetric encryption algorithm requires two keys: Public key (PublicKey) and private key (Privatekey). Public and private keys are a pair if the public key is logarithmic

Encryption, only with the corresponding private key to decrypt, if the private key to encrypt the data, then only the corresponding public key can be decrypted. Because encryption and decryption are using two different keys,

So this algorithm is called Asymmetric encryption algorithm.

4.2 Characteristics

Pros: More secure, avoiding security issues caused by the key being intercepted.

Disadvantages: Long encryption time, slow speed, low efficiency. Only a small amount of data is suitable for encryption. Because the encryption algorithm is complex.

5. Digital Certificate 5.1 Concept

A digital certificate is a file that is digitally signed by the Certificate Authority center that contains public key owner information and a public key. The simplest certificate contains a public key, a name, and a certificate authorization

The digital signature of the center. An important feature of digital certificates is that they are only valid for a specific period of time.

5.2 Creating a digital certificate

The Keytool tool built into Java can help us generate keystore and export certificates

Generate key pair: Keytool-genkeypair-alias "Itheima"-keyalg "RSA"-keystore "Heima.keystore"

View the key pair in the current KeyStore: Keytool-list-keystore "Heima.keystore"

Modify the alias of KeyStore: Keytool-changealias-alias mykey-destalias heima1

Export certificate: Keytool-exportcert-alias "Itheima"-keystore "Itheima.keystore"-file "Heima.cer"

　　

Generate key pair file: C:\Users\Administrator\heima.keystore

　　

　　

Generated Certificate: Unauthenticated

　　

6. Message digest and Digital Signature 5.1 message digest 5.1.1 Concept

Message Digest, also known as a Digital digest (digitally Digest). It is a unique value that corresponds to a fixed length of a message or text, and it consists of a one-way hash cipher function on the message

To be produced by the action. If the message changes on the way, the recipient can tell whether the message has been changed by comparing the newly generated digest of the received message with the original digest.

Message Digest is an irreversible

5.1.2 Effect

Message digest is equivalent to "ciphertext" fingerprint, used to verify the true 5.1.3 of ciphertext common message digest algorithm MD5, SHA, Mac, etc. are the message digest algorithm

5.2 Digital Signatures

A digital signature is essentially a message digest that uses the private key to encrypt the content. The equivalent of signing a file with a name to prevent hackers from tampering with the file.
　

　

V. Configuration of HTTPS servers

1. Store the digital certificate KeyStore file in a folder.

2. In the Tomcat installation directory found in the Conf folder, modify the Server.xml file, is actually

<connector port= "8443" protocol= "http/1.1" sslenabled= "true"    maxthreads= "Up" scheme= "https" secure = "true"    clientauth= "false" sslprotocol= "TLS" keystorefile= "keystore the address of the certificate file (C:\Users\Administrator\ Heima.keystore) "keystorepass=" KeyStore's password "/>

3. Restart the Tomcat server and use the items in the HTTPS server

4. Because our certificates are not certified by the CA, we need to manually add the certificates as trustworthy

　　

　　

　　

　　

　　　　
　

Configuration of the HTTPS server

Configuration of the 3.Https server