Encryption and decryption-symmetric encryption and asymmetric encryption in SSL (https), sslhttps

Encryption and decryption-symmetric encryption and asymmetric encryption in SSL (https), sslhttps
HTTPS requires a handshake between the client (browser) and the server (website) before data transmission. During the handshake, the password information of both parties for encrypted data transmission is established. The TLS/SSL protocol is not only a set of encrypted transmission protocols, but also a work of art carefully designed by the artist. TLS/SSL uses asymmetric encryption, symmetric encryption, and HASH algorithms. Today, I just got https for the back-end of the site. Let's share what I know.



Cryptography can be traced back to the ancient Greek and Roman times, and the encryption method at that time was simple: replace letters.

Early Cryptography:



An ancient Greek tool called Scytale for encryption. The faster tool is transposition cipher-: It just rolls sheepskin paper on a circular wood and writes down the information. After the sheepskin paper is expanded, the information is encrypted.

Although it is easy to decrypt, it is indeed the first example of applying encryption in reality.

Julius Caesar uses another similar encryption method: to move the letter to the right or to the left several places; this method is called Caesar's cipher. For example, after "GEEK" is encrypted, it is "JHHN ".

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
Because only the information recipient knows how to decrypt it. For others, it is meaningless information. There is also an encryption method like this: Every letter is placed in the coordinate system



In this way, "G" is "23", and "GEEK" is "23 31 31 43 ".

Enigma Machine

Encryption Algorithm

There are many encryption algorithms. The difference and measure of them is to see if they are easy to crack and the encryption speed. For example, AES is the fastest powerful encryption algorithm.



Of course there are faster or slower algorithms, and they are useful. If you only encrypt a piece of information and do not need it frequently, you can use the strongest encryption algorithm or even two different encryption algorithms. If you want to increase the encryption speed, use AES.

Encryption type

Most of the encryption algorithms mentioned previously belong to one of the following two types of encryption:

Symmetric encryption: the same "key" is used for encryption and decryption"

Asymmetric encryption: different keys are used for encryption and decryption"

Symmetric encryption

Use the example of the Post Office to explain symmetric encryption
Alice has information in the box, a lock on the box, and a key. She sent the box to Bob through the post office. Bob opened the box with the same key after receiving the box (the key was obtained before, probably because Alice gave it face to face ). Then Bob can reply in the same way.



Symmetric encryption can be divided into two types: one is encryption information, the other is block encryption information, usually divided into 64-bit encryption. Chunks Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.
Asymmetric encryption
Bob and Alice have their own boxes. Alice wants to secretly communicate with Bob. She wants Bob to send the opened box to her through the post office. Alice put the information in the box and locked it, and then sent it to Bob. Bob can open it with his own key. The same method is used to reply.



The biggest advantage of this method is that you don't have to get the other party's "key" to prevent others from secretly copying the key during key sending and then stealing information. Even if Bob's key is stolen and copied, Alice's communication with others is secure, because Alice uses others' keys.
Asymmetric algorithms use different keys for encryption and decryption. The information recipient has two keys: a public key and a private key ". The public key is used for encryption by message senders. The private key is used for decryption. The biggest advantage is that you do not have to send private things through insecure channels. The public key is used by others. Your private key is saved on the computer where you generated the private key.

How websites communicate with users through encryption
SSL (Secure Sockets Layer) is used to ensure Secure communication between your browser and the website server, and to protect information from being stolen by middlemen. The SSL principle is simple. When your browser requests a secure webpage (usually https: //) to the server ://)



The server sends its certificate and public key back.



The browser checks whether the certificate is issued by a trusted organization and confirms that the certificate is valid and that the certificate is from this website.



A random symmetric key is encrypted using the public key, including the encrypted URL which is sent to the server together.



The server uses its own private key to decrypt the key you sent. Use this symmetric encryption key to decrypt the requested URL link.



The server uses your symmetric key to encrypt the requested webpage. You have the same key to decrypt the webpage.



Probably so, the translation is incomplete, the original can look at: http://article.yeeyan.org/view/90729/174903
What is SSL? What is symmetric encryption and asymmetric encryption? For the content of e-commerce, thank you for your comments!

Currently, several encryption protocols are in use on the Internet, and corresponding protocols have been proposed for each layer of the corresponding (Layer 7) network model. There is a SET (Secure Electronic Transaction) Protocol for the application layer. There is an SSL (Secure Sockets Layer) Protocol for the Session Layer. Among all protocols, SSL and SET are most closely related to e-commerce.

SSL is the protocol used to encrypt the entire session between computers. It is widely used on the Internet to process financial-sensitive information, largely because something like this exists first, rather than being designed for this project.
In SSL, public keys and private keys are used:
· Use public keys during connection establishment;
· Use a private key during a session.
The encryption type and strength are determined by the connection established between the two ends.
In all cases, the server verifies itself to the client using the following methods:
· Provide verifiable proof that the public key is included;
· Demonstrate that it can decrypt packets encrypted with this public key.
Sometimes, a client can provide proof of its own (User) ID.
The session key is derived from the data selected by the client. The data is encrypted with the public key of the server.
In each SSL session (both the client and the server are authenticated), the server is required to perform one operation using the server's private key and one operation using the client's public key. In fact, all systems currently use the RSA encryption method. Each operation requires exponential computation under the modulus algorithm. Generally, the public index is selected as a decimal number to reduce the workload. Therefore, only one "hard" encryption operation is required for an SSL session.

What is the difference between symmetric encryption and asymmetric encryption?

Symmetric encryption and asymmetric encryption

Symmetric encryption, or private keys (also known as regular encryption) are shared by both parties.

The sender uses the key to encrypt plaintext into a secret when performing mathematical operations. The recipient uses the same password.

The key restores the ciphertext to plain text. RSA RC4 algorithm, Data Encryption Standard (DES), International Data Encryption

Algorithms (IDEA) and Skipjack encryption technologies are symmetric encryption methods.

Asymmetric encryption. When sending information,

The sender encrypts the data using the receiver's public key, while the receiver decrypts the data using its own private key,

In this way, the information can arrive at the destination safely and without error. Even if it is intercepted by a third party,

And cannot be decrypted. The encryption process is irreversible by means of numbers, that is, only private keys can be used for decryption.

Public key encryption technology allows digital signature of information. Use the sender's

The private key encrypts a part of the sent information. The sender

The sender's public key decrypts the digital signature to verify the sender's identity. In symmetric encryption (or called a single key)

Only one key is used to encrypt and decrypt information. Although single-key encryption is a simple

But both parties must completely trust each other and hold the backup of this key. However

Reaching this level of trust is not as simple as you think. When both parties try to establish a trust relationship

A possible security breach has already occurred. First, key transmission is an important issue.

If the key is intercepted, there is no security for this key and related important information. Asymmetric

Encryption uses a pair of keys in the encryption process. Unlike symmetric encryption, only one separate key is used.

. One key is used for encryption, and the other key is used for decryption. An important concept is that a key in the pair is used for public use.

The other is a private key. The other is called a public key, and the other half needs security protection.

Is the private key. One disadvantage of asymmetric encryption is that encryption is very slow because it requires strong

A Mathematical Program. If a user needs asymmetric encryption

It may take several hours. Another name of asymmetric encryption is public key encryption.

. Although both the private key and public key are related to mathematics, it is very difficult to determine the value of the private key from the public key.

And time-consuming. It is easy to manage asymmetric encryption keys for communication over the Internet.

Because the public key can be easily transmitted, the private key must be carefully protected by the user.
Reference: blog.csdn.net/..8.aspx