java-Information Security (vii)-understanding HTTPS based on asymmetric encryption, symmetric encryption, etc.

Overview

java-Information Security (i)-base64,md5,sha,hmac

java-Information Security (II.)-Symmetric encryption algorithm DES,3DES,AES,BLOWFISH,RC2,RC4

java-Information Security (iv)-data signing, digital certificates

java-Information Security (v)-Asymmetric encryption algorithm RSA

If you want to understand the good HTTPS, please try to understand the above information and so on.

See article:

Http://www.ruanyifeng.com/blog/2014/09/illustration-ssl.html

Https://cattail.me/tech/2015/11/30/how-https-works.html

Http://www.cnblogs.com/binyue/p/4500578.html

Basic concepts

HTTPS is actually made up of two parts: http + SSL/TLS, which adds a layer of encryption information to the HTTP module. The transfer of information between the server and the client is encrypted through TLS, so the transmitted data is encrypted.

HTTPS is an SSL/TLS-based HTTP protocol, and all HTTP data is transmitted over the SSL/TLS protocol package.

HTTPS protocol on the basis of the HTTP protocol, the addition of SSL/TLS handshake and data encryption transmission, also belongs to the application layer protocol.

The-->http protocol runs on top of TCP, and all transmitted content is plaintext, and neither the client nor the server can verify the identity of the other.

-->https is an HTTP protocol that runs on SSL/TLS, and SSL/TLS runs above TCP. All transmitted content is encrypted and encrypted with symmetric encryption, but the symmetric encryption key is asymmetric encrypted with the server-side certificate.

Asymmetric encryption, symmetric encryption, and hash algorithms are used in Tls/ssl .

legend "based on RSA model"

The first step

The browser gives the protocol version number, a random number generated by the client (client random), and a set of cryptographic rules supported by the client to be sent to the Web server.

Step Two

The server selects a set of cryptographic algorithms and hash algorithms, and sends its own identity information back to the browser in the form of a certificate, as well as a random number generated by the server (server random). The certificate contains information such as the website address, the encrypted public key, and the issuing authority of the certificate.

Step Three

The browser confirms that the digital certificate is valid, then generates a new random number (Premaster secret) and uses the public key in the digital certificate to encrypt the random number and send it to the server.

After obtaining the website certificate, the browser will do the following work:

A) Verify the legality of the certificate (the issuing authority is legal, the certificate contains the address of the website is consistent with the address being accessed, etc.), if the certificate is trusted, the browser bar will display a small lock, otherwise the certificate is not trusted to prompt.

b) If the certificate is trusted, or if the user accepts an untrusted certificate, the browser generates a random number of passwords and encrypts them with the public key provided in the certificate.

c) Use the agreed hash to calculate the handshake message, encrypt the message with the generated random number, and then send all previously generated information to the Web site.

Fourth Step

The server uses its own private key to obtain a random number (that is, Premaster secret) sent by the browser.

After the Web site receives the data from the browser, the following actions are done:

A) Use your own private key to decrypt the information to remove the password, use the password to decrypt the browser's handshake message, and verify that the hash is consistent with the browser.

b) Encrypt a handshake message with a password and send it to the browser.

Fifth Step

The browser and server use the preceding three random numbers to generate a "conversation key" (session key) based on the agreed encryption method, which is used to encrypt the entire conversation process.

encryption and hash algorithms for HTTPS general use

Asymmetric Encryption algorithm: RSA,DSA/DSS

Symmetric encryption algorithm: Aes,rc4,3des

Hash algorithm: md5,sha1,sha256

java-Information Security (vii)-understanding HTTPS based on asymmetric encryption, symmetric encryption, etc.