Javaweb Learning Summary 18 (software cryptography, HTTPS connector configuration tomcat, and Tomcat management platform)

One: Software cryptography

1: Symmetric encryption

Symmetric encryption is the fastest and simplest way to encrypt encryption (encryption) and decryption (decryption) with the same key (secret key). Symmetric encryption has many algorithms, and because of its high efficiency, it is widely used in the core of many cryptographic protocols.

Symmetric encryption typically uses a relatively small key, typically less than the size of a bit. The greater the key, the stronger the encryption, but the slower the encryption and decryption process. If you use only 1 bit to do this key, the hacker can first try to decrypt with the word, no, then use 1 solution, but if your key is 1 MB large, hackers may never crack, but the encryption and decryption process takes a long time. The size of the key is both to take care of the security, but also to take care of the efficiency, is a trade-off.

Disadvantages:

One of the big drawbacks of symmetric encryption is the management and allocation of keys, in other words, the question of how to send a key to someone who needs to decrypt your message. In the process of sending the key, there is a great risk that the key will be intercepted by hackers. The common practice in reality is to encrypt the symmetric encrypted key in an asymmetric manner and then pass it on to the person who needs it.

2: Asymmetric Encryption

Asymmetric encryption provides a very secure way to encrypt and decrypt data, using a pair of keys, public key, and private key. The private key can only be safely kept by one party and cannot be compromised, while the public key may be sent to any person requesting it. Asymmetric encryption uses one of these keys to encrypt, while decryption requires another key. For example, you ask the bank for the public key, the bank sends you the public key, you encrypt the message using the public key, then only the holder of the private key-the bank can decrypt your message. Unlike symmetric encryption, the bank does not need to send the private key over the network, so security is greatly improved.

The most commonly used asymmetric encryption algorithms are the RSA algorithm, Rivest, Shamir, and Adleman invented in 1978, and they were all at MIT.

Two: Configure the HTTPS Connector for Tomcat

1: Generate a digital certificate

Using the JAVA-brought command Keytool, $JAVA _home$/bin/keytool.exe, execute the command on the cmd command line to generate the digital certificate:

2: Copy the generated digital certificate to the Conf directory of the Tomcat server

3: Configure HTTPS Connector

To configure an HTTPS secure connection in the Server.xml file, you can first view the configured parameters and go to the Tomcat navigation page: http://localhost:8080

Next

Next

Next

Configuring the HTTPS security connector in the Server.xml file

<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11Protocol" sslenabled= "true"
maxthreads= "Scheme=" "https" secure= "true"
Clientauth= "false" sslprotocol= "TLS" keystorefile= "Conf/.keystore" keystorepass= "123456"/>

Keystorefile: Where is the digital certificate stored

Keystorepass: Is the password to enter the digital certificate

One thing to note here is the Protocol protocol, the Tomcat version issue, if you use the default protocol= "http/1.1" to start an error, you can

The protocol is modified to protocol= "Org.apache.coyote.http11.Http11Protocol".

4: The browser accesses https://localhost:8443, the server sends a digital certificate (public key) to the browser to encrypt the data that needs to be sent, but this digital certificate

is generated by the Sun Company Command, and is not registered with the CA, so the browser will have the following prompt:

Continue to install the certificate here.

5: Install digital certificate

Click Continue to browse the site

Then always "next" until the "import certificate" finishes and the installation succeeds.

Close the browser and open the input URL address again https://localhost:8443

You can safely access it.

6: Delete a digital certificate

IE browser settings

Delete the certificate successfully, close the browser, again visit, you will be prompted with dangerous information!!!

Three: Tomcat management platform

1: First configure the Tomcat user's administrator rights

Open the Conf directory under Tomcat-users.xml,

2: Login to Tomcat management platform, http://localhost:8080

3:tomcat Management Platform

Javaweb Learning Summary 18 (software cryptography, HTTPS connector configuration tomcat, and Tomcat management platform)