SSL encryption principle

SSL encryption method
Keywords: SSL encryption method
With the development of computer network technology, the convenient and fast Internet connection has gradually become accustomed to sending and receiving e-mail, shopping and
Transaction, the web page needs to transmit important or sensitive data, such as the user's bank account, password, etc., so Network Security
It becomes an urgent problem for modern computer network applications.

Currently, large online transaction systems such as online banking and e-commerce generally adopt the combination of HTTP and SSL. Server adopts
A web server that supports SSL. The client uses a browser that supports SSL for secure communication.
SSL is the abbreviation of Secure Socket Layer (Secure Sockets Layer Protocol). It can provide confidential transmission over the Internet.
Netscape released the first web browser and put forward the SSL protocol standard, which currently has version 3.0. Public SSL
Key enabling technology. The goal is to ensure the confidentiality and reliability of the communication between the two applications, and support can be achieved at the same time on the server side and the client side.
Hold. Currently, the SSL protocol using public key technology has become an industrial standard for secure communication on the Internet. This article focuses on
SSL protocol and SSLProgramDESIGN: Let's talk about the author's understanding of SSL.

SSL Protocol Introduction
The Secure Sockets Layer Protocol keeps the communication between users and server applications from being eavesdropped by attackers and always authenticates the server,
You can also select to authenticate users. The SSL protocol must be built on a reliable transport layer protocol (TCP. The advantage of SSL is that
It is independent from the application layer protocol, and the high-level application layer protocol (such as HTTP, FTP, and telnet) can be transparently established.
SSL protocol. The SSL protocol is encrypted before the application layer protocol communication. Algorithm Communication Key Negotiation and Server Authentication
Work. After that, the data transmitted by the application layer protocol will be encrypted to ensure the privacy of the communication.
As described above, the secure channel provided by the SSL protocol has the following three features:
1. Data Confidentiality
Information Encryption is to convert plaintext input files into encrypted files using encryption algorithms to keep data confidential. Encryption process needs
Use the key to encrypt the data and then decrypt it. Without a key, the encrypted data cannot be unlocked. After data encryption, only the key
It must be transmitted in a safe way. Encrypted data can be publicly transmitted.
2. Data Consistency
Encryption can also ensure data consistency. For example, the message Verification Code (MAC) can verify the encrypted information provided by the user. The recipient can
The encrypted data is verified on Mac to ensure that the data has not been tampered with during transmission.
3. Security Verification
Another purpose of encryption is to be used as a personal identity, and the user's key can be used as his security authentication identity.
SSL uses public key encryption technology (RSA) as the encrypted communication protocol between the client and the server when transmitting confidential data.
Currently, most web servers and browsers support SSL technology extensively. When the browser tries to connect to
When the server is encrypted, an SSL session is awakened. the browser checks the authentication and must meet the following three conditions:
1) there is an authority issuing certificates. Of course, you can create self-signed certificates (X509 structure ).
2) The certificate cannot expire.
3) The certificate belongs to the server it is connected.
Only when all three conditions are met can the browser successfully complete authentication. With these three conditions, you can confirm that your browser is connected.
To the correct server, rather than connecting to a false server that wants to steal important information such as user passwords.
In today's e-commerce, another widely used security protocol is the SET protocol. Set (Secure Electronic Transaction,
Security Electronic Transactions) The Agreement was jointly launched by two major credit card companies, Visa and MasterCard, in May 1997. Set power-on
Sub-transactions provide greater trust, more complete transaction information, higher security, and less fraud. SET transaction
It may be divided into three phases: the user purchases the goods from the merchant and confirms the payment; the merchant verifies the payment with the bank; and the bank pays the payment to the merchant. Each stage has
It involves RSA Data Encryption and RSA digital signature. Using the SET protocol, you must complete multiple encryption and decryption operations in one transaction,
Therefore, it has high security, but the SET protocol is more complex than the SSL protocol. both sellers and banks need to transform the system to achieve interoperability.
In Linux, OpenSSL servers are popular for SSL authentication. The OpenSSL Project is a cooperative project developed
Robust, business-level, and complete openness Source code Tool Kit, using powerful encryption algorithms to achieve Secure Socket Layer
(Secure Sockets Layer, SSL v2/v3) and Transport Layer Security (Transport Layer Security, TLS v1 ).
This project is managed and developed by volunteers around the world OpenSSL Toolkit and related documents.
How to configure the OpenSSL server in Linux first download from the OpenSSL homepage (http://www.openssl.org /)
Openssl-version.tar.gz software package to compile and install, with Apache server can establish a web server supporting SSL,
You can also use self-signed certificates for authentication. For details about how to compile and install the OpenSSL server, refer to OpenSSL howto.
Documentation.

Preliminary introduction to SSL Program Design
The SSL communication model is a standard C/S structure. In addition to the transmission over the TCP layer, there is no obvious area for communication with general users.
No. Here, we mainly introduce how to use OpenSSL for secure communication program design. Some details about OpenSSL
For more information, see the OpenSSL official homepage http://www.openssl.org.
Before using OpenSSL, you must initialize OpenSSL. Choose one of the following three functions:
Ssl_library_init (void );
Openssl_add_ssl_algorithms ();
Ssleay_add_ssl_algorithms ();
In fact, the following two functions are only the macros of the first function.
If you want to use OpenSSL error information, use ssl_load_error_strings (void) to initialize the error information. Later
You can use void err_print_errors_fp (File * FP) to print SSL error messages.
For an SSL connection session, you must first apply for an SSL environment. The basic process is as follows:
1. ssl_method * meth = tlsv1_client_method (); The Protocol used to create this session connection.
To use
Ssl_method * tlsv1_client_method (void); tlsv1.0 Protocol
Ssl_method * sslv2_client_method (void); SSLv2 protocol
Ssl_method * sslv3_client_method (void); SSLv3 Protocol
Ssl_method * sslv23_client_method (void); SSLv2/V3 Protocol
The server also needs to create the protocol used for this session:
Ssl_method * tlsv1_server_method (void );
Ssl_method * sslv2_server_method (void );
Ssl_method * sslv3_server_method (void );
Ssl_method * sslv23_server_method (void );
Note that the client and server must use the same protocol.
2. The environment for applying for an SSL session CTX uses different protocols for the session. The environment is also different. Apply for an SSL session Ring
Environment's OpenSSL function is
Sslk_ctx * ssl_ctx_new (ssl_method *); the parameter is the previously applied SSL communication method. Returns current
The pointer to the SSL connection environment.
Then, set the CTX Attribute Based on your needs. Typically, set the SSL handshake certificate verification method and load your own
.
Void ssl_ctx_set_verify (ssl_ctx *, Int, int * (INT, x509_store_ctx *))
Set the certificate authentication method.
The first parameter is the current CTX pointer, and the second parameter is the verification method. To verify the other party, use
Ssl_verify_peer. If not, use ssl_verify_none. Generally, the client needs to verify the other party
The server is not required. The third parameter is the callback function for processing verification. If there is no special need, use a null pointer.
Void ssl_ctx_load_verify_locations (ssl_ctx *, const char *, const char *);
Load the certificate;
The first parameter is the same as above. The second parameter is the name of the Certificate file, and the third parameter is the path of the Certificate file;
Int ssl_ctx_use_certificate_file (ssl_ctx * CTX, const char * file, int type );
Load the local certificate. type indicates the structure type of the Certificate file.-1 is returned if the certificate fails to be loaded.
Int ssl_ctx_use_privatekey_file (ssl_ctx * CTX, const char * file, int type );
Load your own private key. The type parameter specifies the structure type of the private key file. If the file fails to be loaded,-1 is returned.
After the certificate and file are loaded, you can verify that the private key and certificate are consistent:
Bool ssl_ctx_check_private_key (ssl_ctx *);
3. Since SSL uses the TCP protocol, you must attach the SSL to the connected socket:
SSL * ssl_new (ssl_ctx *); apply for an SSL set of characters;
Int ssl_set_rfd (SSL *); bind a read-only socket
Int ssl_set_wfd (SSL *); binding write-only socket
Int ssl_set_fd (SSL *); bound to a read/write socket
If the binding succeeds, 1 is returned. If the binding fails, 0 is returned;
4. The next step is the SSL handshake action.
Int ssl_connect (SSL *);-1 is returned if an error occurs.
5. After the handshake is successful, you can communicate. Use ssl_read and ss_write to read and write SSL sockets instead of the traditional
Read and Write
Int ssl_read (SSL * SSL, char * Buf, int num );
Int ssl_write (SSL * SSL, char * Buf, int num );
If it is a server, use ssl_accept instead of the traditional accept call.
Int ssl_accept (SSL * SSL );
6. After the communication ends, you need to release the previously applied SSL resources.
Int ssl_shutdown (SSL * SSL); disable SSL socket;
Void ssl_free (SSL); releases an SSL socket;
Void ssl_ctx_free (CTX); release the SSL environment;
OpenSSL has developed to version 0.9.96, but it has few documents, and even connects to the most basic man Function
Not completed. Therefore, this article focuses on the framework for Program Design Using OpenSSL. More detailed information
You can refer to the OpenSSL document or the Apache mod_ssl document.
Through the above introduction, I think readers have some knowledge about the SSL protocol, and the author will continue to introduce it to you later.
Other aspects of the SSL protocol.

SSL principle decryption
This article is from:
Http://noc.cstnet.net.cn/
Fan Xiaoming

RSA public key encryption is widely used in the computer industry for authentication and encryption. An RSA public key encryption license that can be obtained from RSA Data Security Inc. Public key encryption is an asymmetric encryption or decryption method. Each pair of passwords consists of a public key and a private key. Public Keys are widely released. The private key is private and not public. Data Encrypted with the public key can only be decrypted by the private key. In turn, data encrypted with the private key can only be decrypted with the public key. This asymmetric feature makes public key encryption very useful.

Use public key encryption for authentication

Authentication is an identity authentication process. In the following examples, public key encryption can easily verify the identity of A and B. The symbol {data} key indicates that "data" has been encrypted or decrypted using a password. Assume that a wants to verify B's identity. B has a pair of passwords. One is public and the other is private. The Public Key disclosed by Party B to Party. A generates a random message and sends it to B. A --> B: Random-message

B uses his private key to encrypt the message and returns the encrypted message. B --> A: {random-message} B's private key

A receives the message and decrypts it using the public key previously published by B. He compares the decrypted message with the original message sent to B. If they are exactly the same, they will know that they are talking to Party B. Any man-in-the-middle does not know the private key of Party B, nor does it properly encrypt random messages of Party A's check.

Unless you know your encrypted message clearly. It is not a good idea to encrypt the message with the private key and then send it to others. Because the encryption value may be used against you, it must be noted that only you have a private key, so only you can encrypt the message. Therefore, instead of encrypting the original message sent by a, B creates an information segment and encrypts it. The information segment is taken from random message and has the following useful features:

1. This information segment cannot be restored. No one can obtain the original message from the information segment even if it is disguised as B;

2. counterfeits calculate the same information segment value for different messages;

3. Use the Information Section to protect yourself. He calculates random information segments sent by a, encrypts the results, and sends encrypted information segments to return. A can calculate the same information segment and decrypt B's Message Authentication B.

This technology only depicts digital signatures. The random messages generated by encrypting A have been signed by B in. Therefore, encryption is required for the authentication protocol. Some messages are generated by B:

A --> B: Hello, are you B?

B --> A: A. I am B.

{Information Section [a, I am B]} B's private key

When you use this protocol, Party B knows the message sent to Party B and does not mind signing it. He first sent unencrypted information, "a, I am B. ", And then send the message version encrypted by the information segment. A can easily verify that B is B. At the same time, B has not signed the information he does not want.

Submit Public Key

Then, how does B submit his public key in a trusted manner? Check the Authentication Protocol as follows:

A --> B: Hello

B --> A: Hi, I'm the public key of B and B.

A --> B: prove it

B --> A: A. I am B {Information Section [a, I am B]} B's private key

Under this agreement, anyone can become "B ". All you need is the public key and private key. You send a message to Party A saying that you are B, so that your public key replaces the password of Party B. Then, you send a message encrypted with your private key to prove your identity. A cannot find that you are not B. To solve this problem, the standard organization has invented the certificate. A certificate has the following content:

* Certificate Issuer name

* Certificate issuance Organization

* Title Public Key

* Postmark

The certificate is encrypted with the issuer's private key. Everyone knows the public key of the certificate issuer (in this way, each certificate issuer has a certificate ). A certificate is a protocol that binds a public key to a name. By using the certificate technology, each person can check the certificate of Party B to determine whether it has been counterfeited. Let us assume that Party B controls his private key and he does get the certificate.

These are revised protocols:

A --> B: Hello

B --> A: Hi, I'm B and B's verification.

A --> B: prove it

B --> A: A. I am B {Information Section [a, I am B]} B's private key

Now when a receives the first message from B, he can check the certificate, sign (as described above, use the information segment and public key for decryption), then check the title (name of B), and confirm it is B. He can believe that the public key is B's public key and requires B to prove his identity. Through the above process, Party B creates an information segment and replies to Party A with a signature version. A can verify the information segment of B by using the public key obtained from the certificate and check the result.

If a hacker is called H

A --> H: Hello

H --> you cannot create a message that allows a to believe B.

Secret)

Once Party A has verified Party B, it can send a message to Party B that only Party B can decrypt and read:

A --> B: {secret} B's public key

The only way to find the password is to use the private key of B to decode the above information. Password exchange is another effective way to use password encryption. Only Party B can obtain the password even if communication between Party A and Party B is listened on.

Using a password as another secret-key enhances network security, but this time it is a symmetric encryption algorithm (such as des, RC4, and ide ). Because a generates a password before sending it to B, A knows the password. B knows the password because B has a private key and can decrypt the information of. But they all know the password. They can initialize a symmetric password algorithm and start to send encrypted information. Here is the revised agreement:

A --> B: Hello

B --> A: Hi, I'm B and B's verification.

A --> B: prove it

B --> A: A. I am B {Information Section [a, I am B]} B's private key

A --> B: OK B, here is a secret {secret} B's public key

B --> A: {some message} secret-key

Hacker eavesdropping

If a malicious hacker H is in the middle of Party A and Party B, although he cannot find the password he or she has exchanged, he or she can interfere with their conversation. He can let go of most of the information and choose to destroy some information (this is very simple because he knows the protocol used for communication between Party A and Party B ).

A --> H: Hello

H --> B: Hello

B --> H: Hi, I'm B and B's validation.

H --> A: Hi, I'm B and B.

A --> H: prove it

H --> B: prove it

B --> H: A. I am B {Information Section [a, I am B]} B's private key

H --> A: A. I am B {Information Section [a, I am B]} B's private key

A --> H: OK B, here is a secret {secret} B's public key

H --> B: OK B, here is a secret {secret} B's public key

B --> H: {some message} secret-key

H --> A: garble [{some message} secret-key]

H ignore some data and do not change until a and B exchange passwords. Then, H interferes with the information given to Party. In this regard, Party A believes in Party B, so he may believe that the message has been disturbed and try his best to decrypt it.

Note that H does not know the password. All he can do is destroy the data encrypted with the key. Based on the Protocol, h may not produce a valid message. But next time?

To prevent such damages, Party A and Party B generate a message authentication code in their protocol ). A verification code message (MAC) is a part of data generated by passwords and some transmitted messages. The above features described by the information segment algorithm are exactly what they use to defend against H:

MAC = digest [some message, secret]

H cannot obtain the correct value because he does not know the password. Even if H interferes with messages randomly, as long as the data volume is large, there is little chance of success. For example, using hd5 (a good encryption algorithm invented by RSA), A and B can send 128-bit MAC values and their messages. H. I guess the chance of a correct Mac is nearly 1/18, and 446,744,073,709,551,616 is about to be equal to zero.

This is the modified protocol again:

A --> B: Hello

B --> A: Hi, I'm B and B's verification.

A --> B: prove it

B --> A: Hi, I'm B and B's verification.

A: I'm B.

{Information Section [a, I am B]} B's private key

OK B, here is the public key of a secret {secret} B

{Some message, Mac} secret-key

Now H has no technical support. He interferes with all the messages, but Mac computers can find him. A and B can detect FAKE MAC values and stop talking. H can no longer communicate with B.