SSL principle decryption)

RSA public key encryption is widely used in the computer industry for authentication and encryption. An RSA public key encryption license that can be obtained from RSA Data Security Inc. Public key encryption is an asymmetric encryption or decryption method. Each pair of passwords consists of a public key and a private key. Public Keys are widely released. The private key is private and not public. Data Encrypted with the public key can only be decrypted by the private key. In turn, data encrypted with the private key can only be decrypted with the public key. This asymmetric feature makes public key encryption very useful.

Use public key encryption for authentication

Authentication is an identity authentication process. In the following examples, public key encryption can easily verify the identity of A and B. The symbol {data} key indicates that "data" has been encrypted or decrypted using a password. Assume that a wants to verify B's identity. B has a pair of passwords. One is public and the other is private. The Public Key disclosed by Party B to Party. A generates a random message and sends it to B. A-> B: Random-message

B uses his private key to encrypt the message and returns the encrypted message. B-> A: {random-message} B's private key

A receives the message and decrypts it using the public key previously published by B. He compares the decrypted message with the original message sent to B. If they are exactly the same, they will know that they are talking to Party B. Any man-in-the-middle does not know the private key of Party B, nor does it properly encrypt random messages of Party A's check.

Unless you know your encrypted message clearly. It is not a good idea to encrypt the message with the private key and then send it to others. Because the encryption value may be used against you, it must be noted that only you have a private key, so only you can encrypt the message. Therefore, instead of encrypting the original message sent by a, B creates an information segment and encrypts it. The information segment is taken from random message and has the following useful features:

1. This information segment cannot be restored. No one can obtain the original message from the information segment even if it is disguised as B;

2. counterfeits calculate the same information segment value for different messages;

3. Use the Information Section to protect yourself. He calculates random information segments sent by a, encrypts the results, and sends encrypted information segments to return. A can calculate the same information segment and decrypt B's Message Authentication B.

This technology only depicts digital signatures. The random messages generated by encrypting A have been signed by B in. Therefore, encryption is required for the authentication protocol. Some messages are generated by B:

A-> B: Hello, are you B?

B-> A: A. I am B.

{Information Section [a, I am B]} B's private key

When you use this protocol, Party B knows the message sent to Party B and does not mind signing it. He first sent unencrypted information, "a, I am B. ", And then send the message version encrypted by the information segment. A can easily verify that B is B. At the same time, B has not signed the information he does not want.

Submit Public Key

Then, how does B submit his public key in a trusted manner? Check the Authentication Protocol as follows:

A-> B: Hello

B-> A: Hi, I'm the public key of B and B.

A-> B: prove it

B-> A: A. I am B {Information Section [a, I am B]} B's private key

Under this agreement, anyone can become "B ". All you need is the public key and private key. You send a message to Party A saying that you are B, so that your public key replaces the password of Party B. Then, you send a message encrypted with your private key to prove your identity. A cannot find that you are not B. To solve this problem, the standard organization has invented the certificate. A certificate has the following content:

* Certificate Issuer name

* Certificate issuance Organization

* Title Public Key

* Postmark

The certificate is encrypted with the issuer's private key. Everyone knows the public key of the certificate issuer (in this way, each certificate issuer has a certificate ). A certificate is a protocol that binds a public key to a name. By using the certificate technology, each person can check the certificate of Party B to determine whether it has been counterfeited. Let us assume that Party B controls his private key and he does get the certificate.

These are revised protocols:

A-> B: Hello

B-> A: Hi, I'm B and B's verification.

A-> B: prove it

B-> A: A. I am B {Information Section [a, I am B]} B's private key

Now when a receives the first message from B, he can check the certificate, sign (as described above, use the information segment and public key for decryption), then check the title (name of B), and confirm it is B. He can believe that the public key is B's public key and requires B to prove his identity. Through the above process, Party B creates an information segment and replies to Party A with a signature version. A can verify the information segment of B by using the public key obtained from the certificate and check the result.

If a hacker is called H

Jia-> H: Hello

H-> cannot create a message that allows a to believe B.

Secret)

Once Party A has verified Party B, it can send a message to Party B that only Party B can decrypt and read:

A-> B: {secret} B's public key

The only way to find the password is to use the private key of B to decode the above information. Password exchange is another effective way to use password encryption. Only Party B can obtain the password even if communication between Party A and Party B is listened on.

Using a password as another secret-key enhances network security, but this time it is a symmetric encryption algorithm (such as des, RC4, and ide ). Because a generates a password before sending it to B, A knows the password. B knows the password because B has a private key and can decrypt the information of. But they all know the password. They can initialize a symmetric password algorithm and start to send encrypted information. Here is the revised agreement:

A-> B: Hello

B-> A: Hi, I'm B and B's verification.

A-> B: prove it

B-> A: A. I am B {Information Section [a, I am B]} B's private key

A-> B: OK B, here is a secret {secret} B's public key

B-> A: {some message} secret-key

Hacker eavesdropping

If a malicious hacker H is in the middle of Party A and Party B, although he cannot find the password he or she has exchanged, he or she can interfere with their conversation. He can let go of most of the information and choose to destroy some information (this is very simple because he knows the protocol used for communication between Party A and Party B ).

Jia-> H: Hello

H-> B: Hello

B-> H: Hi, I'm B and B's verification.

H-> A: Hi, I'm B and B's verification.

A-> H: prove it

H-> B: prove it

B-> H: A. I am B {Information Section [a, I am B]} B's private key

H-> A: A. I am B {Information Section [a, I am B]} B's private key

A-> H: OK B, here is a secret {secret} B's public key

H-> B: OK B, here is a secret {secret} B's public key

B-> H: {some message} secret-key

H-> A: garble [{some message} secret-key]

H ignore some data and do not change until a and B exchange passwords. Then, H interferes with the information given to Party. In this regard, Party A believes in Party B, so he may believe that the message has been disturbed and try his best to decrypt it.

Note that H does not know the password. All he can do is destroy the data encrypted with the key. Based on the Protocol, h may not produce a valid message. But next time?

To prevent such damages, Party A and Party B generate a message authentication code in their protocol ). A verification code message (MAC) is a part of data generated by passwords and some transmitted messages. The above features described by the information segment algorithm are exactly what they use to defend against H:

MAC = digest [some message, secret]

H cannot obtain the correct value because he does not know the password. Even if H interferes with messages randomly, as long as the data volume is large, there is little chance of success. For example, using hd5 (a good encryption algorithm invented by RSA), A and B can send 128-bit MAC values and their messages. H. I guess the chance of a correct Mac is nearly 1/18, and 446,744,073,709,551,616 is about to be equal to zero.

This is the modified protocol again:

A-> B: Hello

B-> A: Hi, I'm B and B's verification.

A-> B: prove it

B-> A: Hi, I'm B and B's verification.

A: I'm B.

{Information Section [a, I am B]} B's private key

OK B, here is the public key of a secret {secret} B

{Some message, Mac} secret-key

Now H has no technical support. He interferes with all the messages, but Mac computers can find him. A and B can detect FAKE MAC values and stop talking. H can no longer communicate with B