The concept of SSL customs clearance (one)

Recent projects in the company involve a variety of encryption and security. I have always lacked experience in this area. It is a protocol that only knows what the concept is. Encrypted SSL for transport is also a painstaking. Very easy one thing, tossing for a long time. It's the line, really. The difficulty is not, the participants are difficult.

About SSL-related concepts. The following website:

Http://zhidao.baidu.com/question/327361625.html?pn=0

Http://baike.baidu.com/view/16147.htm?

Fr=aladdin#3

Http://baike.baidu.com/link?url=huf3fdrLoAKVqIkbZF8G5emlytuFCj6XRA4doqRyGj4mV7Et1fPq8ksYVRuycntJQrJiqo0LsEnMmSNIoXz2mq

Http://baike.baidu.com/link?

Url=phbxnikpxsveuujmcfiyabrvmkvwtfmdtj5bf3abjctfdnfhkeicn64rrylb9q_kfwvv1d27qf20yfu7g7z6w_

Have a deep understanding of SSL. Basic knowledge Required: Encryption algorithm, symmetric encryption algorithm, asymmetric encryption algorithm, key (public key, private key), digital certificate, HTTP protocol, HTTPS protocol, ISO Network seven layer protocol, etc.

Personal understanding: SSL, is the name of a protocol. Such a protocol based on encryption algorithm, in the process of transmission of the network through the encryption algorithm encryption, to reach the destination, with the key to decrypt the real content, and in the transmission of the network even if intercepted, because there is no key, do not know the decryption algorithm, very difficult or even can not decrypt, To achieve the role of data security.

And to complete this process. Here are a few things we need to do:

1, since the transmission of data is to be encrypted and decrypted. Then there will be a cryptographic decryption tool, for this tool, we call the key.

So. The first step is to create the key (purchased from a third party). Divided into server side and client.

2, the key is created, then we have to put this key in a place. Then let it take effect. So the second step. is to put the key in the server (Nginx, Tomcat, IIS, and so on), and change the configuration of the server (such as Tomcat is changing server.xml) to make it work.

Where does the client put it? Naturally it was put to the client. For Web applications, it is put into the browser, but for the user to go where to hold a key? In general, the server side will provide the client download address (so when we browse some sites, especially the bank site, we will first download a certificate.) This certificate is actually a key). For mobile apps, this key will normally be put in the APK (of course, this in the development of the time put in the inside, the user is not aware of the drop).

3. Everything is ready.

Start your interview. The client takes the certificate to visit Server,server (Tomcat) The first step is to verify that the certificate is incorrect (that is, to decrypt it with a key), assuming that the error is incorrect. Let's assume that's right. Then go to see if the address is present. Assume that the address does not exist. A 404 error is thrown. Assume that the address exists. To decrypt the content and start a real business interview process)

Good. Personal understanding of this, the following is a few about the SSL (official) Concept:

One, SSL

The English name of SSL is "Secure Sockets Layer". The Chinese name is "Secure Sockets Layer protocol layer", which is a WEB application-based security protocol proposed by Netscape (Netscape). The SSL protocol specifies a mechanism for layering data security between application protocols such as HTTP, Telenet, NMTP, and FTP, and the TCP/IP protocol. It provides data encryption, server authentication, message integrity, and optional client authentication for TCP/IP connections.

The SSL protocol is located between the TCP/IP protocol and various application layer protocols, providing security support for data communication. The SSL protocol can be divided into two tiers: SSL record Protocol (SSL recorder Protocol): It is based on a reliable transport protocol (such as TCP) to provide high-level protocol data encapsulation, compression, encryption and other basic functions of support. SSL Handshake Protocol (SSL handshake Protocol): It is based on the SSL logging Protocol, which is used to authenticate, negotiate encryption algorithms, exchange encryption keys, and so on before the actual transmission data is started.

SSL (secure Sockets layer Secure socket), and its successor Transport Layer Security (Transport layer Security,tls) is a security protocol that provides security and data integrity for network traffic. TLS encrypts the network connection with SSL at the transport layer.

Second, SSL certificate:

The SSL certificate establishes an SSL secure channel between the client browser and the webserver (Secure Socket Layer (SSL) security protocol is designed and developed by the Netscape Communication Company. This security protocol is mainly used to provide authentication to the user and server, encrypt and hide the transmitted data, and ensure that the data is not changed in the transmission. That is, the integrity of data has become the standard of globalization in this field.

Because SSL technology has been built into all basic browsers and webserver programs, so. You can activate this feature only if you need to install a server certificate).

That is, through it can activate the SSL protocol, to achieve the data information between the client and the server encrypted transmission, to prevent the disclosure of data information. Ensure the security of the two-party transmission of information. And the user is able to verify with the server certificate whether the site he is visiting is real or reliable.

Digital signature is also known as the number of signs, signatures (i.e. digital certificate,digital ID). A method of authenticating online is provided, which is a digital information file which is used to sign and prove the identity of the network communication, which is similar to the driver's license or ID card in daily life. Digital signature is mainly used for sending secure e-mail, visiting security website, online bidding and bidding, online signing, online ordering, secure online document transmission, online office, online payment, online tax and online shopping and other safe online electronic trading activities.

Third, the use of SSL meaning

When the server deploys an SSL certificate, it ensures that the confidential information entered by the user on the browser and the confidential information queried from the server is highly encrypted and transmitted from the user's computer to the server, and is not likely to be tampered with or stolen illegally. At the same time to the site visitors to prove the true identity of the server, this real identity is verified by a third-party authority.

This has two implications: Data encryption and authentication.

Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.

The concept of SSL customs clearance (one)