The whole process of encrypted TCP Communication

Source: Internet
Author: User
Tags sha1

Http://blog.csdn.net/jiyanfeng1/article/details/8173733

From: http://blog.csdn.net/laotse/article/details/5910378

First, three concepts: 1. irreversible encryption 2. reversible symmetric encryption 3. reversible asymmetric encryption

1. irreversible encryption. The most familiar type is MD5 sha1, which cannot be decrypted after encryption. It can only be used to store passwords and verify file changes, and cannot be used for network communication.

2. reversible and symmetric encryption: Use a key to encrypt the content. Anyone with this key can decrypt the key, just like logging on to Windows. If there is a password, anyone can log on, however, without this key, it would be difficult to decrypt it, just as cracking windows passwords would require exhaustion. It is ideal for encrypted network communication. If both the client and the server have keys, the communication process is confidential. Even if the communication content is intercepted, a bunch of encrypted bytes are displayed, and the communication content is secure.

But this creates a problem. The client has this key in a certain part of the program. If it is decompiled or something is discovered, in the future, all client and server communications can be decrypted by the intercepted person, thus losing the meaning of encryption. Therefore, this key server must be frequently changed and cannot be sent to the client in advance. It must be sent to the client before each communication, however, this key can still be intercepted, so how to send the key securely becomes the key. As long as the key is secure, the entire symmetric encryption is secure, if the key is discovered, there is no secret in this process.

So reversible asymmetric encryption appears.

3. reversible asymmetric encryption: when the client communicates with the server, the client uses asymmetric encryption to generate two random keys, a public key and a key. The key is here, the content encrypted with this public key cannot be decrypted with the public key. Only the key can be decrypted. The client sends the public key to the server. The server uses the Public Key generated by this client to encrypt the content and return it to the client, the client decrypts the key.

Take a closer look at this process. Assume there is an interceptor. At the beginning, the customer sends the public key to the server. For example, if the interceptor intercepts the public key, the server returns the content encrypted with the public key, it was intercepted by the Interceptor. the interceptor wanted to use the public key for decryption, but found that the public key could not be used. The content encrypted by the Public Key could only be decrypted by the key, and the Public Key only played a role in encryption. Where is the key? In the memory of the client program, it is not sent through the network (and, this public key and key are temporarily generated randomly, in the memory, when the client is not running, the program can be decrypted even if the program is decompiled. Even if the interceptor intercepts the contents encrypted by the public key and public key, it's also a bit useless. Therefore, the contents returned by the server encrypted with the public key are safe.

 

I don't know how many times that asymmetric encryption is more secure than symmetric encryption. It's all random. It's just like using asymmetric encryption. What should I do with symmetric encryption? However, asymmetric communication is good, but it is slow, so it cannot encrypt a large amount of communication content (I don't know, it's all said ), you can only use this method to transmit important content when you start communication.

So what content is used to transfer points?

 

The key used to transmit symmetric encryption is very suitable. The two parts do not mean that the only insecure part of symmetric encryption is that the key transfer process is insecure, then, use asymmetric encryption to transmit the symmetric encryption key. In this way, the transmission process of the symmetric encryption key is secure. The key security problem is solved, so symmetric encryption and asymmetric encryption are just as secure, in this case, asymmetric encryption is disabled, and symmetric encryption will be used in the future, and the speed will also increase. This is the combination of asymmetric encryption and symmetric encryption. Many applications on the Internet use this method.

It is too easy to implement these three types of encryption in. net. They are encapsulated classes that cannot be better. The process is complete in a few lines. Tripledescryptoserviceprovider is used for symmetric encryption. A maximum of 24 bytes (192 bits) are supported. rsacryptoserviceprovider is used for asymmetric encryption.

  • Previous Article: Basic Principles of RSA Encryption Algorithm
  • Next article: irreversible encryption algorithm
  • From: http://blog.csdn.net/laotse/article/details/5910378

    First, three concepts: 1. irreversible encryption 2. reversible symmetric encryption 3. reversible asymmetric encryption

    1. irreversible encryption. The most familiar type is MD5 sha1, which cannot be decrypted after encryption. It can only be used to store passwords and verify file changes, and cannot be used for network communication.

    2. reversible and symmetric encryption: Use a key to encrypt the content. Anyone with this key can decrypt the key, just like logging on to Windows. If there is a password, anyone can log on, however, without this key, it would be difficult to decrypt it, just as cracking windows passwords would require exhaustion. It is ideal for encrypted network communication. If both the client and the server have keys, the communication process is confidential. Even if the communication content is intercepted, a bunch of encrypted bytes are displayed, and the communication content is secure.

    But this creates a problem. The client has this key in a certain part of the program. If it is decompiled or something is discovered, in the future, all client and server communications can be decrypted by the intercepted person, thus losing the meaning of encryption. Therefore, this key server must be frequently changed and cannot be sent to the client in advance. It must be sent to the client before each communication, however, this key can still be intercepted, so how to send the key securely becomes the key. As long as the key is secure, the entire symmetric encryption is secure, if the key is discovered, there is no secret in this process.

    So reversible asymmetric encryption appears.

    3. reversible asymmetric encryption: when the client communicates with the server, the client uses asymmetric encryption to generate two random keys, a public key and a key. The key is here, the content encrypted with this public key cannot be decrypted with the public key. Only the key can be decrypted. The client sends the public key to the server. The server uses the Public Key generated by this client to encrypt the content and return it to the client, the client decrypts the key.

    Take a closer look at this process. Assume there is an interceptor. At the beginning, the customer sends the public key to the server. For example, if the interceptor intercepts the public key, the server returns the content encrypted with the public key, it was intercepted by the Interceptor. the interceptor wanted to use the public key for decryption, but found that the public key could not be used. The content encrypted by the Public Key could only be decrypted by the key, and the Public Key only played a role in encryption. Where is the key? In the memory of the client program, it is not sent through the network (and, this public key and key are temporarily generated randomly, in the memory, when the client is not running, the program can be decrypted even if the program is decompiled. Even if the interceptor intercepts the contents encrypted by the public key and public key, it's also a bit useless. Therefore, the contents returned by the server encrypted with the public key are safe.

     

    I don't know how many times that asymmetric encryption is more secure than symmetric encryption. It's all random. It's just like using asymmetric encryption. What should I do with symmetric encryption? However, asymmetric communication is good, but it is slow, so it cannot encrypt a large amount of communication content (I don't know, it's all said ), you can only use this method to transmit important content when you start communication.

    So what content is used to transfer points?

     

    The key used to transmit symmetric encryption is very suitable. The two parts do not mean that the only insecure part of symmetric encryption is that the key transfer process is insecure, then, use asymmetric encryption to transmit the symmetric encryption key. In this way, the transmission process of the symmetric encryption key is secure. The key security problem is solved, so symmetric encryption and asymmetric encryption are just as secure, in this case, asymmetric encryption is disabled, and symmetric encryption will be used in the future, and the speed will also increase. This is the combination of asymmetric encryption and symmetric encryption. Many applications on the Internet use this method.

    It is too easy to implement these three types of encryption in. net. They are encapsulated classes that cannot be better. The process is complete in a few lines. Tripledescryptoserviceprovider is used for symmetric encryption. A maximum of 24 bytes (192 bits) are supported. rsacryptoserviceprovider is used for asymmetric encryption.

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.