Tuesday, September 14, 2010

The basic principles of SSL

0 Introduction

Three years ago, my company has established and suppliers B2B e-commerce sites, I participate in this project to understand the network traffic encryption and SSL-related knowledge. With my knowledge and understanding of e-commerce continued to deepen, with the current continual emergence of various e-commerce platform, I stepped up on the SSL's learning and understanding. This will combine to present my understanding of the basic principles of SSL, considering most of those who read this article for the security and encryption has some understanding and awareness of this paper is as follows:

1 first introduced the SSL communication diagram, relevant background knowledge of network security people can read about the plan's basic principles of SSL.

2 on the SSL communication on the diagram to explain the text and description here will involve a number of encryption and security terms, so people who read for understanding this can be encrypted.

3 on some of the terminology involved a brief presentation and explanation, the need to understand the terminology of some encryption can be used as a brief reference to the reader.

The purpose of this paper is to explain in concise summary SSL principle, the need for readers to learn more about SSL theory can further read the relevant books and papers.

1 SSL communication diagram

SSL communication diagram shown in Figure 1:

2 SSL communications description

In this section, the schematic shown in Figure 1 will be explained. To illustrate the convenience of the client in this paper that for the B, the server side for the S.

STEP 1: B -> S (initiated dialogue, consultation transmission encryption algorithm)

Hi, S! I want you to security dialogue, my symmetric encryption algorithms are DES, RC5, I have RSA key exchange algorithm and DH, with MD5 digest algorithm and the SHA.

STEP2: S -> B (sending server digital certificate)

Hello, B! Then we use DES-RSA-SHA This combination of communication, in order to prove I was indeed S, now send me the digital certificate to you, you can verify my identity.

STEP 3: B -> S (send this dialogue of the key)

(Check S's digital certificate is correct, the certificate issued by CA agencies verify the validity of S after the real certificate. Generated by using S's public key encryption key to send this dialogue to the S)

S, I have confirmed your identity, now we have this communication in the symmetric key encryption algorithm to send to you.

STEP4: S -> B (for key)

(S to obtain their private key to decrypt the key in this newsletter).

B, I have access to the keys. We can start correspondence.

STEP5: S <-> B (for communication)

Note: In general, when B is confidential information during transmission by, B does not require digital certificates verify the authenticity of his or her identity, such as e-banking application, customers need to send your account number and password to the bank, the banks of the Fu Wuqi need to install the digital certificate to show the effectiveness of their own identity. In some B2B applications, server-side also needs to verify the identity of the client, then the client also need to install a digital certificate to ensure communication when the server can identify a client's identity, the identity verification process is similar to server authentication process.

Also need to note that in some e-commerce applications, may also be used to e-signatures, or to more secure information exchange, will increase the electronic signature and message check code (MAC).

3 describes the knowledge

With the continuous development of e-commerce, SSL protocol has been more widely used. SSL protocol is between the HTTP protocol and an optional layer between the TCP can be expressed as

Here we have an example to explain the how the SSL protocol to access the secure website, if we buy in the online game cards in the game click on the payment page, we will enter the following interface:

Then we note that in the browser's address bar begins with HTTPS rather than HTTP, the browser's bottom right corner there is a lock, indicating SSL encrypted channel has been established. As layer in the process of HTTP request into a first HTTP request, then SSL TCP and IP layer by layer to achieve the browser and server handshake (HANDSHAKE), the server level access to the key, the last TCP layer of encryption between the server channel to achieve the objective of both sides to exchange information security.

In order to facilitate understanding of SSL, the following information in a brief overview of encryption-related knowledge. Encrypted information using the key type of encryption algorithm can be divided into the following categories: HASH coding, symmetric encryption and asymmetric encryption categories.

HASH HASH algorithm coding is to use the length of the message from any calculation of the value of a process HASH, HASH value can be said that the fingerprint information, as any different messages, almost always have different values HASH. Therefore, in the process of SSL communications, messages can be encrypted HASH value to ensure the delivery of the message has not been altered during transmission.

Called public key encryption or asymmetric encryption uses two mathematically related values to encode the information (encrypted), in which a number called the public key, and the other called the private key. Public key encryption private key can decrypt the information, private key encryption public key can decrypt the information. As the public key can be issued a large area, so public-key encryption in the SSL encrypted communication used on the encryption keys or digital signatures.

Symmetric encryption and asymmetric encryption is the difference compared to symmetric encryption, the encrypted information and decrypt information using the same key, so the key can not open. But it has the encryption, decryption rapid.

In SSL communication, the first non-symmetric encryption exchange of information, so the server provides browser access to the symmetric encryption key, and then communicate using the key information in the process of encryption and decryption. To ensure the message has not been tampered with during transmission can be encrypted HASH code to ensure the integrity of information.

Server digital certificate issued to the main Web site or other server requires a secure identification to prove identity of the server information, the same client-side digital certificates used to prove the identity of the client. In Guangdong Electronic Certification Authority Web site, you can see all the digital certificates issued by the agency detailed description of the function.

Recommended links:

ps3 Flv

wmv ps3

Matroska video

online wav to mp3 converter

No comments:

Post a Comment