Concept 1. Symmetric encryption 2. Asymmetric encryption (public key encryption) 3. Message digest 4. Message authentication code 5. Digital signature 6. Public key certificate
Recommended to view this article first and then to read below: https://foofish.net/https-story-1.html here by a request to explain why need these things and a brief explanation to the concept, combined with this article hopes to easier to understand.
process
In a word, the Client initiates a request for public key encryption and sends it to the Server. The Server uses the private key to decrypt the data, and finally returns the data with public key encryption. The Client conducts post-decryption service for private key.
It seems so naturally simple. I myself is so naive to think is to add a secret solution to a secret? Ha ha
Ok, so what do these concepts do in terms of this seemingly simple process
First, the most obvious part of the process, encryption, let’s take a look at this
Symmetric and asymmetric encryption
Symmetric encryption: Encryption and decryption use the same key advantages: Fast speed Disadvantages: The Client needs to tell the Server the encryption mode, and the attacker knows the encryption mode after interception. Asymmetric encryption: encryption with the public key at one end and decryption with the private key at the other end Advantages: Symmetric encryption may be intercepted because the interceptor does not have a private key, he does not know how to decrypt disadvantages: much slower than the public key
Ok to here encryption should have a general concept, encryption things explained almost, here is a question, if the interception of tampering then how to do. This uses the message pick and message authentication code
Message Digest Indicates the authentication code of the message
To put it simply, this is to ensure the integrity and uniqueness of the data. When the interceptor changes the message, the Server will compare and find the difference and consider it as a tampered message
But the problem is again, although you can maintain integrity, interceptors can forge, interceptors can forge order information to attack and you can’t tell. Now what do you do? Digital signatures.
A digital signature
Digital signature means that the Client processes the message hash function to generate the message digest. The digest information is encrypted with the private key and then generates the signature and sends it to the Server. The Server extracts the signature and decrypts it with the signature sent by the Client
It all looks pretty good now. The last step is the public key certificate. If the public key certificate is replaced by the interceptor, there will need to be a Certification Authority (CA).
Public key certificate
The Certificate contains information such as user name, organization email address, and Public Key information. The CA provides digital signature to generate public-key Certificate PKC, which is short for Certificate.
So that’s the basic process. Rookie explanation, mainly for their own familiarity also hope that this relative vernacular can help small white understanding