In the case of Li Yunlong, the principle of SSL/TLS protocol can be explained as follows

At the end of the TV series "Bright Sword", there is a plot where Li Yunlong has been separated from Tian Yu for a long time, and Zhang Bailu takes advantage of the situation and tries to snatch Li Yunlong away.

Suddenly I realized that this paragraph can be used to explain the principles of SSL/TLS, which is perfect.

If Old Li lives a hundred years, Zhang Bailu still has evil intentions, and Tian Yu becomes a computer genius, how will things develop?

[[385863]]

Due to work reasons, Li Yunlong and Tian Yu have been separated for a long time. But now, with a computer, although they cannot meet each other, they can chat and transfer some data through the Internet.

Zhang Bailu discovered that Li Yunlong and Tian Yu were chatting online. She thought, since they were not chatting face to face, could they tamper with the content of their chat?

As expected, Zhang Bailu accidentally discovered that he could intercept the data that Tian Yu transmitted to Li Yunlong, tamper with it and then send it to Li Yunlong.

"Great! Li Yunlong and Tian Yu are set to divorce!"

At this time, Zhang Bailu launched a man-in-the-middle attack.

Later, Li Yunlong and Tian Yu found something wrong. The transmitted data content would be tampered by Zhang Bailu, but Tian Yu and Zhang Bailu had already torn their faces apart, and they couldn't find her. What should they do? In order to deal with Zhang Bailu's attack, Li Yunlong and Tian Yu began to encrypt the data.

Tian Yu made two identical keys and took advantage of his day off to go to Li Yunlong's headquarters and hand him one of the keys. Since only the two of them knew the key, it was also called the "secret key."

Before Tian Yu sends data to Li Yunlong, he first encrypts the data with the key. After Li Yunlong receives it, he decrypts the data with the key.

The key is not transmitted over the network, so Zhang Bailu cannot obtain it. Even if the transmitted data is intercepted, the data content cannot be tampered with. If Zhang Bailu really gets the key one day, it doesn't matter. He can just copy the same method and give Li Yunlong a new key.

Li Yunlong and Tian Yu use the same key, so this encryption algorithm is called a symmetric encryption algorithm.

In this way, Zhang Bailu's plan failed and he was unable to steal their data.

After a long time, technology continued to develop, and computer calculation speeds became faster and faster. Zhang Bailu wondered if he could crack the key by brute force.

It really worked! The key length designed by Tian Yu is only 56 bits, which was impossible to crack by brute force before. Now the calculation speed is fast, and it was easily solved in a few days!

So, Zhang Bailu started to monitor and tamper with the data transmitted between Li Yunlong and Tian Yu.

What to do? The first solution Tian Yu could think of was to increase the key length, directly increasing the key length to 256 bits. In this way, Zhang Bailu would not be able to crack the key by brute force.

The good times did not last long. Li Yunlong had long realized the importance of studying. Now that he was going abroad to study, it was impossible for him to exchange keys with Tian Yu face to face. Moreover, sometimes Tian Yu needed to communicate with other people, and it was impossible for him to meet with so many people privately to discuss a key.

[[385864]]

Is there any way to ensure that the data will not be stolen or tampered with by Zhang Bailu without meeting in person?

Tian Yu, who was smart, came up with another idea. He used a specific algorithm to generate a key pair (including a public key and a private key), and also told Li Yunlong to generate a key pair. The public key was made public, and the private key was kept by himself.

When Tian Yu wants to send data to Li Yunlong, he first encrypts the hash value with his private key, and then encrypts the data with Li Yunlong's public key. After the data reaches Li Yunlong, Li Yunlong decrypts the data with his own private key, and finally decrypts the hash value with Tian Yu's public key. By comparing the two hash values, the integrity of the data can be verified.

Since Li Yunlong and Tian Yu use different keys to decrypt, this algorithm is called an asymmetric encryption algorithm.

With asymmetric encryption, it became much more difficult for Zhang Bailu to steal and tamper with data, but she was determined to do so. After studying for a few days, she found a new way to steal secrets.

Since Li Yunlong and Tian Yu want to exchange public keys, why not just intercept the public key and replace it with your own?

When Tian Yu wanted to send a message to Li Yunlong, he encrypted the hash value of the data with his private key, and then encrypted the data with Zhang Bailu's public key. After Zhang Bailu intercepted it, he could use his private key to decrypt the data, and then he could see the content of the data!

In this way, Zhang Bailu only needs to tamper with the data, encrypt the hash value with his own private key, encrypt the data with Li Yunlong's public key and send it to Li Yunlong. Li Yunlong thought it was the data sent by Tian Yu, but in fact the data had been tampered by Zhang Bailu.

Everything is back to the starting point.

At this time, Tian Yu found the commander and asked him to be his guarantor.

[[385865]]

After the teacher learned about Tian Yu's difficulties, he said to Tian Yu: "It's okay, I will be a witness and guarantee the authenticity of the public key."

Therefore, before transmitting data, Li Yunlong and Tian Yu would hand over their public keys and some other information to the teacher. The teacher would then use his private key to encrypt the data. The encrypted data would become a digital certificate, which contained the teacher's public key.

[[385866]]

When Li Yunlong received the digital certificate encrypted by his master from Tian Yu, he used the certificate issued by his master to decrypt Tian Yu's digital certificate and finally obtained Tian Yu's public key.

The question arises again, how to ensure that the commander's certificate will not be hijacked? Zhang Bailu can simply send a fake certificate to Tian Yu.

Underestimate the commander! The commander will integrate his certificate into the browser or operating system. When Li Yunlong gets the browser or operating system, the certificate will already be there. There is no need to obtain it from the Internet, and Zhang Bailu will not be able to hijack it.

[[385867]]

That’s right, the teacher is the institution that issues digital certificates, and it will verify the legitimacy of the public key.

From then on, Zhang Bailu no longer had a way to steal and tamper with the communications between Li Yunlong and Tian Yu, and her dream of becoming a mistress was completely shattered.