Detailed explanation of SSL protocol communication process and symmetric encryption and asymmetric encryption in HTTPS

[[276508]]

Symmetric encryption

The so-called symmetric encryption means that the key e used in encoding is the same as the key d used in decoding (e=d), which we will collectively refer to as the key k.

Symmetric encryption and decryption process

1. The sender and receiver must first share the same key k (that is, both parties need to know the corresponding key before communication) before they can communicate.

2. The sender encrypts the plaintext p with the shared key key to obtain the ciphertext content, and sends the obtained ciphertext to the receiver.

3. After receiving the ciphertext content, the receiver uses the same shared key key to decrypt the ciphertext and obtain the plaintext.

Generally, encryption and decryption algorithms are public, and the key needs to be kept secret. Popular symmetric encryption algorithms include: DES, Triple-DES, RC2 and RC4, etc.

Using the post office example to explain symmetric encryption

Alice puts a message in a box with a padlock on it and she has the key. She sends the box to Bob via the post office. When Bob receives the box, he opens it with the same key (he got it before, maybe Alice gave it to him face to face). Then Bob can reply in the same way.

There are two main shortcomings of symmetric encryption:

1. The sender and the receiver first need to share the same key, that is, there is a problem of distributing the key k. How to safely share the shared key between the two parties is also a problem of how to communicate securely.

One method is for both parties to agree in advance not to negotiate through specific communications to avoid being monitored and intercepted.

Another way is to distribute and share symmetric passwords through asymmetric encryption channels, which is a hybrid encryption system.

2. The complexity of key management. Since the keys of symmetric encryption are used one-to-one, if one party wants to communicate with n parties, it needs to maintain n pairs of keys.

The benefits of symmetric encryption are:

The speed of encryption and decryption is much faster than asymmetric encryption, so asymmetric encryption is often used to establish a secure channel for sharing shared keys. After completion, symmetric encryption is used for specific encryption and decryption, which is a hybrid encryption system.

Another point that needs to be emphasized is that the length of the key k has a significant impact on the difficulty of decryption. The longer the length of k, the larger the corresponding password space, the more difficult it is to crack by brute force or dictionary, and the more secure it is.

Asymmetric encryption

The so-called asymmetric encryption technology means that the encryption key e and the decryption key d are different (e!=d), and the encryption key e is public, called the public key, while the decryption key d is confidential, called the private key.

The process of asymmetric encryption and decryption is as follows:

The encrypting party finds the recipient's public key e (how to find it? Most public key lookups are actually done through digital certificates).

Then, the public key e is used to encrypt the plaintext p to obtain the ciphertext c, and the ciphertext is sent to the receiver. After receiving the ciphertext, the receiver uses the private key d to decrypt it and obtain the plaintext p.

It should be noted that: the ciphertext encrypted with the public key can only be decrypted by the party with the private key. This can solve the problem that all parties involved in the encryption can use a unified public key.

Commonly used asymmetric encryption algorithms are: RSA

Asymmetric encryption

Bob and Alice each have their own box. Alice wants to communicate with Bob secretly, so she asks Bob to send her an open box through the post office. Alice takes the box, puts the message in it, locks it, and then sends it to Bob. Bob can then open it with his own key. He uses the same method to reply.

The advantages of asymmetric encryption are:

1. There is no problem of key distribution. The decoder can generate a key pair by himself, save one as a private key, and publish the other as a public key.

2. It solves the complexity problem of key management. Multiple encryption parties can use a known public key for encryption, but only the party with the private key can decrypt.

Where asymmetric encryption falls short is

The speed of encryption and decryption is not as fast as symmetric encryption.

In summary, after analyzing the advantages and disadvantages of symmetric encryption and asymmetric encryption, is there a way to take advantage of the advantages of both but avoid the corresponding disadvantages?

Yes, there is. In fact, the most commonly used is the hybrid encryption system, for example, establishing secure communication between two nodes through convenient public password encryption technology, and then using secure communication to generate and send a temporary random symmetric key, and encrypting the remaining data through faster symmetric encryption technology.

SSL protocol communication process

1. The browser sends a connection request to the server; the server returns its certificate (including the server public key S_PuKey), the type of symmetric encryption algorithm and other relevant information to the client;

2. The client browser checks whether the CA certificate sent by the server is issued by a CA center that it trusts. If so, it executes step 4; otherwise, it gives the client a warning message: asking whether to continue accessing.

3. The client browser compares the information in the certificate, such as the certificate validity period, server domain name and public key S_PK, with the information returned by the server. If they are consistent, the browser completes the identity authentication of the server.

4. The server requires the client to send the client certificate (including the client public key C_PuKey), supported symmetric encryption schemes and other related information. After receiving, the server performs the same identity authentication. If it fails to pass the verification, the connection is rejected;

5. The server selects a scheme with the highest encryption level according to the password type sent by the client browser, encrypts it with the client public key C_PuKey, and notifies the browser;

6. After the client decrypts the private key C_PrKey, it learns the encryption scheme selected by the server and selects a call key key, which is then encrypted with the server's public key S_PuKey and sent to the server;

7. The server receives the message sent by the browser, decrypts it with the private key S_PrKey, and obtains the call key key.

8. All subsequent data transmissions are encrypted using the symmetric key.

The above is the specific communication process of the two-way authentication SSL protocol. Both the server and the user must have certificates. It can be seen that the SSL protocol uses an asymmetric key mechanism to ensure the identity authentication of both parties and complete the establishment of a connection. In actual data communication, the symmetric key mechanism is used to ensure data security.