当前位置:网站首页>TLS / SSL protocol details (30) RSA, DHE, ecdhe and ecdh processes and differences in SSL
TLS / SSL protocol details (30) RSA, DHE, ecdhe and ecdh processes and differences in SSL
2022-04-23 15:05:00 【Mrpre】
my TLS Realization :https://github.com/mrpre/atls/ You can refer to , The logic in the code is clear .
my SSL See you in the column :https://blog.csdn.net/mrpre/article/category/9270159 It describes TLS All aspects of .
This paper is a review of the previous chapters on asymmetric algorithm in SSL The summary and refinement used in , But it can also be used as a detailed explanation SSL in RSA、ECDHE Asymmetric encryption algorithm .
Build a secure channel over an insecure channel , This is a SSL At the heart of , The so-called security includes identity authentication 、 Data integrity 、 Data encryption . The asymmetric algorithm is SSL Is used to negotiate a key , The purpose of the key is to enable subsequent data to be encrypted , The encryption key has and only the communication parties know .
Usually, the data transmitted on the network is generally considered to be visible . Data transmitted end-to-end , Not only through the switch 、 Router , After various DPI、IPS、WAF And other audit security equipment , It may even pass through reverse proxy devices such as load balancing , Just grab the bag at any link , Can easily obtain the data transmitted on the network . So if A and B Encrypted communication is required , That is, the content of communication needs to use only A and B Aware of “ secret key ” encryption , Then it is necessary to transmit this “ secret key ”, in other words “ secret key ” It needs to be transmitted in the channel of unsafe transmission , If a simple transmission “ secret key ”, So this “ secret key ” No more secrecy , Any third party can obtain “ secret key ”, That is, any third party can decrypt A and B The ciphertext data sent out .
Asymmetric algorithm is to solve “ secret key ” transmission (A and B share ) The problem of .
1:RSA Key exchange algorithm
Please refer to my blog for detailed principles http://blog.csdn.net/mrpre/article/details/52609087
This article does not explain the specific principles , It's about the interaction process .
RSA The core of involves the concept of public key and private key
(1): Only the private key can decrypt the data encrypted with the public key
(2): Only the public key can decrypt the data encrypted with the private key
We build such a scenario , The server is configured with a public key + Private key , The client is discrete .
RSA The text description of the algorithm flow is as follows :
(1): Any client initiates a request to the server , The server first sends back its public key to the client ( Public key plaintext transmission ).
(2): The client uses the random number algorithm , Generate a key S, Use the received public key to encryption , Generate C, hold C Send to server .
(3): Server received C, Decrypt with the private key corresponding to the public key , obtain S.
(4): After the above exchange steps , Both the client and the server get S,S As the key ( Pre master key ).
Let's take a look at the above process , Why can't third parties get S. First, after the first step , The client has a public key , The server has public and private keys . Because the public key is transmitted in plaintext , So it can be assumed that the third party also has a public key .
After the second step , The client sends C, The server can decrypt with its own private key , The third party only has the public key , Can't decrypt . That is, the third party cannot calculate S.
Above mentioned , The public key sent by the server is SSL China is through certificate Message sent ,certificate The in contains the public key .C It's through Client key exchange Message sent .
Actually , In practice SSL In actual design ,S In fact, it is not directly encrypted as a key , In order to describe the principle , Omitted S Follow up KDF Wait for the operation , It does not affect the actual understanding RSA.
RSA There is a question , If the private key leaks , That is, the private key is known by a third party , Then a third party can start from C Decrypted in S, That is, just save all A and B Message of , Wait until the day when the private key is leaked , Or there's a way to get from C Middle computation S The new method appears ( Quantum computers decompose large prime numbers ), that A and B There is no privacy .
This is called forward insecurity , Private key participated in key exchange , Security depends on whether the private key is saved securely .
A netizen asked such a question : Why don't clients also install a public and private key , Then when the client interacts with the server , Send each other's public key , Then they take each other's public key and send encrypted data to each other , Then decrypt the received data with their private keys ?
Let's not talk about performance , Let's see RSA Encryption and decryption algorithm , To encrypt m, Then you need to calculate
m^e mod n
If m > n, We remember it as m = n + k
So the original formula (n + k)^e mod n
Polynomial expansion , Except for the last term k^e , Every other item has n, so mod n after ,
k^e mod n
let me put it another way , If m Greater than n, Then the encryption result and k The result is the same , This is ambiguous , therefore RSA Itself does not allow m>n The situation of . Therefore, it is not advisable to directly encrypt data .
2:DHE Key exchange algorithm
Please refer to my blog for detailed principles http://blog.csdn.net/mrpre/article/details/52608867
This article does not explain the specific principles , It's about the interaction process .
DHE The text description of the algorithm flow is as follows :
(1): The client computes a random value Xa, Use Xa As an index , Computation Pa = q^Xa mod p, among q and p It is a pair of values recognized all over the world . The client puts Pa Send to server ,Xa As your own private key , Just know .
(2): The server and client computing processes are the same , Generate a random value Xb, Use Xb As an index , Calculation
Pb = q^Xb mod p, Will result in Pb Send to client ,Xb Save only yourself .
(3): Client received Pb Post calculation Sa = Pb ^Xa mod p; Server received Pa Post calculation Sb = Pa^Xb mod p
(4): The algorithm guarantees Sa = Sb = S, Therefore, the key exchange is successful ,S As the key ( Pre master key ).
DHE Key exchange handshake flow chart
On the way ,Sa and Sb The result is the same , It is recorded as S.
In the above key exchange process , and RSA Key exchange is quite different ,DHE Key exchange , The server private key is not involved . in other words , Even if the private key is leaked , It will not cause the session encryption key S Decrypted by a third party .
In actual use , The function of the private key is weakened to be used for identity authentication ( The picture above does not show ).
Above picture DHE Parameters and Pb It's all through server key exchange Send to client ,Pa adopt client key exchange Send to the server .server key exchange The end of the message needs to use the server private key to sign the message itself , To show that you have a private key ( In order to show that the private key does not participate in the key calculation , There is no drawing of , But it doesn't affect understanding DHE Algorithm ).
3:ECDHE Key exchange algorithm
Please refer to my blog for detailed principles
http://blog.csdn.net/mrpre/article/details/72850486
http://blog.csdn.net/mrpre/article/details/72850598
http://blog.csdn.net/mrpre/article/details/72850644
This article does not explain the specific principles , It's about the interaction process .
Just understand DHE Key exchange principle , So understand ECDHE The principle of key exchange is not difficult ( If you don't want to delve into it ).
ECDHE The operation of is to put DHE The middle module power operation is replaced by point multiplication , Faster , Reversibility is more difficult .
ECDHE The text description of the algorithm flow is as follows :
(1): The client randomly generates random values Ra, Calculation Pa(x, y) = Ra * Q(x, y),Q(x, y) It is the base point of an elliptic curve algorithm recognized all over the world . take Pa(x, y) Send to server .
(2): The server randomly generates random values Rb, Calculation Pb(x,y) - Rb * Q(x, y). take Pb(x, y) Send to client .
(3): Client computing Sa(x, y) = Ra * Pb(x, y); Server computing Sb(x, y) = Rb *Pa(x, y)
(4): The algorithm guarantees Sa = Sb = S, Extract the S Of x Vector as key ( Pre master key ).
ECDHE Key exchange handshake flow chart
SSL Agreement , In the figure above, the name of elliptic curve and Pb adopt server key exchange Message sending ;Pa adopt client key exchange Message sending .
4:ECDHE And ECDH The difference between algorithms
Literally one is missing E,E On behalf of “ temporary ”, That is, in the handshake process , As server side ,ECDH One step less calculation Pb The process of ,Pb Replace with the public key in the certificate , The private key corresponding to the certificate is Xb. thus it can be seen , Use ECDH Key exchange algorithm , The server must be ECC certificate ; The server does not send server key exchange message , Because send certificate When the message , The certificate itself contains Pb Information .
5:ECDHE And RSA The difference between
ECDHE(DHE) The algorithm belongs to DH Class key exchange algorithm , The private key does not participate in key negotiation , So even if the private key leaks , The encrypted messages between the client and the server cannot be decrypted , This is called Forward security (forward secrity). because ECDHE Recalculate a key for each session (Ra、Rb), So after a session is decrypted , Other sessions are still secure .
However ,ECDH The private key of the algorithm server is fixed , That is, the private key of the certificate is used as Rb, so ECDH Not considered forward safe , Because a private key leak is equivalent to Rb leak ,Rb leak , Cause the session key to be calculated by a third party .ECDH The exchange algorithm has been OpenSSL abandoned :https://github.com/openssl/openssl/commit/ce0c1f2bb2fd296f10a2847844205df0ed95fb8e#diff-d615181712e5a3ed0a51d3222d96e1d4
If it works , Please give me a reward N element :http://39.98.242.44
版权声明
本文为[Mrpre]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231409587521.html
边栏推荐
- 3、 Gradient descent solution θ
- Will golang share data with fragment append
- LeetCode 练习——396. 旋转函数
- January 1, 1990 is Monday. Define the function date_ to_ Week (year, month, day), which realizes the function of returning the day of the week after inputting the year, month and day, such as date_ to
- Swift - literal, literal protocol, conversion between basic data types and dictionary / array
- Resolve the conflict between computed attribute and input blur event
- Select receives both normal data and out of band data
- PSYNC synchronization of redis source code analysis
- 分享 20 个不容错过的 ES6 的技巧
- How to use OCR in 5 minutes
猜你喜欢
Leetcode153 - find the minimum value in the rotation sort array - array - binary search
Detailed explanation of C language knowledge points - data types and variables [2] - integer variables and constants [1]
Swift protocol Association object resource name management multithreading GCD delay once
How to use OCR in 5 minutes
Leetcode165 compare version number double pointer string
LeetCode149-直线上最多的点数-数学-哈希表
Provided by Chengdu control panel design_ It's detailed_ Introduction to the definition, compilation and quotation of single chip microcomputer program header file
Set onedrive or Google drive as a drawing bed in upic for free
Brute force of DVWA low -- > High
UML learning_ Day2
随机推荐
牛客网数据库SQL实战详细剖析(26-30)
Async void caused the program to crash
LeetCode 练习——396. 旋转函数
8.2 text preprocessing
Alexnet model
1 - first knowledge of go language
January 1, 1990 is Monday. Define the function date_ to_ Week (year, month, day), which realizes the function of returning the day of the week after inputting the year, month and day, such as date_ to
Realization of four data flow modes of grpc based on Multilingual Communication
Detailed explanation of C language knowledge points -- first understanding of C language [1] - vs2022 debugging skills and code practice [1]
Daily question - leetcode396 - rotation function - recursion
Leetcode153 - find the minimum value in the rotation sort array - array - binary search
Progress in the treatment of depression
How to upload large files quickly?
Detailed analysis of SQL combat of Niuke database (26-30)
8.4 realization of recurrent neural network from zero
like和regexp差别
[proteus simulation] automatic range (range < 10V) switching digital voltmeter
The difference between having and where in SQL
C language super complete learning route (collection allows you to avoid detours)
eolink 如何助力遠程辦公