TLS / SSL protocol details (30) RSA, DHE, ecdhe and ecdh processes and differences in SSL

    my TLS Realization ：https://github.com/mrpre/atls/  You can refer to , The logic in the code is clear .

    my SSL See you in the column ：https://blog.csdn.net/mrpre/article/category/9270159  It describes TLS All aspects of .

    This paper is a review of the previous chapters on asymmetric algorithm in SSL The summary and refinement used in , But it can also be used as a detailed explanation SSL in RSA、ECDHE Asymmetric encryption algorithm .

    Build a secure channel over an insecure channel , This is a SSL At the heart of , The so-called security includes identity authentication 、 Data integrity 、 Data encryption . The asymmetric algorithm is SSL Is used to negotiate a key , The purpose of the key is to enable subsequent data to be encrypted , The encryption key has and only the communication parties know .

 

    Usually, the data transmitted on the network is generally considered to be visible . Data transmitted end-to-end , Not only through the switch 、 Router , After various DPI、IPS、WAF And other audit security equipment , It may even pass through reverse proxy devices such as load balancing , Just grab the bag at any link , Can easily obtain the data transmitted on the network . So if A and B Encrypted communication is required , That is, the content of communication needs to use only A and B Aware of “ secret key ” encryption , Then it is necessary to transmit this “ secret key ”, in other words “ secret key ” It needs to be transmitted in the channel of unsafe transmission , If a simple transmission “ secret key ”, So this “ secret key ” No more secrecy , Any third party can obtain “ secret key ”, That is, any third party can decrypt A and B The ciphertext data sent out .

 

    Asymmetric algorithm is to solve “ secret key ” transmission （A and B share ） The problem of .

 

 

1：RSA Key exchange algorithm

Please refer to my blog for detailed principles http://blog.csdn.net/mrpre/article/details/52609087

This article does not explain the specific principles , It's about the interaction process .

 

RSA The core of involves the concept of public key and private key

（1）： Only the private key can decrypt the data encrypted with the public key

（2）： Only the public key can decrypt the data encrypted with the private key

 

We build such a scenario , The server is configured with a public key + Private key , The client is discrete .

 

RSA The text description of the algorithm flow is as follows ：

（1）： Any client initiates a request to the server , The server first sends back its public key to the client （ Public key plaintext transmission ）.

（2）： The client uses the random number algorithm , Generate a key S, Use the received public key to encryption , Generate C, hold C Send to server .

（3）： Server received C, Decrypt with the private key corresponding to the public key , obtain S.

（4）： After the above exchange steps , Both the client and the server get S,S As the key （ Pre master key ）.

 

    Let's take a look at the above process , Why can't third parties get S. First, after the first step , The client has a public key , The server has public and private keys . Because the public key is transmitted in plaintext , So it can be assumed that the third party also has a public key .

After the second step , The client sends C, The server can decrypt with its own private key , The third party only has the public key , Can't decrypt . That is, the third party cannot calculate S.

 

 

 

 

 

Above mentioned , The public key sent by the server is SSL China is through certificate Message sent ,certificate The in contains the public key .C It's through Client key exchange Message sent .

Actually , In practice SSL In actual design ,S In fact, it is not directly encrypted as a key , In order to describe the principle , Omitted S Follow up KDF Wait for the operation , It does not affect the actual understanding RSA.

 

RSA There is a question , If the private key leaks , That is, the private key is known by a third party , Then a third party can start from C Decrypted in S, That is, just save all A and B Message of , Wait until the day when the private key is leaked , Or there's a way to get from C Middle computation S The new method appears （ Quantum computers decompose large prime numbers ）, that A and B There is no privacy .

This is called forward insecurity , Private key participated in key exchange , Security depends on whether the private key is saved securely .

A netizen asked such a question ： Why don't clients also install a public and private key , Then when the client interacts with the server , Send each other's public key , Then they take each other's public key and send encrypted data to each other , Then decrypt the received data with their private keys ？

Let's not talk about performance , Let's see RSA Encryption and decryption algorithm , To encrypt m, Then you need to calculate

m^e mod n

If m > n, We remember it as m = n + k

So the original formula (n + k)^e mod n

Polynomial expansion , Except for the last term k^e , Every other item has n, so mod n after ,

k^e mod n

let me put it another way , If m Greater than n, Then the encryption result and k The result is the same , This is ambiguous , therefore RSA Itself does not allow m>n The situation of . Therefore, it is not advisable to directly encrypt data .

 

 

2：DHE Key exchange algorithm

Please refer to my blog for detailed principles http://blog.csdn.net/mrpre/article/details/52608867

This article does not explain the specific principles , It's about the interaction process .

 

DHE The text description of the algorithm flow is as follows ：

（1）： The client computes a random value Xa, Use Xa As an index , Computation Pa = q^Xa mod p, among q and p It is a pair of values recognized all over the world . The client puts Pa Send to server ,Xa As your own private key , Just know .

（2）： The server and client computing processes are the same , Generate a random value Xb, Use Xb As an index , Calculation

   Pb = q^Xb mod p, Will result in Pb Send to client ,Xb Save only yourself .

（3）： Client received Pb Post calculation Sa = Pb ^Xa mod p; Server received Pa Post calculation Sb = Pa^Xb mod p

（4）： The algorithm guarantees Sa = Sb = S, Therefore, the key exchange is successful ,S As the key （ Pre master key ）.

 

DHE Key exchange handshake flow chart

 

 

 

 

    On the way ,Sa and Sb The result is the same , It is recorded as S.

 

    In the above key exchange process , and RSA Key exchange is quite different ,DHE Key exchange , The server private key is not involved . in other words , Even if the private key is leaked , It will not cause the session encryption key S Decrypted by a third party .

In actual use , The function of the private key is weakened to be used for identity authentication （ The picture above does not show ）.

    Above picture DHE Parameters and Pb It's all through server key exchange Send to client ,Pa adopt client key exchange Send to the server .server key exchange The end of the message needs to use the server private key to sign the message itself , To show that you have a private key （ In order to show that the private key does not participate in the key calculation , There is no drawing of , But it doesn't affect understanding DHE Algorithm ）.

 

3：ECDHE Key exchange algorithm

Please refer to my blog for detailed principles

http://blog.csdn.net/mrpre/article/details/72850486

http://blog.csdn.net/mrpre/article/details/72850598

http://blog.csdn.net/mrpre/article/details/72850644

 

This article does not explain the specific principles , It's about the interaction process .

 

    Just understand DHE Key exchange principle , So understand ECDHE The principle of key exchange is not difficult （ If you don't want to delve into it ）.

ECDHE The operation of is to put DHE The middle module power operation is replaced by point multiplication , Faster , Reversibility is more difficult .

 

ECDHE The text description of the algorithm flow is as follows ：

（1）： The client randomly generates random values Ra, Calculation Pa(x, y) = Ra * Q(x, y),Q(x, y) It is the base point of an elliptic curve algorithm recognized all over the world . take Pa(x, y) Send to server .

（2）： The server randomly generates random values Rb, Calculation Pb(x,y) - Rb * Q(x, y). take Pb(x, y) Send to client .

（3）： Client computing Sa(x, y) = Ra * Pb(x, y); Server computing Sb(x, y) = Rb *Pa(x, y)

（4）： The algorithm guarantees Sa = Sb = S, Extract the S Of x Vector as key （ Pre master key ）.

ECDHE Key exchange handshake flow chart

 

 

 

 

  SSL Agreement , In the figure above, the name of elliptic curve and Pb adopt server key exchange Message sending ;Pa adopt client key exchange Message sending .

 

 

4：ECDHE And ECDH The difference between algorithms

 

    Literally one is missing E,E On behalf of “ temporary ”, That is, in the handshake process , As server side ,ECDH One step less calculation Pb The process of ,Pb Replace with the public key in the certificate , The private key corresponding to the certificate is Xb. thus it can be seen , Use ECDH Key exchange algorithm , The server must be ECC certificate ; The server does not send server key exchange message , Because send certificate When the message , The certificate itself contains Pb Information .

 

5：ECDHE And RSA The difference between

    ECDHE（DHE） The algorithm belongs to DH Class key exchange algorithm , The private key does not participate in key negotiation , So even if the private key leaks , The encrypted messages between the client and the server cannot be decrypted , This is called Forward security （forward secrity）. because ECDHE Recalculate a key for each session （Ra、Rb）, So after a session is decrypted , Other sessions are still secure .

    However ,ECDH The private key of the algorithm server is fixed , That is, the private key of the certificate is used as Rb, so ECDH Not considered forward safe , Because a private key leak is equivalent to Rb leak ,Rb leak , Cause the session key to be calculated by a third party .ECDH The exchange algorithm has been OpenSSL abandoned :https://github.com/openssl/openssl/commit/ce0c1f2bb2fd296f10a2847844205df0ed95fb8e#diff-d615181712e5a3ed0a51d3222d96e1d4  

 

 

If it works , Please give me a reward N element ：http://39.98.242.44