## 当前位置：网站首页>TLS / SSL protocol details (30) RSA, DHE, ecdhe and ecdh processes and differences in SSL

# TLS / SSL protocol details (30) RSA, DHE, ecdhe and ecdh processes and differences in SSL

2022-04-23 15:05:00 【Mrpre】

my TLS Realization ：https://github.com/mrpre/atls/ You can refer to , The logic in the code is clear .

my SSL See you in the column ：https://blog.csdn.net/mrpre/article/category/9270159 It describes TLS All aspects of .

This paper is a review of the previous chapters on asymmetric algorithm in SSL The summary and refinement used in , But it can also be used as a detailed explanation SSL in RSA、ECDHE Asymmetric encryption algorithm .

Build a secure channel over an insecure channel , This is a SSL At the heart of , The so-called security includes identity authentication 、 Data integrity 、 Data encryption . The asymmetric algorithm is SSL Is used to negotiate a key , The purpose of the key is to enable subsequent data to be encrypted , The encryption key has and only the communication parties know .

Usually, the data transmitted on the network is generally considered to be visible . Data transmitted end-to-end , Not only through the switch 、 Router , After various DPI、IPS、WAF And other audit security equipment , It may even pass through reverse proxy devices such as load balancing , Just grab the bag at any link , Can easily obtain the data transmitted on the network . So if A and B Encrypted communication is required , That is, the content of communication needs to use only A and B Aware of “ secret key ” encryption , Then it is necessary to transmit this “ secret key ”, in other words “ secret key ” It needs to be transmitted in the channel of unsafe transmission , If a simple transmission “ secret key ”, So this “ secret key ” No more secrecy , Any third party can obtain “ secret key ”, That is, any third party can decrypt A and B The ciphertext data sent out .

Asymmetric algorithm is to solve “ secret key ” transmission （A and B share ） The problem of .

**1：RSA Key exchange algorithm **

Please refer to my blog for detailed principles __http://blog.csdn.net/mrpre/article/details/52609087__

This article does not explain the specific principles , It's about the interaction process .

RSA The core of involves the concept of public key and private key

（1）： Only the private key can decrypt the data encrypted with the public key

（2）： Only the public key can decrypt the data encrypted with the private key

We build such a scenario , The server is configured with a public key + Private key , The client is discrete .

RSA The text description of the algorithm flow is as follows ：

（1）： Any client initiates a request to the server , The server first sends back its public key to the client （ Public key plaintext transmission ）.

（2）： The client uses the random number algorithm , Generate a key S, Use the received public key to encryption , Generate C, hold C Send to server .

（3）： Server received C, Decrypt with the private key corresponding to the public key , obtain S.

（4）： After the above exchange steps , Both the client and the server get S,S As the key （ Pre master key ）.

Let's take a look at the above process , Why can't third parties get S. First, after the first step , The client has a public key , The server has public and private keys . Because the public key is transmitted in plaintext , So it can be assumed that the third party also has a public key .

After the second step , The client sends C, The server can decrypt with its own private key , The third party only has the public key , Can't decrypt . That is, the third party cannot calculate S.

Above mentioned , The public key sent by the server is SSL China is through certificate Message sent ,certificate The in contains the public key .C It's through Client key exchange Message sent .

Actually , In practice SSL In actual design ,S In fact, it is not directly encrypted as a key , In order to describe the principle , Omitted S Follow up KDF Wait for the operation , It does not affect the actual understanding RSA.

RSA There is a question , If the private key leaks , That is, the private key is known by a third party , Then a third party can start from C Decrypted in S, That is, just save all A and B Message of , Wait until the day when the private key is leaked , Or there's a way to get from C Middle computation S The new method appears （ Quantum computers decompose large prime numbers ）, that A and B There is no privacy .

This is called forward insecurity , Private key participated in key exchange , Security depends on whether the private key is saved securely .

A netizen asked such a question ： Why don't clients also install a public and private key , Then when the client interacts with the server , Send each other's public key , Then they take each other's public key and send encrypted data to each other , Then decrypt the received data with their private keys ？

Let's not talk about performance , Let's see RSA Encryption and decryption algorithm , To encrypt m, Then you need to calculate

m^e mod n

If m > n, We remember it as m = n + k

So the original formula (n + k)^e mod n

Polynomial expansion , Except for the last term k^e , Every other item has n, so mod n after ,

k^e mod n

let me put it another way , If m Greater than n, Then the encryption result and k The result is the same , This is ambiguous , therefore RSA Itself does not allow m>n The situation of . Therefore, it is not advisable to directly encrypt data .

**2：DHE Key exchange algorithm **

Please refer to my blog for detailed principles __http://blog.csdn.net/mrpre/article/details/52608867__

This article does not explain the specific principles , It's about the interaction process .

DHE The text description of the algorithm flow is as follows ：

（1）： The client computes a random value Xa, Use Xa As an index , Computation Pa = q^Xa mod p, among q and p It is a pair of values recognized all over the world . The client puts Pa Send to server ,Xa As your own private key , Just know .

（2）： The server and client computing processes are the same , Generate a random value Xb, Use Xb As an index , Calculation

Pb = q^Xb mod p, Will result in Pb Send to client ,Xb Save only yourself .

（3）： Client received Pb Post calculation Sa = Pb ^Xa mod p; Server received Pa Post calculation Sb = Pa^Xb mod p

（4）： The algorithm guarantees Sa = Sb = S, Therefore, the key exchange is successful ,S As the key （ Pre master key ）.

DHE Key exchange handshake flow chart

On the way ,Sa and Sb The result is the same , It is recorded as S.

In the above key exchange process , and RSA Key exchange is quite different ,DHE Key exchange , The server private key is not involved . in other words , Even if the private key is leaked , It will not cause the session encryption key S Decrypted by a third party .

In actual use , The function of the private key is weakened to be used for identity authentication （ The picture above does not show ）.

Above picture DHE Parameters and Pb It's all through server key exchange Send to client ,Pa adopt client key exchange Send to the server .server key exchange The end of the message needs to use the server private key to sign the message itself , To show that you have a private key （ In order to show that the private key does not participate in the key calculation , There is no drawing of , But it doesn't affect understanding DHE Algorithm ）.

**3：ECDHE Key exchange algorithm **

Please refer to my blog for detailed principles

__http://blog.csdn.net/mrpre/article/details/72850486__

__http://blog.csdn.net/mrpre/article/details/72850598__

__http://blog.csdn.net/mrpre/article/details/72850644__

This article does not explain the specific principles , It's about the interaction process .

Just understand DHE Key exchange principle , So understand ECDHE The principle of key exchange is not difficult （ If you don't want to delve into it ）.

ECDHE The operation of is to put DHE The middle module power operation is replaced by point multiplication , Faster , Reversibility is more difficult .

ECDHE The text description of the algorithm flow is as follows ：

（1）： The client randomly generates random values Ra, Calculation Pa(x, y) = Ra * Q(x, y),Q(x, y) It is the base point of an elliptic curve algorithm recognized all over the world . take Pa(x, y) Send to server .

（2）： The server randomly generates random values Rb, Calculation Pb(x,y) - Rb * Q(x, y). take Pb(x, y) Send to client .

（3）： Client computing Sa(x, y) = Ra * Pb(x, y); Server computing Sb(x, y) = Rb *Pa(x, y)

（4）： The algorithm guarantees Sa = Sb = S, Extract the S Of x Vector as key （ Pre master key ）.

ECDHE Key exchange handshake flow chart

SSL Agreement , In the figure above, the name of elliptic curve and Pb adopt server key exchange Message sending ;Pa adopt client key exchange Message sending .

**4：ECDHE And ECDH The difference between algorithms **

Literally one is missing E,E On behalf of “ temporary ”, That is, in the handshake process , As server side ,ECDH One step less calculation Pb The process of ,Pb Replace with the public key in the certificate , The private key corresponding to the certificate is Xb. thus it can be seen , Use ECDH Key exchange algorithm , The server must be ECC certificate ; The server does not send server key exchange message , Because send certificate When the message , The certificate itself contains Pb Information .

**5：ECDHE And RSA The difference between **

ECDHE（DHE） The algorithm belongs to DH Class key exchange algorithm , The private key does not participate in key negotiation , So even if the private key leaks , The encrypted messages between the client and the server cannot be decrypted , This is called Forward security （forward secrity）. because ECDHE Recalculate a key for each session （Ra、Rb）, So after a session is decrypted , Other sessions are still secure .

However ,ECDH The private key of the algorithm server is fixed , That is, the private key of the certificate is used as Rb, so ECDH Not considered forward safe , Because a private key leak is equivalent to Rb leak ,Rb leak , Cause the session key to be calculated by a third party .ECDH The exchange algorithm has been OpenSSL abandoned :https://github.com/openssl/openssl/commit/ce0c1f2bb2fd296f10a2847844205df0ed95fb8e#diff-d615181712e5a3ed0a51d3222d96e1d4

If it works , Please give me a reward N element ：http://39.98.242.44

版权声明

本文为[Mrpre]所创，转载请带上原文链接，感谢

https://yzsam.com/2022/04/202204231409587521.html

## 边栏推荐

- How to use OCR in 5 minutes
- OPPO数据湖统一存储技术实践
- Programming philosophy - automatic loading, dependency injection and control inversion
- LeetCode165-比较版本号-双指针-字符串
- Set onedrive or Google drive as a drawing bed in upic for free
- JS - implémenter la fonction de copie par clic
- How do I open the win10 startup folder?
- LeetCode 练习——396. 旋转函数
- 小红书 timestamp2 (2022/04/22)
- The win10 taskbar notification area icon is missing

## 猜你喜欢

免费在upic中设置OneDrive或Google Drive作为图床

你還不知道責任鏈模式的使用場景嗎？

Detailed comparison between asemi three-phase rectifier bridge and single-phase rectifier bridge

eolink 如何助力远程办公

Is asemi ultrafast recovery diode interchangeable with Schottky diode

LeetCode 练习——396. 旋转函数

Daily question - leetcode396 - rotation function - recursion

Explanation and example application of the principle of logistic regression in machine learning

Openfaas practice 4: template operation

win10 任务栏通知区图标不见了

## 随机推荐

大文件如何快速上传？

For 22 years, you didn't know the file contained vulnerabilities?

When splicing HQL, the new field does not appear in the construction method

nuxt项目：全局获取process.env信息

Thinkphp5 + data large screen display effect

js——实现点击复制功能

Select receives both normal data and out of band data

On the day of entry, I cried (mushroom street was laid off and fought for seven months to win the offer)

How to write the keywords in the cover and title? As we media, why is there no video playback

Go basic reflection

Epoll's et, lt working mode -- example program

多语言通信基础 06 go实现grpc的四种数据流模式实现

1 - first knowledge of go language

eolink 如何助力遠程辦公

博睿数据携手F5共同构建金融科技从代码到用户的全数据链DNA

分布式事务Seata介绍

【thymeleaf】处理空值和使用安全操作符

LeetCode149-直线上最多的点数-数学-哈希表

Detailed explanation of C language knowledge points -- first understanding of C language [1] - vs2022 debugging skills and code practice [1]

Subnet division of flannel principle