Brief introduction to SSL encryption process

1、 What is? SSL Encryption technology

SSL Our English full name is “Secure Sockets Layer” , In Chinese, “ Secure socket layer protocol layer ” , It's Netscape （ Netscape ） The company's proposal is based on WEB Application Security Protocol . SSL The protocol specifies an in application protocol （ Such as HTTP 、 Telenet 、 NMTP and FTP etc. ） and TCP/IP The protocol provides a mechanism for data security layering , It's for TCP/IP The connection provides data encryption 、 Server authentication 、 Message integrity and optional client authentication .

V**SSL 200 The device gateway is suitable for small and medium-sized enterprises , Meet its enterprise mobile users 、 branch 、 supplier 、 Enterprise resources such as partners （ Based on Web Application 、 Enterprise mail system 、 File server 、 C/S Application system, etc ） Secure access service . Enterprises use their own network platform , Create a secure enterprise private network . SSL V** Client applications are based on standards Web The encryption suite built in the browser and the server protocol provide the corresponding encryption method , That is, authorized users can access the server through the browser as long as they can surf the Internet SSL Safety tunnel .

2、SSL The encryption process

SSL The process of conversation SSL The conversation is mainly divided into three steps ： 1. The client requests and verifies the certificate from the server ; 2. Both parties negotiate to generate “ session key ”; Pairing key 3. Both parties adopt “ session key ” Encrypted communication ;

3、 Encryption algorithm and protocol

3.1 Symmetric encryption Encryption and decryption use the same key Common encryption algorithms ： DES、3DES、AES、Blowfish、Twofish、IDEA、RC6、CAST5 characteristic ： 1、 encryption 、 Decryption uses the same key ; 2、 Divide the original data into fixed size blocks , Encrypt one by one ; defects ： 1、 Too many keys ; 2、 Difficulty in key distribution ;

3.2 Public key encryption The key is divided into public key and private key Public key ： Extract from the private key to produce ; Open to all ; Private key ： Create... With tools , The user keeps it , It has to be private ;

characteristic ： Data encrypted with the public key , Decryption can only be performed using the private key of the matching child ; vice versa ; purpose ： digital signature ： The main purpose is to let the receiver confirm the identity of the sender ; key exchange ： The sender encrypts a symmetric key with the other party's public key , And send it to each other ; Data encryption ：

3.3 One way encryption Fingerprint extraction of data （ Signature ）; Encryption only , Cannot decrypt ; Common algorithms ：md5、sha1

characteristic ： Fixed length output 、 Avalanche effect ; function ： integrity ;

3.4 key exchange IKE（Internet Key Exchange Internet key exchange ） 1. Public key encryption 2.DH（Deffie-Hellman Baron of hell ）

4.PKI PKI yes Public Key Infrastructure An acronym for , Public key infrastructure ;PKI It is a standard technology and specification that uses public key encryption technology to provide a set of security basic platform for the development of e-commerce .