Cryptographic technology -- key and ssl/tls

Key definition

The key is a huge number . The key concept in cryptography is the size of the key space . The size of the key space is determined by the length of the key . common DES The key length is 7 byte ,DES-DES2 and DES-DES3 The key lengths are 14 Byte and 21 byte ,AES The key length is 128,192 or 256 The bit .
Here's the thing , The key and plaintext have the same value . If the plaintext is worth millions , Then the key that can crack the plaintext should have the same value .

Various keys

1. Symmetric cryptographic key ： Encryption and decryption use the same key . Also known as shared key password .
2. Public key cryptographic key ： Encryption and decryption use different keys . Encrypted is called public key , The decryption is called the private key . Public and private keys are also called key pairs .
3. Message authentication code （MAC） The key of ： The sender and receiver use the shared key for authentication .MAC It can only be calculated by the person who holds the legal key . take MAC Attached to the communication message , Identify whether the communication content has been tampered with or camouflaged . shortcoming ：MAC There is a risk of tampering and camouflage in leakage .
4. Key of digital signature ： Different keys are used for signature generation and verification . The person who holds the private key generates a signature , The public key is used for authentication .
5. session key ： A key that can only be used once in communication . Such as ： visit https:// The opening page ,Web Between the server and the browser SSL/TLS Encrypted communication , The key used in this communication is limited to this communication , Belongs to session key . advantage ： Even if intercepted, it can only decipher the content of this communication , The confidentiality of other communications is not compromised .
6. Master key ： A key that has been reused .
7. The key used to encrypt the content （Contents Encrypting Key, CEK）： Content encryption key . Session keys are often used CEK.
8. The key used to encrypt the key （Key Encrypting Key, KEK）： Key encryption key . The master key often does KEK. somewhat ： Reduce the number of keys that need to be declared .

Key management

1. Key generation ： Random number generation 、 Password generation （Password Based Encryption, PBE）.
2. Distribution key ： Symmetric algorithm key faces the problem of key distribution , Because encryption and decryption use the same key . You can use a shared key in advance , Using a key distribution center , Use public key password, etc .
3. Key update ： A technology that improves the confidentiality of communications . This technology has backward security （ One way hash function is one-way , It's difficult to calculate backwards ）, It can prevent decoding the contents of past communications .
4. Key saving ： When the key needs to be reused , We need to consider the problem of key preservation . Session keys are not considered .
5. Void key .

SSL/TLS Definition

SSL/TLS It's a kind of Web Protocols widely used in servers .SSL The full name is Secure Socket Layer,TLS The full name is Transport Layer Security.

1. Client and server
   Web The browser and Web Server follows HTTP Hypertext transfer protocol to communicate , Web Browsers are also called HTTP client ,Web Servers are also called HTTP The server . We can use SSL/TLS bearing HTTP, Through the superposition of the two protocols , It can be done to HTTP Communication for （ Requests and responses ） To encrypt , To prevent eavesdropping .

2. SSL/TLS The job of
   The working process needs to ensure three points ：（1） The sending process cannot be bugged ;（2） The sending process cannot be tampered ;（3） Finally, the sender can be confirmed ;1,2,3 The points correspond to the confidentiality of the key 、 integrity 、 Certification issues .

3. SSL and TLS The difference between
   TLS yes SSL Subsequent versions , Added AES Symmetric cipher algorithm , Deleted DES, Added for CBC How to attack .