Features of various algorithms:
Hash algorithm: fast forward, irreversible, that is, it is difficult to decrypt plaintext after encryption. Usually used for data encryption and data verification.
Symmetric encryption algorithm: AES is a commonly used symmetric encryption algorithm, which is characterized by using the same key for encryption and decryption.
Asymmetric encryption algorithm RSA:RSA algorithm is an asymmetric encryption algorithm. A key pair consisting of a private key and a public key is encrypted by the private key and decrypted by the public key, or encrypted by the public key and decrypted by the private key. Among them, the public key can be made public and the private key must be kept secret.
Diffie-Hellman key agreement algorithm: Diffie-Hellman is a key agreement algorithm (DH algorithm for short), and DH algorithm is based on a mathematical principle, which can negotiate a key without revealing the key.
In the process of sending data from the client to the server, if it is important data (such as password, sensitive data, etc. ), generally need to be encrypted at the client before sending, and decrypted by the server after receiving it to get the original data. (The same is true when the server returns data to the client. )
It is assumed that the client and the server use AES (Symmetric Encryption Algorithm) to encrypt and decrypt the transmitted data. One characteristic of AES encryption algorithm is that both encryption and decryption use the same key (called secretKey here), so both parties use secretKey to encrypt and decrypt data.
Therefore, when the client transmits data to the server for the first time, it needs to obtain the secretKey from the server and save it in the client, and this process of obtaining the plaintext secretKey directly from the server is easily intercepted by a third party, which means that this process is unsafe. (Haha, unless the server secretly gives the secretKey to the client on paper)
Therefore, the process of obtaining the secretKey from the server by the client also needs encryption.
So, what does the server need to do to safely deliver the secretKey to the client?
At present, RSA or Diffie-Hellman are commonly used methods.
RSA has a public key and a private key, the public key is allowed to be made public, and the private key is kept. The key point of RSA is that data encrypted with public key needs to be decrypted with private key, and data encrypted with private key needs to be decrypted with public key. So, for example, at this time, the client sends the public key to the server, and the server encrypts the secretKey with the public key of the client, so only the private key of the client can unlock the encrypted secretKey data. Even if the third party gets these data, it can't be decrypted unless it can get the private key of the client.
Therefore, through RSA, the server can safely deliver the secretKey to the client. (However, RSA also has security vulnerabilities, which are called man-in-the-middle attacks. Because of space reasons, I won't say it here! Everyone is Baidu. )
Although RSA can transmit secretKey safely, the trouble is that it needs to generate a pair of public key and private key and send the public key to the other party, and the encryption and decryption speed is slow. Therefore, the second type: Diffie-Hellman key agreement algorithm is introduced.
Strictly speaking, DH algorithm is not actually an encryption algorithm, because it is not used for encryption itself. My understanding is that it is used for negotiation calculation between the two parties, that is, the two parties calculate according to a certain contract, so as to calculate the same result.
The principle is as follows:
Step 1: Initialize
For example, the server now provides two random public key numbers (allowed by public): pubN= 10 and modN = 3;;
The number of random private keys generated by the client (not public, unknown to the server): cPrivN = 2;;
The server also generates a random number of private keys (unknown to the client): sPrivN = 4;;
Step 2: The client and the server respectively calculate based on the same mathematical formula, and the calculation result is called public key result: pubResult.
The client performs mathematical calculation: CPU b result = pubn * cprivn% modn =10 * 2% 3 = 2; (The calculation results are allowed to be made public)
The server performs mathematical calculation: spubresult = pubn * spritvn% modn =10 * 4% 3 =1; (The calculation results are allowed to be made public)
The client and the server exchange public key results, and the client gets sPubResult= 1, and the server gets cPubResult=2.
Step 3: Agree on the key number: keyN (the results obtained by the client and the server are the same).
Client: ckeyn = spubresult * cprivn% modn =1* 2% 3 = 2;
server:skeyn = CPU b result * spritvn % modn = 2 * 4% 3 = 2;
So far, both parties have negotiated the key, and they are consistent. However, have you ever seen a key of type #? Probably not, so the fourth step is needed to generate a longer key.
Step 4: Hash the key number to generate a key string.