Current location - Quotes Website - Signature design - TLS process (DH asymmetric encryption)
TLS process (DH asymmetric encryption)
The purpose of TLS is to solve the data.

1. logging protocol (symmetric encryption and decryption)

Shake hands, shake hands and wave.

Verify the identities of both parties to the communication.

Exchange encryption and decryption security suite

Negotiate encryption and decryption parameters

When a TLS session is established, a symmetric encryption key will be used for communication. So how to transfer the symmetric encryption key to the other party of the TLS session in advance? Use asymmetric encryption. Symmetric encryption is several thousand times slower than symmetric encryption, so only symmetric encryption keys used for encryption after symmetric encryption transmission are used. Then solve the encryption security through symmetric encryption.

Asymmetric encryption has public key and private key. The public key can be made public, but the private key cannot.

The encryption and decryption process can be realized by encrypting the ciphertext with a public key and decrypting the ciphertext with a private key.

When using private key encryption, public key decryption is a signature verification process.

Common asymmetric encryption methods are divided into two categories.

RSA has no forward security, that is, every symmetric encryption key transmission needs to be based on public key encryption and server private key decryption. If the server's private key is lost, the communication data of several years ago may be decrypted. So this is extremely unsafe, and the location of the private key is too heavy. If every encryption and decryption is a temporary password to solve the security, it will not be so strongly dependent on the security of the private key. In the Prism Gate incident of 20 13, a CA organization submitted its private key to it under the pressure of the US government, which is very dangerous. If it is unsafe to move on, all the previous private keys of this CA will be affected. So what we are talking about here is more secure DH class asymmetric encryption.

The following figure shows the TLS handshake process of DH key exchange.

DH key exchange protocol, Diffile-Hellman key exchange, abbreviated as DH or DHE. It allows both parties to create keys through insecure channels without any prior information from the other party.

1. The client browser Randomly generates a value ra, and calculates Pa (x, y) = Ra * q (x, y), which is the basic point of an elliptic curve algorithm recognized all over the world. Send Pa(x, y) to the server.

2. The server randomly generates a value Rb and calculates Pb(x, y) = Rb * Q(x, y). Send Pb(x, y) to the client browser.

3. the client calculates Sa(x, y) = Ra * Pb(x, y), and the server calculates Sb(x, y)=Rb*Pa(x, y).

4. The algorithm ensures that Sa=Sb=S, and extracts the X vector of S as the key.

In order to solve the above DH problem, ECC elliptic curve is introduced and then evolved into ECDHE algorithm, which is called elliptic curve differential -hellman key exchange. When both ECC and RSA are 288 bytes long, it takes the energy of boiling a spoonful of water to crack RSA, while it takes the energy of boiling the whole earth's water to crack the same number of ECC. In order to improve security, RSA can only rely on increasing the number of key bits. The embarrassing thing is that supercomputers are getting worse and worse now. In quantum computing, Sauer algorithm can easily crack 2048-bit RSA in 8 hours. RSA can only increase the number of key bits, but if it increases the number of bits, the mobile device will be miserable. The operator will charge you a traffic fee for the added key, and encryption and decryption will consume too much electricity.

The mathematical principles of ECC are elliptic curve and discrete logarithm. Elliptic curves are complicated. In order to improve performance, we need to choose an elliptic curve, but it is not a real ellipse. As shown in the figure below, the ellipse algorithm is used in the operation.

However, ECC also has many problems. 1 and ECC may have backdoors, such as NSA (a set of algorithms issued by the National Security Agency), and this algorithm is suspected of being implanted in the back door. 2. Moreover, many ECC algorithms are patented and will be sued if they are not careful. Most of its patents are registered by BlackBerry.

Definition of elliptic curve

The principle of ECC algorithm is too complicated, which means I can't understand it either. Let's call it a day.

The result of data packet capture here is the key exchange with EC DH E algorithm. The curve selected here is secp256r 1. In this curve, the basic points and parameters have been given, and PubKey has also been given.

X255 19 curve (Montgomery curve) is often used for TLS 1.3.

Related articles
  • Why didn't Yao Ming sign autographs for the little fans?
  • What information is needed for a power of attorney and where can I apply for it?
  • Where can I buy MLB hats worn by many stars?
  • My daughter was born yesterday afternoon. On August 17th, 26, her father's surname is Li and her mother's surname is Wang. Please give her a name. Thank you! !
  • Why not introduce a signature about vampires?
  • Why should housing enterprises evade government price limits?
  • Android code obfuscation and how to determine whether an apk code has been obfuscated
  • Why was Zhao Jiwei insulted after the game?
  • What are the violent acts of C Ronaldo?
  • Fire prevention inspection should fill in the inspection record of the inspector and what

    • copyright 2024 Quotes Website All rights reserved