- A cryptographic knowledge
- 1.1 One-way encryption
- 1.2 Symmetric encryption
- 1.3 Asymmetric encryption
- 2. Summary of encryption knowledge
- Start with a need
I believe that many people are not clear about the process of HTTPS, but they just know that HTTPS is securely encrypted, and the principle behind it is not clear
The author used to be unclear about the process of HTTPS, and the most infuriating thing is that every interview, the interviewer is likely to ask you this question
Every time the answer is not correct or the interviewer is not satisfied, in other words, or they do not really understand
In fact, the principle process of HTTPS is not so complicated, but some articles are not clear, such articles read more, and they are confused.
Before we understand the process of how HTTPS works, let's take a look at encryption
A cryptographic knowledge
Encryption can be divided into the following three ways according to the encryption method
1.1 One-way encryption
Also called irreversible encryption, the encryption of the plaintext produces a ciphertext, and the corresponding plaintext can no longer be solved through the ciphertext
Generally used to generate message digests, key encryption, etc., common one-way encryption is:
- MD5: I believe everyone is familiar with this, a plaintext, after md5, corresponds to a unique ciphertext
- SHA : which is divided into sha192 and sha256
Peculiarity:
- irreversible
- If the input is the same, the output must be the same
1.2 Symmetric encryption
Symmetric encryption, with a key, encrypts the plaintext, and in the same way, the ciphertext can also be decrypted with the same key
That is, encryption and decryption can be encrypted with the same key
This encryption method is called symmetric encryption
Commonly used symmetric encryption methods are:
- SOME
- 3DES
- AES
Peculiarity:
- The encrypter and decryptor use the same key
- The speed of encryption and decryption is relatively fast
1.3 Asymmetric encryption
We know that symmetric encryption uses the same key, as opposed to asymmetric encryption, which uses a public and private key for encryption and decryption
You can use private key encryption, the public key can be decrypted, and similarly, you can use public key encryption and the private key can be decrypted
Common asymmetric encryption methods are:
- RSA
- DSA
The most common thing we usually use is RSA
Peculiarity:
- Two keys are used for encryption and decryption, the public key and the private key
- The public key encrypts the private key decrypts, and the private key encrypts the public key can decrypt
- Encryption or decryption, very slow
- Private and public keys come in pairs
2. Summary of encryption knowledge
** One-way encryption: ** irreversible, as long as the input content is the same, the output ciphertext must be the same, and if there is any modification, the resulting ciphertext is different
Symmetric encryption: Encryption and decryption use the same key, and encryption and decryption are particularly fast
Asymmetric encryption: Encryption and decryption using public and private keys, public key encryption private key solution, private key encryption public key solution. The process of encryption and decryption is very slow
The so-called public key is something that can be disclosed to others
The so-called private key is not allowed to be disclosed to others and is privately retained by oneself.
Note: The above content is purely cryptographic knowledge and has nothing to do with HTTPS. Let's start with the process of HTTPS. Let's start with a requirement
After solving this requirement, you understand the process of https.
Start with a need
Suppose there is such a demand: Xiaoming and Xiaohua need to communicate, and boys and girls write love letters, and they definitely don't want others to see it, so they need secure communication.
Question 1: How does Bob safely pass content to Xiaohua?
Through the above learning of encryption knowledge, we can easily think that the content of the communication is encrypted
The answer is yes, just encrypt the content of the communication.
Question 2: Which encryption method is used?
One-way encryption definitely can't work, Xiaohua receives the letter, can't solve it, this love can't be discussed
Symmetric encryption can be used, and as long as the flower has the key, it can solve the content
Asymmetric encryption can also be used, Bob encrypts with his own private key, and Xiaohua gets Bob's public key and can also solve the content
Question 3: Symmetric encryption and asymmetric encryption can be used, which one is used?
Through the learning of encryption knowledge above, we know
Symmetric encryption is fast, and asymmetric encryption is slow
Then for Xiaoming and Xiaohua, they often talk for hours, and the data is very much
If asymmetric encryption is used, it is estimated to be depressing, because encryption is also slow, decryption is also slow, these two people will definitely not use asymmetric encryption, if I, I don't use, in a hurry to die personally.
Then the answer is to use symmetric encryption, because the encryption is fast, Xiaoming Xiaohua, both hold the same key, and both parties can decrypt each other's letters.
Summary: Bob and Xiaohua communicate using symmetric encryption, if the key is S, both parties use the same key S for encryption and decryption
In this way, Bob and Xiaohua can communicate happily, and the content is encrypted, and the speed of encryption and decryption is also fast, which is very beautiful.
But there is a hidden danger in this, that is, the key S, in the process of transmission, was accidentally intercepted by Lao Wang
The consequence is: Xiaoming, Xiaohua and Lao Wang all have the same key S
Then, there is no secret between Xiaoming and Xiaohua, the letter they sent, Lao Wang can unravel and see, read it and then encrypt it, and then send it to Xiaohua, which is still worth it.
So how to solve the situation that the key S is intercepted by others during transmission?
Some people say that the key S can be encrypted and then transmitted by symmetric encryption, so the key S1 at this time is also at risk of being intercepted
Then encrypt S1 again, transmit ... , and so on. Definitely not.
The above method is definitely not working, and now the question becomes: how does Bob securely pass the key S to Xiaohua, is this the same as the previous question, how does Bob securely pass the content to Xiaohua? similar
Therefore, how to communicate securely, Bob and Xiaohua need to use symmetric encryption to encrypt the content of the letter
Then we have to solve a problem first: how does Bob securely transmit the key S to Xiaohua?
Question 4: How does Bob securely transmit the key S to Xiaohua?
If the transmission process of key S is not secure, then the subsequent communication is insecure, on the contrary, how can the key S be safely transmitted to Xiaohua, then the subsequent communication is secure.
If this is such a job that the leader gave us, how should we solve it by using the above encryption knowledge we have learned?
Through the learning of the above encryption knowledge, is there such a secure encryption transmission method as the following
- Bob uses asymmetric encryption to communicate, first Bob generates his own pair of private and public keys, which are called privateKey and publicKey for convenience
- Bob gave the publickey to Xiaohua
- Method 1 Bob uses his own privateKey to encrypt the key S, and the encrypted ciphertext S0 is transmitted to the flower, and the flower decrypts the key S with the publicKey
- Method 2 Xiaohua encrypts the key S with the publicKey, and the encrypted ciphertext S0 is transmitted to Bob, and Bob decrypts the key S with S0 with the privatekey
Above, method one is not feasible, because Bob's publicKey is public and anyone can download it, that is, Lao Wang also has Bob's publicKey, and S0 can also be decrypted out of Key S
Method two is feasible, because the privateKey is only owned by Bob, and Xiaohua is encrypted with Bob's public key, which only Bob can unravel and no one else can unlock
So the above solution is:
Use asymmetric encryption to encrypt key S for transmission
Some people say, no, asymmetric encryption performance is not good, encryption and decryption is particularly slow, or at the beginning, Xiaoming and Xiaohua directly use asymmetric encryption for communication, or it will not work
That's right, but we're just using asymmetric encryption to encrypt the key S, which is a small amount of data and the key S is securely transmitted to the other party
The subsequent communication directly uses symmetric encryption, so that the efficiency is high, and non-symmetric encryption is only used in the stage of starting to negotiate how to securely transmit the key S, and after this stage is completed, it is no longer needed.
As can be seen from the above, asymmetric encryption has such characteristics
As long as I get the public key and who I communicate with, it is safe
For example, you have a pair of private keys and public keys, I just need to get your public key, and then use your public key to encrypt the transmission content, only you can unlock it, because the private key is only yours
As follows:
In turn, Bob encrypts with his own private key, and others use Bob's public key to decrypt, what is the function of this process?
The answer is: identity verification.
As long as Bob encrypts with his own private key, and others can unlock it with Bob's public key, it proves that the letter must and must have been written by Bob
For example, you need to send a notice, but make sure that this notice must be sent by you, for fear that others will change it in the middle (such as ancient false propagation of holy orders, that is, not doing a good job of identity verification)
You can use your private key to encrypt the notification, and if others want to see it, they can decrypt it by downloading your public key and decrypting it, indicating that the notification must have been sent by you.
Because someone else alters it in the middle, but doesn't re-encrypt your private key, it won't work.
Summary: Through the above description, we have solved several problems and gone through the following processes.
- In order to secure communication, Xiaoming and Xiaohua use encryption methods to encrypt and transmit content
- In contrast, symmetric encryption can only be selected to encrypt and transmit content
- But symmetric encryption key S, the transmission process is not secure, easy to be stolen by Lao Wang, what to do
- Bob thought of an asymmetric encryption method, so he generated a pair of private key public keys and gave the public key to Xiaohua
- Xiaohua encrypts the key S with the public key and passes it to Xiaoming
- Because it is encrypted with Bob's public key, and because the private key is only owned by Bob, only Bob can decrypt it. In this process, even if Lao Wang intercepted the ciphertext, he could not decrypt it
- In this way, Bob decrypted the key S with his private key
- At this time, Xiaoming and Xiaohua use symmetric encryption, key S, to communicate happily, such as discussing how much to give the bride price, where to hold the banquet, and where to spend the honeymoon
- In this way, the communication process is secure.
The above process is perfect, but the road is one foot high, the demon is one foot high, and the old king's brain is particularly good, and he came up with a trick
Since you two use asymmetric encryption, I can't decrypt the ciphertext when I intercept it, so let's do it differently.
If Xiaohua is in the process of obtaining Xiaoming's public key, something goes wrong, for example, Xiaohua did not obtain Xiaoming's public key, and Lao Wang's public key (at this time, Xiaohua still thought that the public key in his hand was Xiaoming's)
What happens? Let's take a look at the diagram (also known as a man-in-the-middle attack)
According to the above figure, Lao Wang, also called the middleman, the above picture is the man-in-the-middle attack, and the process is as follows:
- In the process of obtaining Xiaoming's public key, Xiaohua was given his own public key by Lao Wang and sent to Xiaohua
- Xiaohua mistakenly thought that the public key in her hand was Xiaoming's (in fact, it was Lao Wang's public key), so she used Lao Wang's public key to encrypt the key S to get the ciphertext S0
- During the process of ciphertext S0 being sent to Xiaoming, it was intercepted by Lao Wang, who decrypted it with his private key and obtained the key S
- After Lao Wang got the key S, he backed up a copy of it himself, and then encrypted this key S with Xiaoming's public key, obtained the ciphertext S1, and sent it to Xiaoming
- After Bob gets ciphertext S1, he decrypts it with his private key and obtains the key S
- In the future, Xiaoming and Xiaohua will use symmetric encryption, key S to communicate
- They still thought it was safe, but in fact, the content of the communication had already been read by Lao Wang first. Still not safe
Ahhhhh
For the security of key transmission, we produce a private key public key pair, give the public key to the flower, and the flower encrypts the key with the public key and then transmits
In this way, only Bob can decrypt it, and I never thought that the transmission of the public key was not secure.
It's hard to talk about a hobby, Lao Wang, what are you doing...
Something went wrong, it had to be solved, now it's the process of transmitting the public key, and it's not safe again
This and the above question, how to securely transmit the content of the letter to the other party? And how to securely transmit the key to the other party? '' is similar
Now the question is: how to transmit public key security to the other party?
It feels like you're in an endless loop, whether it's securely transmitting the contents of the letter, securely transmitting the key, or securely transmitting the public key
The essence is similar, but the things transmitted are different, and the methods used are different
Question 5: How does Bob securely transmit his public key to Xiaohua?
After the problems we solved above, you can know
- How to securely transmit the content of the communication to the other party? Solution: We communicate with symmetric encryption
- How to securely transmit the key S to the other party? Solution: Using asymmetric encryption, Bob uses his public key to Xiaohua Xiaohua and transmits the key S encryption to Bob, and Bob decrypts this process with his own private key that only Bob can decrypt, so it is safe
Now the new question is: how can the public key be securely transmitted to the other party?
Is symmetric or asymmetric encryption used again? None of them are right. This is no longer working.
Imagine that in life, we have a contradiction, there is a problem, and who we believe in the most, it must be the government
Now my download of the public key from Bob is no longer reliable and insecure
Who should I believe? Who got the public key from is Bob's real public key?
So, we also have an institution, and we all believe in this institution, anyway, I just believe in this institution 100 percent unconditionally, this is the rule.
We gave this institution a name, called the CA agency
Well, now we throw the problem to the CA institution, whether it is Xiaohua, Xiaoli, Xiaomei, as long as you get Xiaoming's public key, you will get it from CA
Where did the CA agency get Bob's public key? It must be given by Bob, for Bob, anyway, I have given my public key to your CA, and your CA institution must ensure safe transmission to others
This CA is also unlucky enough, the work you can't get is all thrown to me, and it's not me and Xiaohua falling in love...
Complain is complain, how does CA solve it?
The answer is digital certificate , how to come out with a name again, what the hell is the digital certificate, is it already dizzy, don't worry, faint at this time, and then go back and look at what was written earlier
Look at it a few more times, don't forget, the author also watched N many times, asked himself the problem, and tried to solve it himself, only to understand the process.
Let's start with a conclusion: digital certificates solve the problem of public key transmission
Important events are repeated three times: digital certificates are to solve the problem of public key transmission, digital certificates are to solve the problem of public key transmission, and digital certificates are to solve the problem of public key transmission
Before talking about digital certificates, let's solve such a problem
Question 6: During the transmission of letters, how to ensure that the content is not tampered with, that is, the integrity of the information?
Combined with the encryption knowledge learned earlier, we can use a one-way encryption algorithm, and we take the MD5 encryption algorithm as an example
- After Xiaoming wrote the letter to Xiaohua, he used md5 to encrypt the content of the letter once to get a unique string, and we named this string as a summary
- At the bottom of the letter, Bob wrote the one-way encryption algorithm md5, and the summary calculated by md5 on the content of the letter, and sent it to Xiaohua
- After receiving the letter, Xiaohua saw that the md5 algorithm was at the bottom of the letter, so she used md5 to encrypt the content of the letter to get a new summary
- The flower compares the new abstract with the additional abstract at the bottom of the letter, and if it is equal, it means that the letter has not been changed
- If not, it means that the content of the letter has been changed by someone else.
This process is represented in the following figure.
But even the above process is also problematic, if Lao Wang appears again
- First of all, Lao Wang got the letter and changed it
- Lao Wang used the md5 algorithm to re-give the content of the letter to md5 to get a new encrypted string
- Old Five put the new encrypted string at the bottom of the letter and sent it to Xiaohua
- At this time, after Xiaohua received the letter, there was no way to judge whether the letter had been tampered with.
As shown in the following figure:
Therefore, simply using a one-way encryption algorithm to generate a digest cannot guarantee the integrity of the content
So how can we ensure the integrity of the letter and not be tampered with?
The answer is, signature
Another noun came out, signature, there are too many nouns in this article.
Through the previous learning, we know that asymmetric encryption has 2 functions, one of which is identity authentication
Or the above example me, let's change it:
- Bob uses md5 to calculate the content of the letter and get a string, which we call the summary
- Bob encrypts the digest with his private key and gets another string, which we call signature
- Send the md5, abstract, signature piece to the flower
- Xiaohua decrypts the signature with Bob's public key, and obtains a summary of the letter, if d1
- Xiaohua uses md5 to calculate the content of the letter to obtain the summary of the letter, if d2
- Compare whether d1 and d2 are equal, and equality means that the content of the letter has not been tampered with
- D1 and D2 are not equal, indicating that the content of the letter has been tampered with.
At this point, the process is safe
If Lao Wang intercepts the letter again, Lao Wang can modify the content of the letter and use MD5 to calculate a new summary again
But the signature, Lao Wang cannot be modified. Because the signature is encrypted with Bob's private key, even if Lao Wang can decrypt it
Lao Wang has no way to generate a new signature, because Xiaoming's private key is only owned by Xiaoming.
Moreover, after Xiaohua received the letter, she used Xiaoming's public key to decrypt the signature, and if Lao Wang encrypted the digest with his private key to generate a new signature
Xiaohua cannot decrypt it with Xiaoming's public key.
At this point, let's define the concept of a moment
Abstract: MD5 (or other one-way encryption algorithm), the string that encrypts the content, is called the digest
Signature: Bob encrypts the digest with the private key, and encrypts the signature string, which is called a signature
Signature verification: Xiaohua uses Xiaoming's public key to decrypt the signature, and the decrypted summary is compared with the original, which is called signature verification
Question 7: How did digital certificates come about?
Digital certificates are issued by a CA authority, first of all, if Bob wants to have a digital certificate, he needs to apply to the CA authority
The CA authority will issue Bob a digital certificate, which contains:
- Public key: Bob's public key
- Issuer: CA (Certificate Authority)
- Validity period: The validity period of the certificate
- Digest algorithm: Specifies the digest algorithm that is used to calculate the digest of the certificate
- Thumbprint: That is, the summary of the certificate to ensure the integrity of the certificate
- Signature algorithm: Used to generate signatures to ensure that the certificate is signed by a CA
- Serial number: A unique identifier for the certificate
Knowing what is contained in the certificate, let's understand how the certificate is generated?
- Write Bob's public key, issuer, validity period, digest algorithm, hash algorithm to the certificate
- Based on the hash algorithm specified in the certificate, the CA calculates a digest of the entire certificate, or digest
- According to the signature algorithm and the digest calculated in the previous step, the CA encrypts the digest with its own private key to generate the signature of the CA, that is, signature
- Finally, the summary, signature and basic information of the certificate were published together to get Bob's certificate
Question 8: The role of digital certificates
From the above, we know that digital certificates are to solve the problem of public key transmission, and we also know that digital certificates are a file
Since digital certificates are used to solve the secure transmission of public keys, how to solve the transmission problem
Now that Bob has his own certificate, we will not publicly transmit the public key, we only need to transmit the certificate
So, Bob and Xiaohua now need secure communication, so what is the process? as follows
- Bob sent his digital certificate to Xiaohua
- Worried that the certificate will be dropped by Lao Wang, Xiaohua needs to verify the certificate, what to verify?
- In fact, to verify whether this number is issued by a CA authority, not a certificate issued by a CA authority, we consider the transmission to be insecure.
- To verify that the digital certificate is issued by a CA, you need to have the public key of the CA... (Why do you need the public key of the CA, because the signature on the certificate is encrypted by the private key of the CA, and only the public key of the CA can be decrypted) Ah, ah, I can't stand it, how do I need the public key for half a day, we talked about the digital certificate for half a day, that is, to transmit the public key, so it will be better to change to the following description to verify whether the digital certificate is frequently issued by the CA, and the CA's digital certificate is required (because it has the CA's public key)
- So where do we go to find the CA's digital certificate? From the above description, we know that if we need a digital certificate, we apply to the CA, and the CA issues it to us.
- So where do CA authorities get their own digital certificates? The answer is also issued by ourselves, so where do we get it?
- If you download from the Internet or from other servers, you may drop the package and it is not safe.
- This is really a sad story, but today Brother Bunny has to finish this story.
- Downloading digital certificates from the Internet or from other servers is not secure, so how is it safe?
- The answer is: when your computer installs the operating system, there are already a lot of CA digital certificates built into the operating system
- That is to say, as long as you install the operating system, whether it is Windows, Linux, or Mac, or the computer you just bought, there is already a digital certificate of the CA agency in it
- This is trustworthy, is a real CA authority digital certificate, there will be no fake. (Unless you are installing a pirated operating system, so we try to use a genuine operating system)
The above process is really complicated, Brother Rabbit also took a long time to figure it out, knowing that this interview will pit many people, in fact, the https process does not know, it doesn't matter
It doesn't affect your code, but those interviewers love to ask this piece, as if it's great that they can understand the process, and it's not nice if you ask about design patterns.
- Our computers are born with a CA's digital certificate, and it's true. Born. Heaven decides, heaven is the largest, then we can distinguish the authenticity of digital certificates.
Problem 9: Validation of digital certificates
From the above you can know:
Xiaohua received Xiaoming's digital certificate, and the first thing to verify was to verify whether the digital certificate was issued by a CA
Because our operating system has built-in digital certificates from all CA authorities, we can validate digital certificates
Before talking about the process, let's briefly review the previous summary, how the summary and signature came about
Digest = md5 (certificate content): A one-way encryption algorithm, such as md5, encrypts the entire content of the certificate to get a digest, also known as the thumbprint of the certificate
Signature = privateKey : The private key encrypts the previous digest to produce a signature
The verification process for a digital certificate is as follows:
- Xiaohua uses the digital certificate of the built-in CA to obtain the public key of the CA
- The digital certificate sent by Bob, let's say it is called C, Xiaohua decrypts the signature in the C certificate with the public key of the CA to get the digest D
- According to the digest algorithm in the C certificate, if it is md5, the flower uses md5 to calculate the entire content of the certificate to get the abstract D1
- The florets compare whether abstract D and abstract D1 are equal
- If D == D1 , then the certificate was issued by a CA
- If D != D1 , then this certificate is not issued by a CA, is risky, and is not secure
If the certificate is validated, it means that the certificate is indeed issued by a CA, and Xiaohua can get Xiaoming's public key from the digital certificate
Because when Bob applies for a digital certificate, the owner of the digital certificate is Bob, and the CA will verify Bob's identity, so Bob's public key in the digital certificate is real
So far, we have finally accomplished one thing: Bob correctly transmitted his public key security to Xiaohua
With this thing established, our work will be much easier to do. Next, let's take a look at the specific transfer process
Question 10: The complete transfer process
Let's take a look at Xiaoming's communication to Xiaohua again, which is different from the previous one, let's take a look:
- Bob attached the completed letter to the bottom of the letter with the summary algorithm, if it is MD5, and the summary calculated by MD5
- Bob uses his private key to encrypt the digest of the previous step and get a signature
- Bob attaches the digest algorithm, abstract, and signature to the bottom of the letter, and then sends his digital certificate to Xiaohua together
- After receiving the letter, Xiaohua first uses her own CA digital certificate, obtains the CA public key, and then verifies the digital certificate with the CA public key (that is, the process we talked about above)
- After the digital certificate is validated, it means that the certificate was issued by the CA and has not been tampered with
- Xiaohua got Xiaoming's public key from the certificate
- With Bob's public key, the next process is to verify the content of the letter
The verification process for the content of the letter is as follows (we actually talked about it earlier):
- Xiaohua uses Xiaoming's public key to decrypt the signature of the letter and obtain the summary D1 of the letter
- Xiaohua uses the summarization algorithm to calculate the letter and obtain the abstract D2 of the letter
- Florets versus whether D1 is equal to D2
- If it is not equal, it means that the letter has been tampered with and is not safe
- If equal, the content of the letter has not been tampered with
- In equal cases, Xiaohua got the contents of the letter
Summary:
All of the above content is the process of digital certificates, encryption and decryption, signature, and signature verification, and there is no formal process of HTTPS.
With the above knowledge, it is much easier for us to talk about https. Let's look at a picture
Let's take the www.helloworld.net website as an example to explain the process of HTTPS
This process is divided into 3 phases, which we describe below
The process stages of accessing www.helloworld.net are as follows
- The website requests the certificate stage
- The website requests a digital certificate from a CA (requires the submission of some materials, such as a domain name)
- The CA writes important information such as the digest algorithm, domain name, and public key of the website to the certificate
- The CA calculates the digest of the certificate based on the digest algorithm written in the certificate
- The CA encrypts the digest with its own private key to calculate the signature
- The CA generates a digital certificate that is issued to the www.helloworld.net
- The administrator of the website, put the certificate on his own server
- The browser validates the certificate phase
- The browser enters https://www.helloworld.net in the address bar and enters
- The server sends the digital certificate to the browser
- The browser uses the digital certificate of the CA built into the operating system to obtain the public key of the CA
- The browser verifies the digital certificate of the www.helloworld.net with the CA public key
- Specifically, the browser uses the CA public key to decrypt the signature in helloworld's digital certificate to obtain a digest D1
- The browser calculates the digest D2 of the certificate based on the digest algorithm in the helloworld digital certificate
- Compare whether D1 and D2 are equal.
- If not, the certificate is dropped
- If equal, the certificate validation passed.
- Negotiate a symmetric encryption key phase
- The browser verifies the digital certificate after it is passed
- The browser gets the public key in the digital certificate, which is the public key of the www.helloworld.net website
- After the browser has the public key of the website, it encrypts the key S with the public key, and sends the ciphertext after encryption to the server
- After the server receives the ciphertext, it decrypts it with its own private key to obtain the key S
- After that, the browser, the server and the two sides use the key S for symmetric encrypted communication.
After terminating the story, it was finally finished, and it took a whole day
There are so many processes, in fact, it is very simple to grasp a few key questions, essentially two people, how to communicate safely and efficiently
Let's briefly summarize again, using a question-and-answer approach, I think it's better
Question 1: How to do Xiaoming and Xiaohua communicate securely?
A: By encryption
Question 2: Which encryption method is more efficient to communicate?
A: Symmetric encryption
Because, one-way encryption, there is no way to decrypt, no
Asymmetric encryption, too slow, and no
Only symmetric encryption, fast
Question 3: How can the key S be transmitted securely using symmetric encryption?
Answer: Xiaohua uses Bob's public key to encrypt the key S and pass it to Bob
Bob decrypts it with his private key
Question 4: How does Bob securely transmit his public key to Xiaohua?
A: Use digital certificates
Specifically, Bob applies to the CA for a digital certificate of his own and puts his public key in the certificate
Bob sends the digital certificate to Xiaohua
Question 5: How does Xiaohua verify the authenticity of digital certificates?
Answer: Xiaohua uses the digital certificate of the CA built into the operating system to obtain the public key of the CA, and uses the public key of the CA to verify and sign the digital certificate
The signature verification is passed, indicating that the digital certificate is genuine.
The above questions, I hope readers ask themselves more, if it is themselves, how should they solve this problem.