The basic https encryption process Scenario: Tom wants to visit XXX.com through https Step1: Tom visit XXX.com, XXX.com provide its certification to Tom's browser Step2: The browser gets XXX.com's public key which is stored in the certification Step3: The browser generates a symmetric key and encrypts this symmetric key with the public key it gains in step2. After that the browser sends this encrypted message back to XXX.com's server. Step4: XXX.com decrypts this message using its private key and gets the symmetric key Step5: XXX.com and Tom begins to talk with other by using this symmetric key But how can we know the certification provide by XXX.com is not faked(sometimes we may use proxy and the certification may not be provided by the actual XXX.com) First we should know digit signature. A digit signature is generated in the following process plain text->hash algorithm->abstract->private key encryption->digit signature The certification itself contains enough information to prove itself. It contains following key parts:
With these background information, we can know how to detect faked certification.
Reference
https://en.wikipedia.org/wiki/Certificate_authority https://segmentfault.com/a/1190000004523659
0 Comments
|