Jiadong Wu
  • Portfolio
  • Blog
  • Gallery
  • Lab
  • GitHub
  • About

Https Basic Notes

3/8/2016

0 Comments

 
The basic https encryption process
Scenario: Tom wants to visit XXX.com through https
Step1: Tom visit XXX.com, XXX.com provide its certification to Tom's browser
Step2: The browser gets XXX.com's public key which is stored in the certification
Step3: The browser generates a symmetric key and encrypts this symmetric key with the public key it gains in step2. After that the browser sends this encrypted message back to XXX.com's server.
Step4: XXX.com decrypts this message using its private key and gets the symmetric key
Step5: XXX.com and Tom begins to talk with other by using this symmetric key
But how can we know the certification provide by XXX.com is not faked(sometimes we may use proxy and the certification may not be provided by the actual XXX.com)
First we should know digit signature. A digit signature is generated in the following process
plain text->hash algorithm->abstract->private key encryption->digit signature
The certification itself contains enough information to prove itself. It contains following key parts:
  1. CA - certification issuer
  2. digit signature of this certification (encrypt by CA's private key)
  3. XXX's public key
  4. hash algorithm -> used in the digit signature
With these background information, we can know how to detect faked certification.
  1. When the browser get a certification from server, it can check CA. Modern browser already has build-in information of the major CA. If browser can't find this CA, this certification can not be trusted.
  2. If the CA information is correct, browser can decipher the digit signature using CA's public key since the digit signature is encrypted by CA's private key. If it can not be decrypted, this certification may be faked.
  3. If the digit signature is decrypted correctly, we can get the abstract. Then browser can use the hash algorithm provided by this certification to calculate a hash text - H. If H is not same as the abstract, we can detect that this certification has been cooked during the transfer. 
Reference
https://en.wikipedia.org/wiki/Certificate_authority
​​https://segmentfault.com/a/1190000004523659
0 Comments



Leave a Reply.

    Archives

    April 2020
    January 2019
    November 2018
    April 2018
    March 2018
    January 2018
    June 2017
    September 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015

    Categories

    All
    Git
    Https
    Interview
    IOS
    JavaScript
    OA
    Personal
    Web

    RSS Feed

Keep Coding, Keep Living.

  • Portfolio
  • Blog
  • Gallery
  • Lab
  • GitHub
  • About