安全网络传输协议简介

TLS安全网络传输协议简提 无加密的传输层协议的安全问 ：通信内容被获篡改：通信内容 更： 成通信的一开发了SSL（SecureSocketLayer）协议TLS（TransportLayerSecurity）协议。现在最 h?ps协议。学基对称加One-Cme“理想”的对称加绝对安全：每一位上0和1的概率都相中间的16步方法相同，只是使用不同的48bitkeyKi：输 在一开始对56bitkey做bit换得56bit做换位，并在每一步选取不同的48bit作为Ki TripleDES，比DES更加安全其他常用的算法包括：TwofishSerpentAES(Rijndael)BlowfishCAST5,Grasshopper,RC4,Skipjack,Safer+/++(Bluetooth),IDEA[来自非对称加公钥公开，而私钥必须。从公钥很难获知私钥方，而只有传输的两端知道但非对称加密的缺点是，加密、的速度远远慢UnsymmetricEncrypConPublic-keyOmitstheneedfora“courier”todeliverkeystorecipientsoveranothersecurechannelbeforetransmibngtheoriginally-intendedmessageEncrypConkeysarepublic,whilethedecrypConkeysarenot,soonlythewiththecorrectdecrypConkeycandecipheranencryptedEveryonehastheirownencrypConanddecrypConThekeysmustbemadeinsuchawaythatthedecrypConkeymaynotbeeasilydeducedfromthepublicencrypConkey.DigitalOnepeermayneedtoverifyidenCtyofanotherduringThisisdoneusingthesender’sdecrypConkey,usingthecorrespondingpublicencrypConkeySignaturescannotbeforged.Also,nosignercanlaterdenyhavingsignedthemessage.Public-keyCryptosystemDecipheringanencipheredmessagegivesyoutheoriginalmessage,specificallyD(E(M))=ReversingtheproceduressCllreturnsE(D(M))=EandDareeasytoThepublicityofEdoesnotcompromisethesecrecyofD,meaningyoucannoteasilyfigureoutprivatekeyfrompublickey.对于E，从明文获取密文非常容易，而从密文获取明文非b)对于后面会说到的电子签名很重RSAThesecurityoftheRSAalgorithmhassofarbeenvalidated,sincenoknowna?emptstobreakithaveyetbeensuccessful,mostlyduetothedifficultyoffactoringlargenumbersn=pq,wherepandqarelargeprimenumbers.Itsmajordisadvantageisthatitrequireskeysofatleast1024bitsforgoodsecurity(versus128bitsforsymmetric-keyalgorithms),whichmakesitquiteslow.RSAEnrypConandC≡E(M)≡MemodM≡D(C)≡Cdmod(e,n)istheencrypCon(d,n)isthedecrypConSothealgorithmcanenciphermessagebetween0andn-1.Iftheoriginaltextislarger,thenbreakitapartDerivaConofthechoosingtwo“random”largeprimespandq,mulCplyandproducen=pqpickdtobearandomlargeintegerwhichmustbecoprime(互质)toφ(n)find(alarge)esuchthat:e·dmodφ(n)=(φisEulertoCentfuncCon)forn,thereis:φ(n)=φ(p)·φ(q)=(p−1)·(q−1)=n−(p+q)+themulCplicaCveinverseofamodulomexistsifandonlyifaandmarecoprime.sincedandφ(n)arecoprime,dhasamulCplicaCveinverseinmoduloφ(n),whichiseProofofsymmetryofD(M)andD(E(M))=(Memodn)dmodn=Me·dmodnE(D(M))=(Mdmodn)emodn=Me·dmodnMe·dmodn=Mk·φ(n)+1modnSince,Mφ(n)modn=1(thiscanbeThen,Me·dmodn=Wehave,D(E(M))=M,E(D(M))=ThesecurityofSincefactoringnumbershaspracCcallyproventobefarharderthandeterminingprimalityorcompositeness,nwillnotrevealpandqbecauseitisessenCallyimpossibletofactorthemfromn,andthereforewillassurethatdispracCcallyimpossibletoderivefrome.AssumeanoperaConintheSchroeppelfactoringalgorithmtakesonemicrosecondtocompute,andpresentthefollowingdataforvariouslengthsofn:HowaboutbreakingthewithoutfactoringTheauthorsofRSAarguedthat,sincetheonlyotherrealisCcopConistodiscoverawaytobreakthecodewithoutfactoringn,suchadiscoverywouldyieldanefficientfactoringalgorithm.However,suchadiscovery,combinedwithwaysofbreakingthecodebyfactoringn,wouldhavetoallbeashardasfactoringn.TheauthorsofRSAdonotprovideaproofforthisconjecture.However,therehasbeennoknownrecordofanyonebreakingRSAsinceithasbeenpublished.认证的问过程中信息无法被，但是如何确保你的第数字签 前面所说的使用密钥加密的密文就是是一种特殊的文件，里面包含若干字 个 个 发 容做发 个 验证一个是否合法的方法就是：从当前对方所提供的开始，不断验证其所声称的签发者，直到签发者为根，则认为可信；否则认为不可信为何能验 可以验证签发者的，签发者的不可：在签发的时候，只有真正拥有签发者对应的密钥，才能对签发做签名，否则验证者用公钥去做时无法得到同样签名 不可被篡改，所以有效的一定是被所宣称的签发者所签发：对于所拥有的，如果对内容根是所有人都相信的，通过预装在操作系 标Version:1SerialNumber:7829Issuer:C=ZA,ST=WesternCape,L=CapeTown,O=ThawteConsultingcc,OU=CertificationServicesDivision,NotBefore:NotAfter:

916:04:021998916:04:021999Subject:C=US,ST=Maryland,L=Pasadena,O=BrentBaccala, SubjectPublicKeyInfo:PublicKeyAlgorithm:rsaEncryptionRSAPublicKey:(1024bit)Modulus(1024bit):00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8:e8:35:1c:9e:27:52:7e:41:8fExponent:65537(0x10001)SignatureAlgorithm:md5WithRSAEncryption SSL协议简Record --+-------------->1.Fragment Compressdata(generallynocompression |MAC|AddaMessageAuthentication Encrypt Add TLSRecord|

|

|AddaTLSRecord| RecordLayerByte0:TLSrecordBytes1-2:TLSversionBytes3-4:Lengthofdataintherecord(excludingtheheaderitself).Theumsupportedis16384(16K).recordtype(1/

RecordType ----------------------------------- VersionVersion------------------------------------SSLTLS

length(2/+----+----+----+---- ||||||||||||TLSRecord+----+----+----+---- 4typesofprotocolontopofrecordHandshakeAllowsthepeerstoauthenCcateeachotherandtonegoCateaciphersuiteandotherparametersoftheChangeCipherSpecItmakesthepreviouslynegoCatedparameterseffecCve,socommunicaConesencrypted.AlertUsedfor gexcepConsandindicatepotenCalproblemsthatmaycompromisesecurity.Applica;onDataIttakesarbitrarydata(applicaCon-layerdatagenerally),andfeedsitthroughthesecurechannel.HandshakeProtocolRecordRecord |Handshake||||+----+----+----+----+----+----+----+----+----+---------|22 +----+----+----+----+----+----+----+----+----+------type: handshake /length:arbitrary(uptoHandshakeType --||-+-//|\\---- |//|\\0_1SERVER_2NegoCateparamsforcipheredtrasmibng(protocolversion,ciphersuites,symmetric+----- |o---------------------------->|| || Server || [ || |||[|||||||| || || [ || || [ || **ChangeCipherSpec || ||o---------------------------->|| || **ChangeCipherSpec || ||| || |+----- HandshakePacketsalist -supportedciphereachciphersuitedefinesakeyexchangealgorithm,abulkencrypConalgorithm(includingsecretkeylength),aMACalgorithm,andaPRF.alistofcompressionalistofapossibleSessionIdfield gaprevious onenegoCatedciphersuiteandcompressionapossibleSessionId,for toreuseitintheThebodyofthismessagecontainsachainofpublickeyconveyscryptographicinformaContoallowthetocommunicatethepremastersecret:aDiffie-manpublickeywithwhichthe completeakeyexchange(withtheresultbeingthepremastersecret)orapublickeyforsomeothereithercontainstheRSA-encryptedpremastersymmetrickeyorDiffie- manparametersthatwillalloweachsidetoagreeuponthesamep