Tuesday, September 28, 2010

The basic principles of SSL



0 Introduction

Three years ago, my company has established and suppliers B2B e-commerce sites, I participate in this project to understand the network traffic encryption and SSL-related knowledge. With my knowledge and understanding of e-commerce continued to deepen, with the current continual emergence of various e-commerce platform, I stepped up on the SSL's learning and understanding. This will combine to present my understanding of the basic principles of SSL, considering most of those who read this article for the security and encryption has some understanding and awareness of this paper is as follows:

1 first introduced the SSL communication diagram, relevant background knowledge of network security people can read about the plan's basic principles of SSL.

2 on the SSL communication on the diagram to explain the text and description here will involve a number of encryption and security terms, so people who read for understanding this can be encrypted.

3 on some of the terminology involved a brief presentation and explanation, the need to understand the terminology of some encryption can be used as a brief reference to the reader.

The purpose of this paper is to explain in concise summary SSL principle, the need for readers to learn more about SSL theory can further read the relevant books and papers.

1 SSL communication diagram

SSL communication diagram shown in Figure 1:




2 SSL communications description

In this section, the schematic shown in Figure 1 will be explained. To illustrate the convenience of the client in this paper that for the B, the server side for the S.

STEP 1: B -> S (initiated dialogue, consultation transmission encryption algorithm)

Hi, S! I want you to security dialogue, my symmetric encryption algorithms are DES, RC5, I have RSA key exchange algorithm and DH, with MD5 digest algorithm and the SHA.

STEP2: S -> B (sending server digital certificate)

Hello, B! Then we use DES-RSA-SHA This combination of communication, in order to prove I was indeed S, now send me the digital certificate to you, you can verify my identity.

STEP 3: B -> S (send this dialogue of the key)

(Check S's digital certificate is correct, the certificate issued by CA agencies verify the validity of S after the real certificate. Generated by using S's public key encryption key to send this dialogue to the S)

S, I have confirmed your identity, now we have this communication in the symmetric key encryption algorithm to send to you.

STEP4: S -> B (for key)

(S to obtain their private key to decrypt the key in this newsletter).

B, I have access to the keys. We can start correspondence.

STEP5: S <-> B (for communication)

Note: In general, when B is confidential information during transmission by, B does not require digital certificates verify the authenticity of his or her identity, such as e-banking application, customers need to send your account number and password to the bank, the banks of the Fu Wuqi need to install the digital certificate to show the effectiveness of their own identity. In some B2B applications, server-side also needs to verify the identity of the client, then the client also need to install a digital certificate to ensure communication when the server can identify a client's identity, the identity verification process is similar to server authentication process.

Also need to note that in some e-commerce applications may also use the electronic signature, or to more secure information exchange, will increase the electronic signature and message check code (MAC).



3 describes the knowledge

With the continuous development of e-commerce, SSL protocol has been more widely used. SSL protocol is between the HTTP protocol and an optional layer between the TCP can be expressed as




Here we have an example to explain the how the SSL protocol to access the secure website, if we buy in the online game cards in the game click on the payment page, we will enter the following interface:



Then we note that in the browser's address bar begins with HTTPS rather than HTTP, the browser's bottom right corner there is a lock, indicating SSL encrypted channel has been established. As layer in the process of HTTP request into a first HTTP request, then SSL TCP and IP layer by layer to achieve the browser and server handshake (HANDSHAKE), the server level access to the key, the last TCP layer of encryption between the server channel to achieve the objective of both sides to exchange information security.

In order to facilitate understanding of SSL, the following information in a brief overview of encryption-related knowledge. Encrypted information using the key type of encryption algorithm can be divided into the following categories: HASH coding, symmetric encryption and asymmetric encryption categories.

HASH HASH algorithm coding is to use the length of the message from any calculation of the value of a process HASH, HASH value can be said that the fingerprint information, as any different messages, almost always have different values HASH. Therefore, in the process of SSL communications, messages can be encrypted HASH value to ensure the delivery of the message has not been altered during transmission.

Called public key encryption or asymmetric encryption uses two mathematically related values to encode the information (encrypted), in which a number called the public key, and the other called the private key. Public key encryption private key can decrypt the information, private key encryption public key can decrypt the information. As the public key can be issued a large area, so public-key encryption in the SSL encrypted communication used on the encryption keys or digital signatures.

Symmetric encryption and asymmetric encryption is the difference compared to symmetric encryption, the encrypted information and decrypt information using the same key, so the key can not open. But it has the encryption, decryption rapid.

In SSL communication, the first non-symmetric encryption exchange of information, so the server provides browser access to the symmetric encryption key, and then communicate using the key information in the process of encryption and decryption. To ensure the message has not been tampered with during transmission can be encrypted HASH code to ensure the integrity of information.

Server digital certificate issued to the main Web site or other server requires a secure identification to prove identity of the server information, the same client-side digital certificates used to prove the identity of the client. In Guangdong Electronic Certification Authority Web site, you can see all the digital certificates issued by the agency detailed description of the function.







Recommended links:



How GIS Abstract Surface Features Of Space?



News about Printer



Sina's brilliant and bleak: 5 CEO change



using c Builder to create online chat software



Loss due to competition sudden withdrawal of Russia's largest game operators in China



Dell's expansion overseas territory shake the HP printer status of the King



DAT to 3GP



CHEMISTRY teachers and multimedia courseware



Comment E-Mail List Management



MKV to FLV



SWF to MP4



A flash DRIVE to buy the real experience



SCO, Sybase, SCO, Sybase,



PPT to teach you to easily modify the colors in the clip art



Cost-effective In Rural Areas Need Appropriate IPTV



Sunday, September 19, 2010

How far from the focus to the expertise?



"Our success is built on a professional team, keep improving the quality awareness and quality of service and service attitude basis, we must first find a suitable market segments and solutions, and then focused to do so, consistently, so deep to do through. "This is a Microsoft Gold Certified Partner - Shanghai Grape City Information Technology Co., Ltd. (hereinafter referred to as grape City) Vice President Lee said in an interview are the words, which is the grape has always been adhering to the corporate philosophy of the city.

Technology first, focus on the professional achievements

Grape City into China since 1988, has always focused on technology development, focused on production and sales enterprise, specializing in IT technology play a greater value in the customer service role. It is this focus, the professional achievements of the grape City, Shideputao City as a software company, Microsoft's China region through the first CMMI 4 绾?(software Yanfa Capability Maturity Model) Certified Partner.

As a foreign-funded enterprises to enter China since the beginning of grape City, location is very clear focus on the Microsoft platform-based software development, implementation and training services. In the years of technical development and implementation based on the technical strength not only continue to strengthen, the customer is also deepening the understanding of business, customer service experience is enriched. Years of dedicated, accumulated enough resources and strength. Grape City in transition to provide customers with integrated solutions to their technology, services, advantages more fully into play. Grape City in many cases, we can see the advantages of its technology brings unique value to customers.

For example in 2007, in the implementation of a Fortune 500 client MOSS (Enterprise Information Portal) solution of the project, the city successfully grape existing customers in more than 20 different types of systems to the MOSS platform set under the goal of the system integration and to help clients achieve IT efficiency. In this project, more than 20 system integration, both technically and from the coordination of the existing system provider, has a great challenge.

In order to give full play to the role of MOSS platform, organized the city's grape technical consultant also carried out a number of technical breakthroughs, while the power company's technology organization to coordinate efforts to solve MOSS Microsoft technical support for multi-system integration issues, on the other hand the technology Consultants are divided into several groups, coordination of client resources, respectively, a provider of a way to communicate with the existing system to address the issue of integration of various systems. In many system providers to communicate with, the grape is not only the city's technical consultant demonstrated superb communication skills, but also to the customer's understanding, mastery of each system to win customer trust and praise.

Grape City in focus, while also continue to sum up the common customer needs, with targeted product development. It is understood that being a city built entirely on grape MOSS platform workflow product research and development, this product can significantly reduce the user based on the MOSS platform workflow system implementation and development costs. For business users and IT departments can conduct its own business process design, greatly reduce the learning cost and the learning curve.棰勬湡灏嗗湪浠婂勾7銆?鏈堜唤鍦ㄤ腑鍥藉競鍦烘帹鍑恒?

銆??閽荤爺涓嶆噲锛屼笓涓氶摳灏变笓闀?br />
銆??鍖哄埆浜庢湰鍦熺殑缁忛攢鍟嗭紝钁¤悇鍩庨潪甯告敞閲嶅洟闃熴?鎰忚瘑鐨勫缓璁撅紝涓嶄粎鏈変笓涓氱殑鍥㈤槦锛屾洿寮鸿皟鍝佽川鎰忚瘑銆佹湇鍔℃剰璇嗗拰鏈嶅姟鎬佸害锛屼互涓撲笟鐨勫洟闃熷拰涓撲笟鐨勬湇鍔″叏鏂逛綅鍦版弧瓒冲鎴风殑闇?眰銆傚湪澶氬勾鐨勮В鍐虫柟妗堥」鐩疄鏂戒腑锛岃憽钀勫煄鍦ㄥ叾涓撴敞鐨勫悇涓涓氫腑绉疮浜嗗ぇ閲忕殑鎴愬姛妗堜緥锛屽苟褰㈡垚浜嗙ǔ瀹氱殑闀挎湡瀹㈡埛缇や綋锛屽鍏堢伒钁嗛泤銆佺綏姘忚瘖鏂澶囥?娴﹀彂閾惰锛屽鏅數瀛愶紝鑻辫繄鍥介檯锛孶L缇庡崕璁よ瘉绛夌瓑銆?br />
銆??杩欎簺鎴愬姛妗堜緥瀵逛簬钁¤悇鍩庢潵璇村叿鏈夐潪甯告繁杩滅殑鎰忎箟锛屼竴鏂归潰褰㈡垚浜嗚壇濂界殑瀹㈡埛鍙g锛屾湁鍒╀簬钁¤悇鍩庢墿澶т笟鍔★紝鍙︿竴鏂归潰钁¤悇鍩庤繕灏嗚繖浜涙渚嬩腑鐨勭粡楠岀Н绱笅鏉ワ紝鍦ㄦ洿澶氱殑琛屼笟鍜屽鎴蜂腑杩涜鍒嗕韩銆傝繖褰㈡垚浜嗚憽钀勫煄鐨勪紭鍔匡紝鑳藉鏇村揩閫熷噯纭湴瀹氫綅瀹㈡埛闇?眰骞堕?杩囨妧鏈弧瓒冲鎴烽渶姹傘?

銆??姣斿鍦ㄦ煇涓叏鐞冩?璁よ瘉鍏徃鐨勫ぇ涓崕鍖哄疄鏂組OSS绯荤粺鐨勬渚嬩腑锛岃憽钀勫煄涓嶄粎鎴愬姛鍦板疄鐜颁簡瀹㈡埛瀵规枃妗g鐞嗙殑涓ユ牸瑕佹眰锛屾洿灏嗚繖绉嶆枃妗e綊绫荤鐞嗗彉鎴愪簡鑷繁鐨勪紭鍔匡紝鍦ㄥ悗鏉ユ湇鍔″叾浠栧鎴锋椂鍙戞尌浜嗛噸瑕佷綔鐢ㄣ?

銆??璇ュ鎴锋槸涓?鍏ㄧ悆鎬х殑闈炶惀鍒╂満鏋勶紝涓撲笟浠庝簨瀹夊叏璁よ瘉鍜屽挩璇笟鍔★紝鍏徃鐨勫ぇ涓崕鍖哄湪棣欐腐銆佸彴婀俱?澶ч檰(鍖椾含銆佷笂娴枫?鑻忓窞銆佸箍宸炪?閲嶅簡绛?鍧囪鏈夊姙鍏銆傝椤圭洰瑕佹眰鍩轰簬MOSS瀹炵幇鏂囨帶绠$悊锛屽疄鐜版枃妗e彉鏇存祦绋嬮泦涓鎺э紝寮傚湴鏂囨。鍚屾绛夊姛鑳姐?杩欎簺瑕佹眰铏界劧澶嶆潅锛屼絾鏄粠鎶?湳涓婃潵璁插浜庤憽钀勫煄鏉ヨ骞朵笉闅撅紝鐪熸鐨勬寫鎴樺湪浜庡鎴疯姹傚湪绯荤粺涓疄鐜板鏂囨。鐨勪笓涓氬垎绫荤鐞嗗拰鍙樻洿娴佺▼鎺у埗銆傝?瀹㈡埛鏂囨。鐨勫垎绫婚潪甯镐笓涓氬拰缁嗚嚧锛屼笉鍚屼簬涓?埇鏂囨。鐨勯?杈戙?鐔熸倝瀹㈡埛鐨勫垎绫绘ā寮忥紝骞跺湪绯荤粺涓疄鐜拌繖涔堢粏鑷村拰搴炴潅鐨勫垎绫昏姳璐逛簡澶ч噺鐨勬椂闂村拰绮惧姏銆傝憽钀勫煄鐨勬妧鏈【闂滑娣卞叆鍒板鎴蜂腑锛屼笉鏂湴杩涜娌熼?锛屼簡瑙e鎴风殑鏂囨。閫昏緫锛屼笉鏂湴璋冩暣瑙e喅鏂规涓殑鍔熻兘锛屾渶缁堝疄鐜颁簡瀹㈡埛甯屾湜鐨勬枃妗f爣绛惧垎绫绘柟寮忋?

銆??鍚庢潵锛岃憽钀勫煄鍙﹀鐨勪竴涓鎴蜂篃鏈夌被浼肩殑鏂囨。绠$悊闇?眰銆傝憽钀勫煄灏嗗叾鑳藉瀹炵幇鐨勫姛鑳藉睍绀虹粰瀹㈡埛鏃讹紝浠ゅ鎴峰ぇ涓鸿禐璧忓苟褰撳嵆涓庤憽钀勫煄绛剧害銆?br />
銆??姝f槸杩欑涓撴敞锛屼笓涓氾紝浣垮緱钁¤悇鍩庝笉鏂湴浠ョ旱娣卞彂灞曠殑鏂瑰紡璧颁笂浜嗚繖浜涢鍩熺殑楂樼锛屾渶缁堟垚涓鸿涓氱殑浣间郊鑰咃紝涓烘洿澶х殑鎴愬姛濂犲畾浜嗗熀纭??







相关链接:



Mts to flv



Expensive PS3 Late



In SDH / SONET 155M on Carrying IP packet solution



Mod To Mpg



Report Calculators And Converters



Using tabs to align options



Easy to use Adobe Camera Raw matte finish to the skin to restore MM



Jinshan tomorrow in Hong Kong IPO issue price listed on the Hong Kong dollar AS a 3.6



Onimusha 3 DETAILS all captures



Baidu Xing, Tencent Death?



Evolution Of A Mature Framework And Guidelines - CMM Architecture



Brief News Servers



ps3 video format



Iphone rmvb