SSL, fully named Secure Sockets Layer, is a security protocol that provides privacy assurance. SSL can prevent the communication between the client and the server from being intercepted and eavesdropped, and can also verify the identities of both sides of the communication to ensure the security of data transmission on the network.
The traditional HTTP protocol does not have the corresponding security mechanism. It cannot guarantee the security and privacy of data transmission, verify the identities of the two communication parties or prevent the transmitted data from being tampered with. Netscape uses data encryption, authentication and message integrity verification mechanisms to provide security assurance for network data transmission.
SSL protocol includes several security mechanisms such as authentication, data transmission confidentiality, and message integrity confidentiality. The authentication mechanism uses digital signature method to authenticate the server and client, and the client authentication is optional. Digital signature can be realized by asymmetric key algorithm. The data encrypted by the private key can only be decrypted by the corresponding public key. Therefore, the user’s identity is determined according to whether the decryption is successful. If the decryption result is the same as the fixed message, the authentication is successful. When using digital signature to verify identity, it is necessary to ensure that the public key of the verifier is real, otherwise, illegal users may impersonate the verifier to communicate with the verifier.
The confidentiality of data transmission is to use symmetric key algorithm to encrypt the transmitted data. The sender sends the decryption key to the other party before sending the data; After receiving the data, the receiver uses the decryption algorithm and decryption key to obtain the plaintext from the ciphertext. The third party without decryption key cannot restore the ciphertext to plaintext, which thus ensures the confidentiality of data transmission.
During message transmission, the message verification code is used to verify the integrity of the message. MAC algorithm converts keys and data of any length into data of fixed length. 1. With the key, the sending end uses the MAC algorithm to calculate the MAC value of the message and sends it to the receiving end after the message. 2. The receiver uses the same key and MAC algorithm to calculate the MAC value of the message and compare it with the received MAC value. If they are the same, the message does not change. Otherwise, the message has been modified during transmission, and the receiver will discard the message.
Training Course: https://cciedump.spoto.net/