I don't know how to make when using asymmetric encryption server to the client sends the client can decrypt the encrypted information correctly,
Such as if we were to let the client (browser) encrypted information sent to the server (such as input from the user ID and password to log in operation), the client has a public key, the server has a public key and the key to the client through the public key to encrypt the information sent to the server, the server can be decrypted, this I think I am not wrong,
But if, in turn, what should I do?
If the client (browser) directly hold key words, this is not very safe?
Another point is I haven't done based on the PHP web development, should use which encryption means good here? Some people say that using HTTPS can directly, if so, is there anyone an example of using HTTPS encryption and decryption: let me see?
Thank you very much!
CodePudding user response:
The encryption is used to ensure the safety of the transport process is not used for client legitimacy of judgmentCodePudding user response:
1. The service side randomly generated public-private key (public key railway, the private key pk2), and the public key railway to the client,(note: at this point to intercept railway)
2. The client is randomly generated public-private key (public key pk11, private key pk22), and public key pk11, through railway encryption, to the service side,
(note: at this time can intercept the ciphertext, also know by railway is encrypted, but not knowing the private key pk2, cannot decrypt)
3. The server received a ciphertext, pk2 decryption with the private key, get pk11,
4 server random key generating symmetric encryption key=X, with pk11 encryption, to the client,
(note: in the same way, the hacker by ciphertext cannot decrypt the key)
5 the client receives the ciphertext, pk22 decryption with the private key, to the key=X,
6 the client and server communicate using the symmetrical and the secret key generated above,
Plus signature verification