1. When access Https, credit CA institution of public key is contained in the browser, received the CA certificates can decrypt,
But when I visit a non trust agency website, as long as I can access click continue to browse or add exception, is this not the public key certificate letter how do I get?
2. HTTPS communications and caught, TLS connection can be seen when the client to the server random Numbers, the server to the client's random number and preMaster secret string, then can get the session key and the SSL encryption, decryption of data transmission can be an intermediary, also how to ensure safety, where is the above I understand there is a problem of
?
Glad, thank you!
CodePudding user response:
The two problems need to certain basic knowledge, asymmetric encryption principle and its application, the focus is on the signature, key exchange,The first point: when you visit an HTTPS site, the site will give you a certificate, you need to determine whether the certificate is signed by the CA institution or fake, so please verify, and can get the certificate, access has nothing to do, but the site can request must can access authentication certificate, and the browser can choose whether to implement the requirements,
The browser contains trusted CA public key - & gt; Precisely contains CA root certificate, the certificate contains a public key,
The HTTPS website decryption - & gt; This can be complicated, but certainly not with the CA root solution, because the use of keys are a pair, usually is the key solution with you and server communication,
The CA certificate to decrypt - & gt; Not so, because there is a pair of keys, so, if we can use public key to verify the signature, can explain the authenticity and validity of the certificate,
The second point: another use of asymmetric encryption, in a secure channel building security encryption channel, you can refer to DH key exchange algorithm and its application,
Feel your asymmetric encryption related can completely do not understand, a lock with a key switch, you can learn a little about the ancient roller, bank, the content of the modern contract, and so on has nothing to do with technology to develop under your own imagination,