Why encrypt HTTP content is transmitted in clear text, and data transmitted in clear text can be stolen or tampered with by middlemen as it passes through intermediate nodes. It was known as a “man-in-the-middle attack”.
How to ensure that information is not hijacked and tampered with by middlemen?
The communication parties may agree on a key, the sender uses the key to encrypt the information and transmit it, the receiver receives the information and decrypts it with the key.
As long as the middleman can not get the key, even if intercepted information can not know the specific content of the information, also can not forge false information to the receiver.
This is symmetric encryption. (https://sectigostore.com/blog)…
How do you ensure that the key is known only to the sender and receiver and not to the middleman?
Idea 1: When the sender and receiver are born, the key has already been written. Such as certain secure hardware devices.
This idea is obviously unrealistic in Internet communication. A device cannot write all the sender’s keys as soon as it leaves the factory. After it leaves the factory, new senders are born continuously.
Then one party can only pass the key to the other party, and ensure that in the transmission process, the key is not hijacked and tampered with by the middleman.
The problem seems to have come full circle.
We’re not quite back where we started. The amount of data in the key is much smaller than in normal communication. By “using symmetric encryption,” the magnitude of the problem is reduced and the tolerance for cost is increased, as long as the third party cannot get the key, regardless of the cost.
So you can use asymmetric encryption, asymmetric encryption uses two keys, and what you encrypt with one key can only be decrypted with the other key.
The communicators will use one public key as the public key and one private key as the private key. One party uses the public key to encrypt the key, the other party uses the private key to decrypt and obtain the key.
The private key used for decryption has not been publicly transmitted, so it cannot be stolen by the middleman, who cannot decrypt and steal the symmetric key without the private key.
From the point of view of the middleman, although it is impossible to hijack the private key, it is impossible to break the symmetric key. But he can hijack and tamper with the public key, allowing both parties to pass on a symmetric key that “thinks it’s encrypted”. In fact, a symmetric key encrypted with a fake public key would run naked in the eyes of the middleman.
The code block JSON
A ——- public key with a middleman with a false public key with a >
B (generate the key, encrypt the key with the false public key) the middle man <---- the false public key * the key is null > b
Middleman (decrypt the key with a fake private key)
A —– public key * key shack middleman A (decrypt the key with the private key)
The key to middleman’s ability to break asymmetric encryption is that the public key is public. As long as the public key is public, there is no way to avoid interception and tampering. As long as the public key is tampered with, a symmetric key encrypted with the public key is equivalent to no encryption.
How do you ensure that the public key is not tampered with? It’s like we’re back where we started. But it’s not quite back to where it started, because the problem has been downgraded from “guaranteeing that the middle man can’t steal or tamper with the key” to “it’s OK to steal the public key, but it’s OK to not tamper with it.”
So how do you ensure that middlemen can’t tamper with the public key?
? Why asymmetric encryption is expensive.
Here are the rejected manuscripts
So red change note on the content, xiaoming and xiao-qiang agreed a key. Xiao Ming encrypted the note and then pass, Xiaoqiang received the encrypted note, with the same key to decrypt to read.
So even if the little red on the road to see the note, also do not understand what is written above.