This is the sixth day of my participation in the August More text Challenge. For details, see: August More Text Challenge

Back in the book, we talked about the lack of integrity protection of identity authentication is meaningless, because the middleman can modify the source data as a whole and generate new hash values, so how to implement identity authentication?

TLS authentication

TLS authentication has two parts: an SSL certificate that acts as a “network ID” — proving you are you — and a “digital signature” that certifies that the certificate is genuine.

SSL certificate

  • SSL certificates, also known as digital certificates, are issued by third-party Certification authorities. Generally, the Certification Authority is certified and regulated by the government. They manage the entire life cycle of a public key, including issuing the certificate, specifying the validity period of the certificate, and revoking the certificate when necessary. The security level of a CA can mean the difference between life and death, so browsers trust their authentication mechanism by default;

  • In the certificate, the most important one is the public key subject_public_KEY_info of the provisioned object. The domain name party needs to submit the public key of its server to the CA for signature and anti-counterfeiting. The following figure describes the process of issuing a CA certificate in detail:

  • The contents of an SSL certificate include: Certificate serial number (this is the unique identifier assigned to the certificate by the certificate authority), the grant object (Subject)URI, the public key of the grant object (subuject public key info is the most important field in the certificate), certificate serial number, issuing authority, signature encryption mode, encryption timestamp, And the certificate chain, the digital signature, and so on;

  • The following figure shows the certificate message sent by the real server intercepted by me from the Wireshark, which corresponds to the structure in the preceding figure:

  • SSL certificates do not exist independently, but belong to the certificate chain. In fact, SSL certification authorities are divided into different levels. Generally, there are three levels, and the root certificate is the highest. The certificate chain starts with the root certificate. The object identified by the certificate at each level is signed by the certificate at the next level, and the root certificate itself is signed by itself. When verifying the certificate chain, the client must verify the digital signatures of all certificates in the chain until the root certificate is reached. Therefore, the entire system uses the root CA as the trust point.

  • The following figure shows the certificate chain in the client browser:

  • The upper-layer CA can and must authenticate the lower-layer CA, but the lower-layer CA cannot authenticate the upper-layer CA. Therefore, the server not only needs to provide its own CA certificate and digital signature, but also needs to provide a certificate chain from the root CA to itself. Each client keeps a list of root cas. If the root CA provided by the server is not in this list, it is not trusted.

A digital signature

The SSL certificate alone is not enough. The ID card itself needs to be counterfeit-proof. It uses a “digital signature”, which uses asymmetric encryption.

  • Asymmetric encryption is a key pair. The public key is a public key that can be obtained by anyone. The private key is a key that is kept by the user alone.

  • A public key is more like a lock. Only the private key can decrypt the encrypted data. The private key is private, unique, and often used for signature. The data signed with the private key can only be verified with the public key.

  • In essence, a third-party authentication authority encrypts the certificate using its own root private key. In this way, the client can decrypt the certificate only by using the public key of the root CA. In this way, the certificate is verified by the root CA.

  • Together with the CA certificate, the SERVER sends the TLS digital signature to the client and tells the client the hash format and encryption algorithm to use

  • The next thing the client needs to do is to match this institution in its root CA list, check its public key, and use the public key to decrypt the signature. After decrypting, the client will get a hash value, and then compare it with the calculated hash. If it matches, the verification succeeds; if it does not match, there is a problem with the certificate.

Integrity + identity authentication

With the HASH integrity protection discussed in the previous article, let’s take a holistic look at the TLS authentication process.

The TLS authentication process is divided into four steps:

  1. The server packages the CA certificate chain (with signature) and sends it to the client.
    • Hash computations are performed on the CA side, but cannot be seen on the server side. The server only sends the CA certificate to the client.
    • The server sends the TLS message Certificate to the client. This screenshot is the second one above.

  1. After receiving the certificate, the client verifies the fingerprint to ensure the integrity of the certificate. A lot of material on the Internet doesn’t include this step, which is wrong.
    • Each certificate has a fingerprint algorithm. The client calculates the hash(fingerprint) based on the fingerprint algorithm and compares it with the hash in the local certificate to ensure that the certificate is not tampered.

  • Fingerprint in the local certificate:

  1. The client decrypts the digital signature using the CA public key, obtains the hash value, and compares it with the calculated hash value to verify the authenticity of the signature.

  1. After confirming that the signature is reliable, we can trust the certificate. Finally, the browser checks the content of the CA certificate, whether the URL is consistent, whether the certificate is expired, and can also verify the certificate status through SCT.
    • If the connection to the browser is intercepted by a phishing net, the browser can also issue its own certificate to the browser, which can also pass the previous step 3 verification, but by comparing the URL on the certificate with the URL we requested, we can find that it is not the actual URL we requested.

That’s all about TLS authentication and integrity protection. Next, we will talk about TLS encryption algorithms, including DH password negotiation, real TLS handshake process. Thank you for reading, if there are any inaccuracies or errors, please leave a comment and I will correct them in time


Summary is not easy, please do not reprint privately, otherwise don’t blame the old man you are welcome

Welcome technical friends to communicate with me, wechat 1296386616

References:

HTTPS intensive reading of TLS certificate check Lyndon zhuanlan.zhihu.com/p/30655259

Digital certificate verification principle of HTTPS Mr. Guo blog.csdn.net/liuxingrong…

What is a digital certificate and signature? This article speaks too well Write the code of the Ming network.51cto.com/art/202010/…