HTTPS(ssl)究竟是如何工作的 [英] How exactly HTTPS (ssl) works
问题描述
我一直在阅读HTTPS,试图找出它的确切运作方式。对我而言似乎没有意义,例如,我正在读这个
I have been reading on HTTPS, trying to figure out how exactly it works. To me it doesn't seem to make sense, for example, I was reading this
https://ssl.trustwave.com/support/support-how-ssl-works.php
注意它在页面中说明了这一点
And notice it says this in the page
步骤4:xyz.com接下来会创建一个
使用
客户的公钥和
xyz.com的私钥对其进行唯一哈希加密,并将此
发送回客户端。
Step 4: xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client.
步骤5:客户的浏览器将解密哈希。此过程显示xyz.com发送散列的
和
只有客户能够读取它。
Step 5: Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it.
我不明白的是,黑客不能只是拦截它发送回客户浏览器的公钥,并且能够解密客户可以做的任何事情吗?
What I don't understand is, couldn't a hacker just intercept the public key it sends back to the "customer's browser", and be able to decrypt anything the customer can?
感谢您的回复
推荐答案
我不明白的是,不能黑客只是拦截它发送回客户浏览器的公钥,并且能够解密客户可以做的任何事情。
What I don't understand is, couldn't a hacker just intercept the public key it sends back to the "customer's browser", and be able to decrypt anything the customer can.
公钥/私钥加密基于使用素数的模数算法。
Public/private key encryption is based on modulo arithmetics using prime numbers.
这种非对称加密仅在20世纪70年代中期被发现。它归功于 Diffie and Hellman ,以及 Rivest,Shamir和Adleman 。 (尽管两人实际上都重新发现了英国秘密机构已经知道的事情。)
Such asymmetric encryption was only discovered in the mid-1970s. It is credited to Diffie and Hellman, and to Rivest, Shamir and Adleman. (Though, both actually rediscovered things already known by the British secret services.)
Diffie-Hellman <上的维基百科页面/ a>具有通过公共频道进行秘密密钥交换的详细示例。虽然它本身并不描述SSL,但是理解为什么知道公钥不会泄露消息的内容应该很方便。
The wikipedia page on Diffie-Hellman has a detailed example of a secret key exchange through a public channel. While it does not describe SSL itself, it should be handy to make sense of why knowing a public key doesn't reveal the contents of a message.
您可能还会发现这个简单的RSA示例很有意思。
You might also find this simple RSA example interesting.
这篇关于HTTPS(ssl)究竟是如何工作的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!