谁的密钥用于加密HTTPS响应? [英] Whose key is used to encrypt a HTTPS response?
问题描述
我依靠HTTPS构建了一个Web服务器。因此,我的服务器维护其私钥并发布任何客户端可用于加密其请求的公钥。由于我的服务器是唯一拥有私钥来解密使用服务器公钥加密的任何邮件的服务器,因此以这种方式发送的任何请求都可以被认为是安全的。
I have a web server built up relying on HTTPS. So, my server maintains its private key and publish a public key that any clients can use to encrypt their request. Since my server is the only one who has the private key to decrypt any message encryped using server's public key, any request sent this way can be considered secure.
然而我的问题是在响应部分。当服务器将响应发送回客户端时,服务器使用哪个公钥来加密响应消息?
However my question is at the response part. When the server sends the response back to the client, whose public key will the server use to encrypt the response message?
我假设服务器将使用客户端的公钥加密响应(默认情况下?还是配置?)。如果是这样,服务器是否知道客户端发送给服务器的请求的公钥,或者其他什么?
I assume the server will use client's public key to encrypt the response (by default? or upon configuration?). If so, does the server knows the client's public key from the request it sends to the server, or somehow else?
更新:
如果我不正确地理解它,然后在未来的通信中,各方如何知道如何解密另一方发送的消息?某些关键是共享的还是某种方式?
谢谢!
推荐答案
公钥不直接用于加密HTTPS连接上的任何底层HTTP流量; HTTP请求和HTTP响应都不以这种方式加密。相反,在初始SSL握手期间,会话客户端和服务器之间协商会话特定的对称密钥,它是对称密钥,然后用于在两个方向上加密HTTP连接上的所有流量。
Public keys are not directly used to encrypt any of the the underlying HTTP traffic on an HTTPS connection; neither the HTTP request nor the HTTP response are encrypted this way. Rather, during the initial SSL handshake, a session specific symmetric key is negotiated between the client and the server, and it's the symmetric key that is then used to encrypt all traffic on the HTTP connection in both directions.
协商对称密钥的具体机制取决于客户端和服务器之间协商的特定密码套件。此协商始终涉及服务器的公钥和客户端发送的值;它还可能涉及客户端公钥等项目或来自服务器和客户端的单独连接特定公钥。
The specific mechanism by which the symmetric key is negotiated depends on the specific cipher suite that is negotiated between client and server. This negotiation always involves the server's public key and a value sent by the client; it may also involve items like a client public key or separate connection specific public keys from the server and client.
其他详细信息可以在RFC 5246中找到:
Additional detail can be found in RFC 5246 starting here:
http://tools.ietf。 org / html / rfc5246#section-7.3
这篇关于谁的密钥用于加密HTTPS响应?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
