HUAWEI network engineer entry knowledge
Basic introduction to SSL
SSL is called Secure Sockets Layer, the secure socket layer. It is a security protocol that guarantees privacy. SSL can prevent the communication between the client and the server from being intercepted and eavesdropped. It can also verify the identity of both parties in the communication and ensure the security of data transmission on the network.
The traditional HTTP protocol does not have a corresponding security mechanism, cannot guarantee the security and privacy of data transmission, cannot verify the identity of the communicating parties, and cannot prevent the transmitted data from being tampered with. Netscape uses data encryption, identity verification and message integrity verification mechanisms to provide security guarantees for network transmission.
The SSL protocol includes several security mechanisms for identity verification, data transmission confidentiality, and message integrity confidentiality.
The authentication mechanism is to use the digital signature method to authenticate the server and the client, and the authentication of the client is optional. The digital signature can be realized by an asymmetric key algorithm. The data encrypted by the private key can only be decrypted by the corresponding public key. Therefore, the user identity can be judged according to whether the decryption is successful. If the decryption result is the same as the fixed message, the authentication is successful. When using a digital signature to verify identity, it is necessary to ensure that the public key of the verifier is authentic, otherwise, illegal users may pretend to be the verifier and communicate with the verifier.
The confidentiality of data transmission is to use a symmetric key algorithm to encrypt the transmitted data. It means that the sender sends the data to the other party before sending the data; after the receiver receives the data, it uses the decryption algorithm and decryption key to obtain the plaintext from the ciphertext. A third party without the decryption key cannot restore the ciphertext to plaintext, thus ensuring the confidentiality of data transmission.
The message verification code is used to verify the integrity of the message during message transmission. The MAC algorithm is an algorithm that converts the key and data of any length into fixed-length data.
1. With the participation of the key, the sender uses the MAC algorithm to calculate the MAC value of the message, and then sends the message to the receiver.
2. The receiving end uses the same key and MAC algorithm to calculate the MAC value of the message, and compare it with the received MAC value
If the two are the same, the message has not changed. Otherwise, the message is modified during transmission and the receiving end will discard the
Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/