[Reading] The First Few Milliseconds of an HTTPS Connection

链接: http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

这是一篇2009年发布的文章, 文章以在亚马逊购物的任意的一个链接作为引子, 通过解释其中https的各层工作原理, 加密suits和相关文章, 总结了https的大部分工作原理.

文章着重的介绍了https的Transport Layer Security (TLS) 和Application Layer的一些主要的(非全部)加密措施, 其中大量篇幅侧重于RSA的工作原理. 虽然作者解释RSA是在2009年(10年前), 但是作者的思路清晰, 例子得当, 并且言简意赅, 虽然文章中的加密是10年前的版本, 但是RSA的思路确实万变不离其宗, 以下是精髓部分的quote.

其中重点的部分:

You pick two huge prime numbers “p” and “q.” Multiply them to get “n = p*q.” Next, you pick a small public exponent “e” which is the “encryption exponent” and a specially crafted inverse of “e” called “d” as the “decryption exponent.” You then make “n” and “e” public and keep “d” as secret as you possibly can and then throw away “p” and “q” (or keep them as secret as “d”). It’s really important to remember that “e” and “d” are inverses of each other.
Now, if you have some message, you just need to interpret its bytes as a number “M.” If you want to “encrypt” a message to create a “ciphertext”, you’d calculate:
C ≡ M^e (mod n)
This means that you multiply “M” by itself “e” times. The “mod n” means that we only take the remainder (e.g. “modulus”) when dividing by “n.” For example, 11 AM + 3 hours ≡ 2 (PM) (mod 12 hours). The recipient knows “d” which allows them to invert the message to recover the original message:
C^d ≡ (M^e)^d ≡ M^e*d ≡ M¹ ≡ M (mod n)
Just as interesting is that the person with “d” can “sign” a document by raising a message “M” to the “d” exponent:
M^d ≡ S (mod n)
This works because “signer” makes public “S”, “M”, “e”, and “n.” Anyone can verify the signature “S” with a simple calculation:
S^e ≡ (M^d)^e ≡ M^d*e ≡ M^e*d ≡ M¹ ≡ M (mod n)
Public key cryptography algorithms like RSA are often called “asymmetric” algorithms because the encryption key (in our case, “e”) is not equal to (e.g. “symmetric” with) the decryption key “d”. Reducing everything “mod n” makes it impossible to use the easy techniques that we’re used to such as normal logarithms. The magic of RSA works because you can calculate/encrypt C ≡ M^e (mod n) very quickly, but it is really hard to calculate/decrypt C^d ≡ M (mod n) without knowing “d.” As we saw earlier, “d” is derived from factoring “n” back to its “p” and “q”, which is a tough problem.

http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

总结一下就是:

• p和q一定要要大
• e和d一定互为模倒数, 即满足 e*d = 1 (mod n)
• RSA主算法:
  • 加密 C ≡ M^e (mod n). M是明文数据，就是要加密的东西
  • 解密 C^d ≡ (M^e)^d ≡ M^e*d ≡ M¹ ≡ M (mod n)
• M^e 这个就是大数乘法，已经有很多现存的优化算法， 速度快。
• 如果强行破解，那么 C -> M (mod n). 很难，https://en.wikipedia.org/wiki/Integer_factorization

文章后边还介绍了Master Secret的生成和Ron’s Code #4 (RC4), 一种基于xor性质的流加密.不过只是介绍了应用部分, 没有相信的展开里面的算法内容.

总体来说只是介绍了https的一些主要的加密措施, 对于入门的新手还是不错的了解.