blog

Anson's working / exploring footprints 🧙‍♀️

View on GitHub

SSL 安全

Terms

  • Digest: main content’s hash result
  • Signature: a encrypted digest by private key
  • Certification: contain public key, meta info and all above’s CA signature
  • Passphrase: symmetric password
  • Recipient: public key
  • Identity: private key

Features

传递密码:通过公钥传递密码 ( Browser send symmetric secret key to server, it’s not only efficiency concern, but also one pair of asymmetrical key can only take encrypt effect at one way

验证身份:能解密就能确认对方身份,因为当前公钥的 pair 只有一个人/组织会有。并且只存在解密成功与否,不存在解密结果是否正确

防止篡改:解出 digest 后,和主体内容的 hash 比较,如果不一致,就是被篡改了

Tools

  • age - Cli tool to encrypt and decrypt with asymmetrical key
  • acme.sh - Free applying for server certificate and auto renew, using in server
  • mkcert - Creating self-signed certificate, using in development
  • myssl View your certification detail online
tags: security