One way SSL is one way encryption?

后端 未结 2 1200
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-02-14 16:23

If one way SSL is used (Server Certificate authentication) then data sent from client gets encrypted using Public key of the server certificate. So privacy protection is availab

相关标签:
2条回答
  • 2021-02-14 16:42

    In SSL, two things happen:

    First, a session key is negotiated using something like the Diffie-Hellman method. That generates a shared session key but never transmits the key between parties.

    Second, that session key is used in a normal symmetric encryption for the duration of the connection.

    SSL does use public/private in one way, because an X509 certificate is used to identify at least one end of the connection. Those certs are signed using an asymmetric key pair.

    Extracted from How can SSL secure a two-way communication with only one key-pair?

    0 讨论(0)
  • 2021-02-14 16:51

    One way SSL just means that the server does not validate the identity of the client. It has no effect on any of the other security properties of SSL.

    While the SSL protocol is a bit complex, the basic gist of what happens is this: The client generates a random key, encrypts it so that only the server can decrypt it, and sends it to the server. The server and client now have a shared secret that can be used to encrypt and validate the communications in both directions.

    The server has no idea of the client's identity, but otherwise, the encryption and message validation is two way.

    Update:

    1) Yes, encryption both ways is symmetric and uses a shared secret generated during session setup.

    2) With a shared secret, message integrity is trivial to assure. You just ensure the message has a particular form. For example, I can prefix every message I send with a sequence number and append a checksum onto it before encryption. You decrypt it with the shared secret and validate the sequence number and checksum. How can an attacker substitute or modify the message without knowing the shared secret and still keep the sequence number and checksum intact?

    0 讨论(0)
提交回复
热议问题