Article From:https://segmentfault.com/q/1010000011702845
Question:

In terms of network security, I think if there are tripartite servers to authenticate both of them and encrypt their communications, it can. If there is no three party server assistance. A and B can not carry out secure private communication. I wonder if they are right? Seeking Dalao guidance

Answer 0:

First of all, one of the characteristics of public networks is insecurity, as long as you are in the public network, it is definitely insecure. Then, third-party servers also need to authenticate by passing information related to A and B. How do you ensure that this information is delivered safely without being intercepted and forged?

Personally, it is entirely possible to adopt asymmetric encryption / decryption secure transmission mechanism. RSA can be used for simplicity of logic, and if performance is to be considered, a session_key for symmetric encryption and decryption can be generated by imitating SSL.
1、With A as the master, A stores the public key of B.
2、B When communicating with A, B sends its own public key to A. A does 3 if it confirms that B’s public key is registered locally, otherwise it refuses to communicate.
3、A Random generation of a sequence of session_keys for symmetric encryption and decryption, encrypted with B’s public key and sent to B with session_key_enc
4、B Use your private key to decrypt session_key_enc and get it to session_key.
5、A B After that, session_key is used to encrypt and decrypt data.

session_key It is always encrypted and transmitted between A B, so it is secure. Session_key has never been exposed on the public network, and even if someone hijacked the session_key_enc by requesting forged analog B requests to communicate with A, but without the private key of BIt doesn’t make any sense. If you want to do peer-to-peer communication, you can register the public key of A at B.

Answer 1:

AWhat is the relationship between B communication and the third party server?
The RSA algorithm can be used directly.

  1. ASend Gong Yue to B
  2. AEncrypting data with private key
  3. BDecrypting data with public key

Leave a Reply

Your email address will not be published. Required fields are marked *