9. PKI - 三种密钥交换算法详解(RSA DHE ECDHE)及他们在SSL/TLS协议中的应用
2024-05-16 19:47:49
9. PKI - 三种密钥交换算法详解(RSA& DHE& ECDHE)及他们在SSL/TLS协议中的应用
- RSA密钥交换算法
- DHE密钥交换算法
- ECDHE密钥交换算法
- 参考
密钥交换算法的介绍稍稍来迟了一些,密钥交换算法应该在介绍SSH、SSL/TLS协议之前优先介绍。不过
Latter better than nerver !
RSA密钥交换算法
RSA算法流程文字描述如下:
(1)任意客户端对服务器发起请求,服务器首先发回复自己的公钥到客户端(公钥明文传输)。
(2)客户端使用随机数算法,生成一个密钥S,使用收到的公钥进行加密,生成C,把C发送到服务器。
(3)服务器收到C,使用公钥对应的私钥进行解密,得到S。
(4)上述交换步骤后,客户端和服务器都得到了S,S为密钥(预主密钥)。
RSA密钥交换
#mermaid-svg-KRvShx4otOmN6xgt .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-KRvShx4otOmN6xgt .label text{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .node rect,#mermaid-svg-KRvShx4otOmN6xgt .node circle,#mermaid-svg-KRvShx4otOmN6xgt .node ellipse,#mermaid-svg-KRvShx4otOmN6xgt .node polygon,#mermaid-svg-KRvShx4otOmN6xgt .node path{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-KRvShx4otOmN6xgt .node .label{text-align:center;fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .node.clickable{cursor:pointer}#mermaid-svg-KRvShx4otOmN6xgt .arrowheadPath{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .edgePath .path{stroke:#333;stroke-width:1.5px}#mermaid-svg-KRvShx4otOmN6xgt .flowchart-link{stroke:#333;fill:none}#mermaid-svg-KRvShx4otOmN6xgt .edgeLabel{background-color:#e8e8e8;text-align:center}#mermaid-svg-KRvShx4otOmN6xgt .edgeLabel rect{opacity:0.9}#mermaid-svg-KRvShx4otOmN6xgt .edgeLabel span{color:#333}#mermaid-svg-KRvShx4otOmN6xgt .cluster rect{fill:#ffffde;stroke:#aa3;stroke-width:1px}#mermaid-svg-KRvShx4otOmN6xgt .cluster text{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:12px;background:#ffffde;border:1px solid #aa3;border-radius:2px;pointer-events:none;z-index:100}#mermaid-svg-KRvShx4otOmN6xgt .actor{stroke:#ccf;fill:#ECECFF}#mermaid-svg-KRvShx4otOmN6xgt text.actor>tspan{fill:#000;stroke:none}#mermaid-svg-KRvShx4otOmN6xgt .actor-line{stroke:grey}#mermaid-svg-KRvShx4otOmN6xgt .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333}#mermaid-svg-KRvShx4otOmN6xgt .messageLine1{stroke-width:1.5;stroke-dasharray:2, 2;stroke:#333}#mermaid-svg-KRvShx4otOmN6xgt #arrowhead path{fill:#333;stroke:#333}#mermaid-svg-KRvShx4otOmN6xgt .sequenceNumber{fill:#fff}#mermaid-svg-KRvShx4otOmN6xgt #sequencenumber{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt #crosshead path{fill:#333;stroke:#333}#mermaid-svg-KRvShx4otOmN6xgt .messageText{fill:#333;stroke:#333}#mermaid-svg-KRvShx4otOmN6xgt .labelBox{stroke:#ccf;fill:#ECECFF}#mermaid-svg-KRvShx4otOmN6xgt .labelText,#mermaid-svg-KRvShx4otOmN6xgt .labelText>tspan{fill:#000;stroke:none}#mermaid-svg-KRvShx4otOmN6xgt .loopText,#mermaid-svg-KRvShx4otOmN6xgt .loopText>tspan{fill:#000;stroke:none}#mermaid-svg-KRvShx4otOmN6xgt .loopLine{stroke-width:2px;stroke-dasharray:2, 2;stroke:#ccf;fill:#ccf}#mermaid-svg-KRvShx4otOmN6xgt .note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-KRvShx4otOmN6xgt .noteText,#mermaid-svg-KRvShx4otOmN6xgt .noteText>tspan{fill:#000;stroke:none}#mermaid-svg-KRvShx4otOmN6xgt .activation0{fill:#f4f4f4;stroke:#666}#mermaid-svg-KRvShx4otOmN6xgt .activation1{fill:#f4f4f4;stroke:#666}#mermaid-svg-KRvShx4otOmN6xgt .activation2{fill:#f4f4f4;stroke:#666}#mermaid-svg-KRvShx4otOmN6xgt .mermaid-main-font{font-family:"trebuchet ms", verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .section{stroke:none;opacity:0.2}#mermaid-svg-KRvShx4otOmN6xgt .section0{fill:rgba(102,102,255,0.49)}#mermaid-svg-KRvShx4otOmN6xgt .section2{fill:#fff400}#mermaid-svg-KRvShx4otOmN6xgt .section1,#mermaid-svg-KRvShx4otOmN6xgt .section3{fill:#fff;opacity:0.2}#mermaid-svg-KRvShx4otOmN6xgt .sectionTitle0{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .sectionTitle1{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .sectionTitle2{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .sectionTitle3{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .sectionTitle{text-anchor:start;font-size:11px;text-height:14px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .grid .tick{stroke:#d3d3d3;opacity:0.8;shape-rendering:crispEdges}#mermaid-svg-KRvShx4otOmN6xgt .grid .tick text{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .grid path{stroke-width:0}#mermaid-svg-KRvShx4otOmN6xgt .today{fill:none;stroke:red;stroke-width:2px}#mermaid-svg-KRvShx4otOmN6xgt .task{stroke-width:2}#mermaid-svg-KRvShx4otOmN6xgt .taskText{text-anchor:middle;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .taskText:not([font-size]){font-size:11px}#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutsideRight{fill:#000;text-anchor:start;font-size:11px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutsideLeft{fill:#000;text-anchor:end;font-size:11px}#mermaid-svg-KRvShx4otOmN6xgt .task.clickable{cursor:pointer}#mermaid-svg-KRvShx4otOmN6xgt .taskText.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutsideLeft.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutsideRight.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-KRvShx4otOmN6xgt .taskText0,#mermaid-svg-KRvShx4otOmN6xgt .taskText1,#mermaid-svg-KRvShx4otOmN6xgt .taskText2,#mermaid-svg-KRvShx4otOmN6xgt .taskText3{fill:#fff}#mermaid-svg-KRvShx4otOmN6xgt .task0,#mermaid-svg-KRvShx4otOmN6xgt .task1,#mermaid-svg-KRvShx4otOmN6xgt .task2,#mermaid-svg-KRvShx4otOmN6xgt .task3{fill:#8a90dd;stroke:#534fbc}#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutside0,#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutside2{fill:#000}#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutside1,#mermaid-svg-KRvShx4otOmN6xgt .taskTextOutside3{fill:#000}#mermaid-svg-KRvShx4otOmN6xgt .active0,#mermaid-svg-KRvShx4otOmN6xgt .active1,#mermaid-svg-KRvShx4otOmN6xgt .active2,#mermaid-svg-KRvShx4otOmN6xgt .active3{fill:#bfc7ff;stroke:#534fbc}#mermaid-svg-KRvShx4otOmN6xgt .activeText0,#mermaid-svg-KRvShx4otOmN6xgt .activeText1,#mermaid-svg-KRvShx4otOmN6xgt .activeText2,#mermaid-svg-KRvShx4otOmN6xgt .activeText3{fill:#000 !important}#mermaid-svg-KRvShx4otOmN6xgt .done0,#mermaid-svg-KRvShx4otOmN6xgt .done1,#mermaid-svg-KRvShx4otOmN6xgt .done2,#mermaid-svg-KRvShx4otOmN6xgt .done3{stroke:grey;fill:#d3d3d3;stroke-width:2}#mermaid-svg-KRvShx4otOmN6xgt .doneText0,#mermaid-svg-KRvShx4otOmN6xgt .doneText1,#mermaid-svg-KRvShx4otOmN6xgt .doneText2,#mermaid-svg-KRvShx4otOmN6xgt .doneText3{fill:#000 !important}#mermaid-svg-KRvShx4otOmN6xgt .crit0,#mermaid-svg-KRvShx4otOmN6xgt .crit1,#mermaid-svg-KRvShx4otOmN6xgt .crit2,#mermaid-svg-KRvShx4otOmN6xgt .crit3{stroke:#f88;fill:red;stroke-width:2}#mermaid-svg-KRvShx4otOmN6xgt .activeCrit0,#mermaid-svg-KRvShx4otOmN6xgt .activeCrit1,#mermaid-svg-KRvShx4otOmN6xgt .activeCrit2,#mermaid-svg-KRvShx4otOmN6xgt .activeCrit3{stroke:#f88;fill:#bfc7ff;stroke-width:2}#mermaid-svg-KRvShx4otOmN6xgt .doneCrit0,#mermaid-svg-KRvShx4otOmN6xgt .doneCrit1,#mermaid-svg-KRvShx4otOmN6xgt .doneCrit2,#mermaid-svg-KRvShx4otOmN6xgt .doneCrit3{stroke:#f88;fill:#d3d3d3;stroke-width:2;cursor:pointer;shape-rendering:crispEdges}#mermaid-svg-KRvShx4otOmN6xgt .milestone{transform:rotate(45deg) scale(0.8, 0.8)}#mermaid-svg-KRvShx4otOmN6xgt .milestoneText{font-style:italic}#mermaid-svg-KRvShx4otOmN6xgt .doneCritText0,#mermaid-svg-KRvShx4otOmN6xgt .doneCritText1,#mermaid-svg-KRvShx4otOmN6xgt .doneCritText2,#mermaid-svg-KRvShx4otOmN6xgt .doneCritText3{fill:#000 !important}#mermaid-svg-KRvShx4otOmN6xgt .activeCritText0,#mermaid-svg-KRvShx4otOmN6xgt .activeCritText1,#mermaid-svg-KRvShx4otOmN6xgt .activeCritText2,#mermaid-svg-KRvShx4otOmN6xgt .activeCritText3{fill:#000 !important}#mermaid-svg-KRvShx4otOmN6xgt .titleText{text-anchor:middle;font-size:18px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt g.classGroup text{fill:#9370db;stroke:none;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:10px}#mermaid-svg-KRvShx4otOmN6xgt g.classGroup text .title{font-weight:bolder}#mermaid-svg-KRvShx4otOmN6xgt g.clickable{cursor:pointer}#mermaid-svg-KRvShx4otOmN6xgt g.classGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-KRvShx4otOmN6xgt g.classGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5}#mermaid-svg-KRvShx4otOmN6xgt .classLabel .label{fill:#9370db;font-size:10px}#mermaid-svg-KRvShx4otOmN6xgt .relation{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-KRvShx4otOmN6xgt .dashed-line{stroke-dasharray:3}#mermaid-svg-KRvShx4otOmN6xgt #compositionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #compositionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #aggregationStart{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #aggregationEnd{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #dependencyStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #dependencyEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #extensionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt #extensionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt .commit-id,#mermaid-svg-KRvShx4otOmN6xgt .commit-msg,#mermaid-svg-KRvShx4otOmN6xgt .branch-label{fill:lightgrey;color:lightgrey;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .pieTitleText{text-anchor:middle;font-size:25px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .slice{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt g.stateGroup text{fill:#9370db;stroke:none;font-size:10px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt g.stateGroup text{fill:#9370db;fill:#333;stroke:none;font-size:10px}#mermaid-svg-KRvShx4otOmN6xgt g.statediagram-cluster .cluster-label text{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt g.stateGroup .state-title{font-weight:bolder;fill:#000}#mermaid-svg-KRvShx4otOmN6xgt g.stateGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-KRvShx4otOmN6xgt g.stateGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-KRvShx4otOmN6xgt .transition{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-KRvShx4otOmN6xgt .stateGroup .composit{fill:white;border-bottom:1px}#mermaid-svg-KRvShx4otOmN6xgt .stateGroup .alt-composit{fill:#e0e0e0;border-bottom:1px}#mermaid-svg-KRvShx4otOmN6xgt .state-note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-KRvShx4otOmN6xgt .state-note text{fill:black;stroke:none;font-size:10px}#mermaid-svg-KRvShx4otOmN6xgt .stateLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.7}#mermaid-svg-KRvShx4otOmN6xgt .edgeLabel text{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .stateLabel text{fill:#000;font-size:10px;font-weight:bold;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-KRvShx4otOmN6xgt .node circle.state-start{fill:black;stroke:black}#mermaid-svg-KRvShx4otOmN6xgt .node circle.state-end{fill:black;stroke:white;stroke-width:1.5}#mermaid-svg-KRvShx4otOmN6xgt #statediagram-barbEnd{fill:#9370db}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-cluster rect{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-cluster rect.outer{rx:5px;ry:5px}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-state .divider{stroke:#9370db}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-state .title-state{rx:5px;ry:5px}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-cluster.statediagram-cluster .inner{fill:white}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-cluster.statediagram-cluster-alt .inner{fill:#e0e0e0}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-cluster .inner{rx:0;ry:0}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-state rect.basic{rx:5px;ry:5px}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-state rect.divider{stroke-dasharray:10,10;fill:#efefef}#mermaid-svg-KRvShx4otOmN6xgt .note-edge{stroke-dasharray:5}#mermaid-svg-KRvShx4otOmN6xgt .statediagram-note rect{fill:#fff5ad;stroke:#aa3;stroke-width:1px;rx:0;ry:0}:root{--mermaid-font-family: '"trebuchet ms", verdana, arial';--mermaid-font-family: "Comic Sans MS", "Comic Sans", cursive}#mermaid-svg-KRvShx4otOmN6xgt .error-icon{fill:#522}#mermaid-svg-KRvShx4otOmN6xgt .error-text{fill:#522;stroke:#522}#mermaid-svg-KRvShx4otOmN6xgt .edge-thickness-normal{stroke-width:2px}#mermaid-svg-KRvShx4otOmN6xgt .edge-thickness-thick{stroke-width:3.5px}#mermaid-svg-KRvShx4otOmN6xgt .edge-pattern-solid{stroke-dasharray:0}#mermaid-svg-KRvShx4otOmN6xgt .edge-pattern-dashed{stroke-dasharray:3}#mermaid-svg-KRvShx4otOmN6xgt .edge-pattern-dotted{stroke-dasharray:2}#mermaid-svg-KRvShx4otOmN6xgt .marker{fill:#333}#mermaid-svg-KRvShx4otOmN6xgt .marker.cross{stroke:#333}:root { --mermaid-font-family: "trebuchet ms", verdana, arial;} #mermaid-svg-KRvShx4otOmN6xgt {color: rgba(0, 0, 0, 0.75);font: ;} Client Server 申请 RSA 交换 公钥 生成随机数 S,使用公钥加密,得到 C 发送 C 使用私钥解密 C,得到 S 使用 S 加密请求 使用 S 加密响应 Client Server
SSL协议中,服务器发送的公钥在SSL中是通过certificate报文发送的,certificate中的包含了公钥。C是通过Client key exchange报文发送的。
DHE密钥交换算法
DHE算法流程文字描述如下:
(1):客户端计算一个随机值Xa,使用Xa作为指数,即计算Pa = q^Xa mod p,其中q和p是全世界公认的一对值。客户端把Pa发送至服务器,Xa作为自己私钥,仅且自己知道。
(2):服务器和客户端计算流程一样,生成一个随机值Xb,使用Xb作为指数,计算
Pb = q^Xb mod p,将结果Pb发送至客户端,Xb仅自己保存。
(3):客户端收到Pb后计算Sa = Pb ^Xa mod p;服务器收到Pa后计算Sb = Pa^Xb mod p
(4):算法保证了Sa = Sb = S,故密钥交换成功,S为密钥(预主密钥)。
#mermaid-svg-08OiJzFvjddH4Viw .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-08OiJzFvjddH4Viw .label text{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .node rect,#mermaid-svg-08OiJzFvjddH4Viw .node circle,#mermaid-svg-08OiJzFvjddH4Viw .node ellipse,#mermaid-svg-08OiJzFvjddH4Viw .node polygon,#mermaid-svg-08OiJzFvjddH4Viw .node path{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-08OiJzFvjddH4Viw .node .label{text-align:center;fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .node.clickable{cursor:pointer}#mermaid-svg-08OiJzFvjddH4Viw .arrowheadPath{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .edgePath .path{stroke:#333;stroke-width:1.5px}#mermaid-svg-08OiJzFvjddH4Viw .flowchart-link{stroke:#333;fill:none}#mermaid-svg-08OiJzFvjddH4Viw .edgeLabel{background-color:#e8e8e8;text-align:center}#mermaid-svg-08OiJzFvjddH4Viw .edgeLabel rect{opacity:0.9}#mermaid-svg-08OiJzFvjddH4Viw .edgeLabel span{color:#333}#mermaid-svg-08OiJzFvjddH4Viw .cluster rect{fill:#ffffde;stroke:#aa3;stroke-width:1px}#mermaid-svg-08OiJzFvjddH4Viw .cluster text{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:12px;background:#ffffde;border:1px solid #aa3;border-radius:2px;pointer-events:none;z-index:100}#mermaid-svg-08OiJzFvjddH4Viw .actor{stroke:#ccf;fill:#ECECFF}#mermaid-svg-08OiJzFvjddH4Viw text.actor>tspan{fill:#000;stroke:none}#mermaid-svg-08OiJzFvjddH4Viw .actor-line{stroke:grey}#mermaid-svg-08OiJzFvjddH4Viw .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333}#mermaid-svg-08OiJzFvjddH4Viw .messageLine1{stroke-width:1.5;stroke-dasharray:2, 2;stroke:#333}#mermaid-svg-08OiJzFvjddH4Viw #arrowhead path{fill:#333;stroke:#333}#mermaid-svg-08OiJzFvjddH4Viw .sequenceNumber{fill:#fff}#mermaid-svg-08OiJzFvjddH4Viw #sequencenumber{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw #crosshead path{fill:#333;stroke:#333}#mermaid-svg-08OiJzFvjddH4Viw .messageText{fill:#333;stroke:#333}#mermaid-svg-08OiJzFvjddH4Viw .labelBox{stroke:#ccf;fill:#ECECFF}#mermaid-svg-08OiJzFvjddH4Viw .labelText,#mermaid-svg-08OiJzFvjddH4Viw .labelText>tspan{fill:#000;stroke:none}#mermaid-svg-08OiJzFvjddH4Viw .loopText,#mermaid-svg-08OiJzFvjddH4Viw .loopText>tspan{fill:#000;stroke:none}#mermaid-svg-08OiJzFvjddH4Viw .loopLine{stroke-width:2px;stroke-dasharray:2, 2;stroke:#ccf;fill:#ccf}#mermaid-svg-08OiJzFvjddH4Viw .note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-08OiJzFvjddH4Viw .noteText,#mermaid-svg-08OiJzFvjddH4Viw .noteText>tspan{fill:#000;stroke:none}#mermaid-svg-08OiJzFvjddH4Viw .activation0{fill:#f4f4f4;stroke:#666}#mermaid-svg-08OiJzFvjddH4Viw .activation1{fill:#f4f4f4;stroke:#666}#mermaid-svg-08OiJzFvjddH4Viw .activation2{fill:#f4f4f4;stroke:#666}#mermaid-svg-08OiJzFvjddH4Viw .mermaid-main-font{font-family:"trebuchet ms", verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .section{stroke:none;opacity:0.2}#mermaid-svg-08OiJzFvjddH4Viw .section0{fill:rgba(102,102,255,0.49)}#mermaid-svg-08OiJzFvjddH4Viw .section2{fill:#fff400}#mermaid-svg-08OiJzFvjddH4Viw .section1,#mermaid-svg-08OiJzFvjddH4Viw .section3{fill:#fff;opacity:0.2}#mermaid-svg-08OiJzFvjddH4Viw .sectionTitle0{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .sectionTitle1{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .sectionTitle2{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .sectionTitle3{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .sectionTitle{text-anchor:start;font-size:11px;text-height:14px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .grid .tick{stroke:#d3d3d3;opacity:0.8;shape-rendering:crispEdges}#mermaid-svg-08OiJzFvjddH4Viw .grid .tick text{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .grid path{stroke-width:0}#mermaid-svg-08OiJzFvjddH4Viw .today{fill:none;stroke:red;stroke-width:2px}#mermaid-svg-08OiJzFvjddH4Viw .task{stroke-width:2}#mermaid-svg-08OiJzFvjddH4Viw .taskText{text-anchor:middle;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .taskText:not([font-size]){font-size:11px}#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutsideRight{fill:#000;text-anchor:start;font-size:11px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutsideLeft{fill:#000;text-anchor:end;font-size:11px}#mermaid-svg-08OiJzFvjddH4Viw .task.clickable{cursor:pointer}#mermaid-svg-08OiJzFvjddH4Viw .taskText.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutsideLeft.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutsideRight.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-08OiJzFvjddH4Viw .taskText0,#mermaid-svg-08OiJzFvjddH4Viw .taskText1,#mermaid-svg-08OiJzFvjddH4Viw .taskText2,#mermaid-svg-08OiJzFvjddH4Viw .taskText3{fill:#fff}#mermaid-svg-08OiJzFvjddH4Viw .task0,#mermaid-svg-08OiJzFvjddH4Viw .task1,#mermaid-svg-08OiJzFvjddH4Viw .task2,#mermaid-svg-08OiJzFvjddH4Viw .task3{fill:#8a90dd;stroke:#534fbc}#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutside0,#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutside2{fill:#000}#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutside1,#mermaid-svg-08OiJzFvjddH4Viw .taskTextOutside3{fill:#000}#mermaid-svg-08OiJzFvjddH4Viw .active0,#mermaid-svg-08OiJzFvjddH4Viw .active1,#mermaid-svg-08OiJzFvjddH4Viw .active2,#mermaid-svg-08OiJzFvjddH4Viw .active3{fill:#bfc7ff;stroke:#534fbc}#mermaid-svg-08OiJzFvjddH4Viw .activeText0,#mermaid-svg-08OiJzFvjddH4Viw .activeText1,#mermaid-svg-08OiJzFvjddH4Viw .activeText2,#mermaid-svg-08OiJzFvjddH4Viw .activeText3{fill:#000 !important}#mermaid-svg-08OiJzFvjddH4Viw .done0,#mermaid-svg-08OiJzFvjddH4Viw .done1,#mermaid-svg-08OiJzFvjddH4Viw .done2,#mermaid-svg-08OiJzFvjddH4Viw .done3{stroke:grey;fill:#d3d3d3;stroke-width:2}#mermaid-svg-08OiJzFvjddH4Viw .doneText0,#mermaid-svg-08OiJzFvjddH4Viw .doneText1,#mermaid-svg-08OiJzFvjddH4Viw .doneText2,#mermaid-svg-08OiJzFvjddH4Viw .doneText3{fill:#000 !important}#mermaid-svg-08OiJzFvjddH4Viw .crit0,#mermaid-svg-08OiJzFvjddH4Viw .crit1,#mermaid-svg-08OiJzFvjddH4Viw .crit2,#mermaid-svg-08OiJzFvjddH4Viw .crit3{stroke:#f88;fill:red;stroke-width:2}#mermaid-svg-08OiJzFvjddH4Viw .activeCrit0,#mermaid-svg-08OiJzFvjddH4Viw .activeCrit1,#mermaid-svg-08OiJzFvjddH4Viw .activeCrit2,#mermaid-svg-08OiJzFvjddH4Viw .activeCrit3{stroke:#f88;fill:#bfc7ff;stroke-width:2}#mermaid-svg-08OiJzFvjddH4Viw .doneCrit0,#mermaid-svg-08OiJzFvjddH4Viw .doneCrit1,#mermaid-svg-08OiJzFvjddH4Viw .doneCrit2,#mermaid-svg-08OiJzFvjddH4Viw .doneCrit3{stroke:#f88;fill:#d3d3d3;stroke-width:2;cursor:pointer;shape-rendering:crispEdges}#mermaid-svg-08OiJzFvjddH4Viw .milestone{transform:rotate(45deg) scale(0.8, 0.8)}#mermaid-svg-08OiJzFvjddH4Viw .milestoneText{font-style:italic}#mermaid-svg-08OiJzFvjddH4Viw .doneCritText0,#mermaid-svg-08OiJzFvjddH4Viw .doneCritText1,#mermaid-svg-08OiJzFvjddH4Viw .doneCritText2,#mermaid-svg-08OiJzFvjddH4Viw .doneCritText3{fill:#000 !important}#mermaid-svg-08OiJzFvjddH4Viw .activeCritText0,#mermaid-svg-08OiJzFvjddH4Viw .activeCritText1,#mermaid-svg-08OiJzFvjddH4Viw .activeCritText2,#mermaid-svg-08OiJzFvjddH4Viw .activeCritText3{fill:#000 !important}#mermaid-svg-08OiJzFvjddH4Viw .titleText{text-anchor:middle;font-size:18px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw g.classGroup text{fill:#9370db;stroke:none;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:10px}#mermaid-svg-08OiJzFvjddH4Viw g.classGroup text .title{font-weight:bolder}#mermaid-svg-08OiJzFvjddH4Viw g.clickable{cursor:pointer}#mermaid-svg-08OiJzFvjddH4Viw g.classGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-08OiJzFvjddH4Viw g.classGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5}#mermaid-svg-08OiJzFvjddH4Viw .classLabel .label{fill:#9370db;font-size:10px}#mermaid-svg-08OiJzFvjddH4Viw .relation{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-08OiJzFvjddH4Viw .dashed-line{stroke-dasharray:3}#mermaid-svg-08OiJzFvjddH4Viw #compositionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #compositionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #aggregationStart{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #aggregationEnd{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #dependencyStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #dependencyEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #extensionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw #extensionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw .commit-id,#mermaid-svg-08OiJzFvjddH4Viw .commit-msg,#mermaid-svg-08OiJzFvjddH4Viw .branch-label{fill:lightgrey;color:lightgrey;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .pieTitleText{text-anchor:middle;font-size:25px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .slice{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw g.stateGroup text{fill:#9370db;stroke:none;font-size:10px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw g.stateGroup text{fill:#9370db;fill:#333;stroke:none;font-size:10px}#mermaid-svg-08OiJzFvjddH4Viw g.statediagram-cluster .cluster-label text{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw g.stateGroup .state-title{font-weight:bolder;fill:#000}#mermaid-svg-08OiJzFvjddH4Viw g.stateGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-08OiJzFvjddH4Viw g.stateGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-08OiJzFvjddH4Viw .transition{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-08OiJzFvjddH4Viw .stateGroup .composit{fill:white;border-bottom:1px}#mermaid-svg-08OiJzFvjddH4Viw .stateGroup .alt-composit{fill:#e0e0e0;border-bottom:1px}#mermaid-svg-08OiJzFvjddH4Viw .state-note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-08OiJzFvjddH4Viw .state-note text{fill:black;stroke:none;font-size:10px}#mermaid-svg-08OiJzFvjddH4Viw .stateLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.7}#mermaid-svg-08OiJzFvjddH4Viw .edgeLabel text{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .stateLabel text{fill:#000;font-size:10px;font-weight:bold;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-08OiJzFvjddH4Viw .node circle.state-start{fill:black;stroke:black}#mermaid-svg-08OiJzFvjddH4Viw .node circle.state-end{fill:black;stroke:white;stroke-width:1.5}#mermaid-svg-08OiJzFvjddH4Viw #statediagram-barbEnd{fill:#9370db}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-cluster rect{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-cluster rect.outer{rx:5px;ry:5px}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-state .divider{stroke:#9370db}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-state .title-state{rx:5px;ry:5px}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-cluster.statediagram-cluster .inner{fill:white}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-cluster.statediagram-cluster-alt .inner{fill:#e0e0e0}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-cluster .inner{rx:0;ry:0}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-state rect.basic{rx:5px;ry:5px}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-state rect.divider{stroke-dasharray:10,10;fill:#efefef}#mermaid-svg-08OiJzFvjddH4Viw .note-edge{stroke-dasharray:5}#mermaid-svg-08OiJzFvjddH4Viw .statediagram-note rect{fill:#fff5ad;stroke:#aa3;stroke-width:1px;rx:0;ry:0}:root{--mermaid-font-family: '"trebuchet ms", verdana, arial';--mermaid-font-family: "Comic Sans MS", "Comic Sans", cursive}#mermaid-svg-08OiJzFvjddH4Viw .error-icon{fill:#522}#mermaid-svg-08OiJzFvjddH4Viw .error-text{fill:#522;stroke:#522}#mermaid-svg-08OiJzFvjddH4Viw .edge-thickness-normal{stroke-width:2px}#mermaid-svg-08OiJzFvjddH4Viw .edge-thickness-thick{stroke-width:3.5px}#mermaid-svg-08OiJzFvjddH4Viw .edge-pattern-solid{stroke-dasharray:0}#mermaid-svg-08OiJzFvjddH4Viw .edge-pattern-dashed{stroke-dasharray:3}#mermaid-svg-08OiJzFvjddH4Viw .edge-pattern-dotted{stroke-dasharray:2}#mermaid-svg-08OiJzFvjddH4Viw .marker{fill:#333}#mermaid-svg-08OiJzFvjddH4Viw .marker.cross{stroke:#333}:root { --mermaid-font-family: "trebuchet ms", verdana, arial;} #mermaid-svg-08OiJzFvjddH4Viw {color: rgba(0, 0, 0, 0.75);font: ;} Client Server 申请 DHE 交换 DHE参数(大数q、p) 随机生成大数Xb,计算Pb = q ∧ Xb mod p 发送Pb 随机生成大数Xa,计算Pa = q ∧ Xa mod p 发送 Pa 计算 Sb = Pa^Xb mod p 计算 Sa = Pb ^Xa mod p Client Server
SSL协议中,上图中DHE参数和Pb都是通过server key exchange发送给客户端,Pa通过client key exchange发送给服务器。server key exchange的结尾处需要使用服务器私钥对该报文本身进行签名,以表明自己拥有私钥(图中为了表明私钥没有参与密钥计算,没有画出,但不影响理解DHE算法)。
ECDHE密钥交换算法
ECDHE算法流程文字描述如下:
(1):客户端随机生成随机值Ra,计算Pa(x, y) = Ra * Q(x, y),Q(x, y)为全世界公认的某个椭圆曲线算法的基点。将Pa(x, y)发送至服务器。
(2):服务器随机生成随机值Rb,计算Pb(x,y) = Rb * Q(x, y)。将Pb(x, y)发送至客户端。
(3):客户端计算Sa(x, y) = Ra * Pb(x, y);服务器计算Sb(x, y) = Rb *Pa(x, y)
(4):算法保证了Sa = Sb = S,提取其中的S的x向量作为密钥(预主密钥)。
#mermaid-svg-uj54n9b4acwPTgBJ .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-uj54n9b4acwPTgBJ .label text{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .node rect,#mermaid-svg-uj54n9b4acwPTgBJ .node circle,#mermaid-svg-uj54n9b4acwPTgBJ .node ellipse,#mermaid-svg-uj54n9b4acwPTgBJ .node polygon,#mermaid-svg-uj54n9b4acwPTgBJ .node path{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-uj54n9b4acwPTgBJ .node .label{text-align:center;fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .node.clickable{cursor:pointer}#mermaid-svg-uj54n9b4acwPTgBJ .arrowheadPath{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .edgePath .path{stroke:#333;stroke-width:1.5px}#mermaid-svg-uj54n9b4acwPTgBJ .flowchart-link{stroke:#333;fill:none}#mermaid-svg-uj54n9b4acwPTgBJ .edgeLabel{background-color:#e8e8e8;text-align:center}#mermaid-svg-uj54n9b4acwPTgBJ .edgeLabel rect{opacity:0.9}#mermaid-svg-uj54n9b4acwPTgBJ .edgeLabel span{color:#333}#mermaid-svg-uj54n9b4acwPTgBJ .cluster rect{fill:#ffffde;stroke:#aa3;stroke-width:1px}#mermaid-svg-uj54n9b4acwPTgBJ .cluster text{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:12px;background:#ffffde;border:1px solid #aa3;border-radius:2px;pointer-events:none;z-index:100}#mermaid-svg-uj54n9b4acwPTgBJ .actor{stroke:#ccf;fill:#ECECFF}#mermaid-svg-uj54n9b4acwPTgBJ text.actor>tspan{fill:#000;stroke:none}#mermaid-svg-uj54n9b4acwPTgBJ .actor-line{stroke:grey}#mermaid-svg-uj54n9b4acwPTgBJ .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333}#mermaid-svg-uj54n9b4acwPTgBJ .messageLine1{stroke-width:1.5;stroke-dasharray:2, 2;stroke:#333}#mermaid-svg-uj54n9b4acwPTgBJ #arrowhead path{fill:#333;stroke:#333}#mermaid-svg-uj54n9b4acwPTgBJ .sequenceNumber{fill:#fff}#mermaid-svg-uj54n9b4acwPTgBJ #sequencenumber{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ #crosshead path{fill:#333;stroke:#333}#mermaid-svg-uj54n9b4acwPTgBJ .messageText{fill:#333;stroke:#333}#mermaid-svg-uj54n9b4acwPTgBJ .labelBox{stroke:#ccf;fill:#ECECFF}#mermaid-svg-uj54n9b4acwPTgBJ .labelText,#mermaid-svg-uj54n9b4acwPTgBJ .labelText>tspan{fill:#000;stroke:none}#mermaid-svg-uj54n9b4acwPTgBJ .loopText,#mermaid-svg-uj54n9b4acwPTgBJ .loopText>tspan{fill:#000;stroke:none}#mermaid-svg-uj54n9b4acwPTgBJ .loopLine{stroke-width:2px;stroke-dasharray:2, 2;stroke:#ccf;fill:#ccf}#mermaid-svg-uj54n9b4acwPTgBJ .note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-uj54n9b4acwPTgBJ .noteText,#mermaid-svg-uj54n9b4acwPTgBJ .noteText>tspan{fill:#000;stroke:none}#mermaid-svg-uj54n9b4acwPTgBJ .activation0{fill:#f4f4f4;stroke:#666}#mermaid-svg-uj54n9b4acwPTgBJ .activation1{fill:#f4f4f4;stroke:#666}#mermaid-svg-uj54n9b4acwPTgBJ .activation2{fill:#f4f4f4;stroke:#666}#mermaid-svg-uj54n9b4acwPTgBJ .mermaid-main-font{font-family:"trebuchet ms", verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .section{stroke:none;opacity:0.2}#mermaid-svg-uj54n9b4acwPTgBJ .section0{fill:rgba(102,102,255,0.49)}#mermaid-svg-uj54n9b4acwPTgBJ .section2{fill:#fff400}#mermaid-svg-uj54n9b4acwPTgBJ .section1,#mermaid-svg-uj54n9b4acwPTgBJ .section3{fill:#fff;opacity:0.2}#mermaid-svg-uj54n9b4acwPTgBJ .sectionTitle0{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .sectionTitle1{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .sectionTitle2{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .sectionTitle3{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .sectionTitle{text-anchor:start;font-size:11px;text-height:14px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .grid .tick{stroke:#d3d3d3;opacity:0.8;shape-rendering:crispEdges}#mermaid-svg-uj54n9b4acwPTgBJ .grid .tick text{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .grid path{stroke-width:0}#mermaid-svg-uj54n9b4acwPTgBJ .today{fill:none;stroke:red;stroke-width:2px}#mermaid-svg-uj54n9b4acwPTgBJ .task{stroke-width:2}#mermaid-svg-uj54n9b4acwPTgBJ .taskText{text-anchor:middle;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .taskText:not([font-size]){font-size:11px}#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutsideRight{fill:#000;text-anchor:start;font-size:11px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutsideLeft{fill:#000;text-anchor:end;font-size:11px}#mermaid-svg-uj54n9b4acwPTgBJ .task.clickable{cursor:pointer}#mermaid-svg-uj54n9b4acwPTgBJ .taskText.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutsideLeft.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutsideRight.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-uj54n9b4acwPTgBJ .taskText0,#mermaid-svg-uj54n9b4acwPTgBJ .taskText1,#mermaid-svg-uj54n9b4acwPTgBJ .taskText2,#mermaid-svg-uj54n9b4acwPTgBJ .taskText3{fill:#fff}#mermaid-svg-uj54n9b4acwPTgBJ .task0,#mermaid-svg-uj54n9b4acwPTgBJ .task1,#mermaid-svg-uj54n9b4acwPTgBJ .task2,#mermaid-svg-uj54n9b4acwPTgBJ .task3{fill:#8a90dd;stroke:#534fbc}#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutside0,#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutside2{fill:#000}#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutside1,#mermaid-svg-uj54n9b4acwPTgBJ .taskTextOutside3{fill:#000}#mermaid-svg-uj54n9b4acwPTgBJ .active0,#mermaid-svg-uj54n9b4acwPTgBJ .active1,#mermaid-svg-uj54n9b4acwPTgBJ .active2,#mermaid-svg-uj54n9b4acwPTgBJ .active3{fill:#bfc7ff;stroke:#534fbc}#mermaid-svg-uj54n9b4acwPTgBJ .activeText0,#mermaid-svg-uj54n9b4acwPTgBJ .activeText1,#mermaid-svg-uj54n9b4acwPTgBJ .activeText2,#mermaid-svg-uj54n9b4acwPTgBJ .activeText3{fill:#000 !important}#mermaid-svg-uj54n9b4acwPTgBJ .done0,#mermaid-svg-uj54n9b4acwPTgBJ .done1,#mermaid-svg-uj54n9b4acwPTgBJ .done2,#mermaid-svg-uj54n9b4acwPTgBJ .done3{stroke:grey;fill:#d3d3d3;stroke-width:2}#mermaid-svg-uj54n9b4acwPTgBJ .doneText0,#mermaid-svg-uj54n9b4acwPTgBJ .doneText1,#mermaid-svg-uj54n9b4acwPTgBJ .doneText2,#mermaid-svg-uj54n9b4acwPTgBJ .doneText3{fill:#000 !important}#mermaid-svg-uj54n9b4acwPTgBJ .crit0,#mermaid-svg-uj54n9b4acwPTgBJ .crit1,#mermaid-svg-uj54n9b4acwPTgBJ .crit2,#mermaid-svg-uj54n9b4acwPTgBJ .crit3{stroke:#f88;fill:red;stroke-width:2}#mermaid-svg-uj54n9b4acwPTgBJ .activeCrit0,#mermaid-svg-uj54n9b4acwPTgBJ .activeCrit1,#mermaid-svg-uj54n9b4acwPTgBJ .activeCrit2,#mermaid-svg-uj54n9b4acwPTgBJ .activeCrit3{stroke:#f88;fill:#bfc7ff;stroke-width:2}#mermaid-svg-uj54n9b4acwPTgBJ .doneCrit0,#mermaid-svg-uj54n9b4acwPTgBJ .doneCrit1,#mermaid-svg-uj54n9b4acwPTgBJ .doneCrit2,#mermaid-svg-uj54n9b4acwPTgBJ .doneCrit3{stroke:#f88;fill:#d3d3d3;stroke-width:2;cursor:pointer;shape-rendering:crispEdges}#mermaid-svg-uj54n9b4acwPTgBJ .milestone{transform:rotate(45deg) scale(0.8, 0.8)}#mermaid-svg-uj54n9b4acwPTgBJ .milestoneText{font-style:italic}#mermaid-svg-uj54n9b4acwPTgBJ .doneCritText0,#mermaid-svg-uj54n9b4acwPTgBJ .doneCritText1,#mermaid-svg-uj54n9b4acwPTgBJ .doneCritText2,#mermaid-svg-uj54n9b4acwPTgBJ .doneCritText3{fill:#000 !important}#mermaid-svg-uj54n9b4acwPTgBJ .activeCritText0,#mermaid-svg-uj54n9b4acwPTgBJ .activeCritText1,#mermaid-svg-uj54n9b4acwPTgBJ .activeCritText2,#mermaid-svg-uj54n9b4acwPTgBJ .activeCritText3{fill:#000 !important}#mermaid-svg-uj54n9b4acwPTgBJ .titleText{text-anchor:middle;font-size:18px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ g.classGroup text{fill:#9370db;stroke:none;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:10px}#mermaid-svg-uj54n9b4acwPTgBJ g.classGroup text .title{font-weight:bolder}#mermaid-svg-uj54n9b4acwPTgBJ g.clickable{cursor:pointer}#mermaid-svg-uj54n9b4acwPTgBJ g.classGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-uj54n9b4acwPTgBJ g.classGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5}#mermaid-svg-uj54n9b4acwPTgBJ .classLabel .label{fill:#9370db;font-size:10px}#mermaid-svg-uj54n9b4acwPTgBJ .relation{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-uj54n9b4acwPTgBJ .dashed-line{stroke-dasharray:3}#mermaid-svg-uj54n9b4acwPTgBJ #compositionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #compositionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #aggregationStart{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #aggregationEnd{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #dependencyStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #dependencyEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #extensionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ #extensionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ .commit-id,#mermaid-svg-uj54n9b4acwPTgBJ .commit-msg,#mermaid-svg-uj54n9b4acwPTgBJ .branch-label{fill:lightgrey;color:lightgrey;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .pieTitleText{text-anchor:middle;font-size:25px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .slice{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ g.stateGroup text{fill:#9370db;stroke:none;font-size:10px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ g.stateGroup text{fill:#9370db;fill:#333;stroke:none;font-size:10px}#mermaid-svg-uj54n9b4acwPTgBJ g.statediagram-cluster .cluster-label text{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ g.stateGroup .state-title{font-weight:bolder;fill:#000}#mermaid-svg-uj54n9b4acwPTgBJ g.stateGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-uj54n9b4acwPTgBJ g.stateGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-uj54n9b4acwPTgBJ .transition{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-uj54n9b4acwPTgBJ .stateGroup .composit{fill:white;border-bottom:1px}#mermaid-svg-uj54n9b4acwPTgBJ .stateGroup .alt-composit{fill:#e0e0e0;border-bottom:1px}#mermaid-svg-uj54n9b4acwPTgBJ .state-note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-uj54n9b4acwPTgBJ .state-note text{fill:black;stroke:none;font-size:10px}#mermaid-svg-uj54n9b4acwPTgBJ .stateLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.7}#mermaid-svg-uj54n9b4acwPTgBJ .edgeLabel text{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .stateLabel text{fill:#000;font-size:10px;font-weight:bold;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-uj54n9b4acwPTgBJ .node circle.state-start{fill:black;stroke:black}#mermaid-svg-uj54n9b4acwPTgBJ .node circle.state-end{fill:black;stroke:white;stroke-width:1.5}#mermaid-svg-uj54n9b4acwPTgBJ #statediagram-barbEnd{fill:#9370db}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-cluster rect{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-cluster rect.outer{rx:5px;ry:5px}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-state .divider{stroke:#9370db}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-state .title-state{rx:5px;ry:5px}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-cluster.statediagram-cluster .inner{fill:white}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-cluster.statediagram-cluster-alt .inner{fill:#e0e0e0}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-cluster .inner{rx:0;ry:0}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-state rect.basic{rx:5px;ry:5px}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-state rect.divider{stroke-dasharray:10,10;fill:#efefef}#mermaid-svg-uj54n9b4acwPTgBJ .note-edge{stroke-dasharray:5}#mermaid-svg-uj54n9b4acwPTgBJ .statediagram-note rect{fill:#fff5ad;stroke:#aa3;stroke-width:1px;rx:0;ry:0}:root{--mermaid-font-family: '"trebuchet ms", verdana, arial';--mermaid-font-family: "Comic Sans MS", "Comic Sans", cursive}#mermaid-svg-uj54n9b4acwPTgBJ .error-icon{fill:#522}#mermaid-svg-uj54n9b4acwPTgBJ .error-text{fill:#522;stroke:#522}#mermaid-svg-uj54n9b4acwPTgBJ .edge-thickness-normal{stroke-width:2px}#mermaid-svg-uj54n9b4acwPTgBJ .edge-thickness-thick{stroke-width:3.5px}#mermaid-svg-uj54n9b4acwPTgBJ .edge-pattern-solid{stroke-dasharray:0}#mermaid-svg-uj54n9b4acwPTgBJ .edge-pattern-dashed{stroke-dasharray:3}#mermaid-svg-uj54n9b4acwPTgBJ .edge-pattern-dotted{stroke-dasharray:2}#mermaid-svg-uj54n9b4acwPTgBJ .marker{fill:#333}#mermaid-svg-uj54n9b4acwPTgBJ .marker.cross{stroke:#333}:root { --mermaid-font-family: "trebuchet ms", verdana, arial;} #mermaid-svg-uj54n9b4acwPTgBJ {color: rgba(0, 0, 0, 0.75);font: ;} Client Server 申请 ECDHE 交换 椭圆曲线名,例如Secp256r1 生成随机数Rb,计算Pb = Rb * Q(x,y),Q为指定椭圆曲线的 basePoint(基点) 发送Pb(x,y) 生成随机数Ra,计算Pa = Ra * Q(x,y),Q为指定椭圆曲线的 basePoint (基点) 发送 Pa(x,y) 计算 S = Rb * Pa(x,y) 计算 S = Ra * Pb(x,y) Client Server
SSL协议中,上图中椭圆曲线名和Pb通过server key exchange报文发送;Pa通过client key exchange报文发送。
参考
SSL中的RSA、DHE、ECDHE、ECDH流程与区别
9. PKI - 三种密钥交换算法详解(RSA DHE ECDHE)及他们在SSL/TLS协议中的应用相关推荐
- 数据加密 三种密钥交换算法详解(RSA DHE ECDHE)
一.RSA密钥交换算法 RSA算法流程文字描述如下: (1)任意客户端对服务器发起请求,服务器首先发回复自己的公钥到客户端(公钥明文传输). (2)客户端使用随机数算法,生成一个密钥S,使用收到的公钥 ...
- JVM之垃圾收集机制四种GC算法详解
JVM之四种GC算法详解 目录: 什么是GC? GC算法之引用计数法 GC算法之复制算法(Copying) GC算法之标记清除(Mark-Sweep) GC算法之标记压缩(Mark-Compact) ...
- 【Tools】VMware虚拟机三种网络模式详解和操作
00. 目录 文章目录 00. 目录 01. VMware虚拟机三种网络模式 02. Bridged(桥接模式) 03. NAT(地址转换模式) 04. Host-Only(仅主机模式) 05. 参考 ...
- 华为ensp交换机vlan划分三种接入模式详解-----网络通信原理
华为ensp交换机vlan划分三种接入模式详解 冲突域.交换机.广播域 VLAN概述 VLAN帧格式 access端口 Trunk端口 Hybrid端口 冲突域.交换机.广播域 定义:在一个网络范围内 ...
- VMware虚拟机三种网络模式详解与配置 [转]
VMware虚拟机三种网络模式详解与配置 [转] 原文链接:https://note.youdao.com/ynoteshare1/index.html?id=236896997b6ffbaa8e0d ...
- VM虚拟机三种网络模式详解
感谢wuwenweijuan的优质文章,本文在该文基础上做了注和补充 目录 1 VM虚拟机三种网络模式详解 1.1 Bridged(桥接模式) 1.2 NAT(地址转换模式) 1.3 Host-Onl ...
- 测绘用计算机吗,三种测量仪器使用详解,测绘人必须要知道
原标题:三种测量仪器使用详解,测绘人必须要知道 水准仪及其使用方法 高程测量是测绘地形图的基本工作之一,另外大量的工程.建筑施工也必须量测地面高程,利用水准仪进行水准测量是精密测量高程的主要方法,具体 ...
- VMware虚拟机三种网络模式详解之Bridged(桥接模式)
VMware虚拟机三种网络模式详解 Bridged(桥接模式) 由于Linux目前很热门,越来越多的人在学习Linux,但是买一台服务放家里来学习,实在是很浪费.那么如何解决这个问题?虚拟机软件是很好 ...
- VMware虚拟机三种网络模式详解--Bridged(桥接模式)
VMware虚拟机三种网络模式详解--Bridged(桥接模式) 简介: 由于Linux目前很热门,越来越多的人在学习Linux,但是买一台服务器放家里来学习,实在是很浪费. 那么如何解决这个问题?虚 ...
最新文章
- MySQL------Navicat安装与激活
- 【转】iphone - ios app maximum memory budget
- 洛谷 - P1714 切蛋糕(单调队列+前缀和+思维)
- 余额宝升级,限额限时解除,以后再也不用定闹钟抢破头了!
- Python数值计算:一 使用Pylab绘图(1)
- MySQL 数据库修改登录密码
- maven netty 配置_进阿里、腾讯、字节跳动、美团必掌握的Netty
- FastDfs工作笔记001---Centos下安装FastDfs进行文件存储
- spring 定时任务---task
- git修改本地仓库和远程仓库名称
- maven 的 oracle的Missing artifact com.oracle:******:jar:11.2.0.2.0
- 推荐给大家一个恶搞代码,让你的好友电脑关机----关机代码
- java物流专线快运系统源码TMS
- js QQ音乐歌词显示在浏览器标题
- Google Cloud + Firebase 讲解
- 董明珠“跳槽不用” VS雷军“复仇者联盟”,人才在内还是在外?
- 浅谈 CMap 与 map
- 傅盛:最可怕的不是把事情做差,而是越做越好后被淘汰
- 【LiteOS】华为LiteOS开发初体验
- 终于搞定Direct3D中视频播放