UNIX.com response times Post: 303005553

Sponsored Content

Contact Us Post Here to Contact Site Administrators and Moderators UNIX.com response times Post 303005553 by bakunin on Thursday 19th of October 2017 03:46:54 PM

10-19-2017

Registered User

Quote:

Originally Posted by rbatte1

Is that partly because encryption includes compression?

This is not the case. In fact, SSL works like this (short introduction to encryption theory):

First, we need to establish the difference between asymmetric and symmetric encryption methods.

In symmetric encryption a cipher is used to encrypt as well as decrypt the message. The cipher is shared between the sender and the receiver beforehand. Advantage: keys can be smaller (typically 128-bit or 256-bit) and it allows for two-way communication. Disadvantage: whoever knows the cipher can encode as well as decode it.

Asymmetric encryption works with two different ciphers: one (the "public" key) is used (only!) to encrypt the message. To decrypt it one needs the other "private" cipher. You can send around your public key without caring for who knows it, because only the encryption is possible. As long as you keep your private key to yourself you alone can decrypt anything encrypted with your public key. Advantage: you don't need to share the (private) key with anyone. Disadvantage: allows only a one-way communication and uses significantly larger keys (1024 or 2048 bit for RSA nowadays).

The most common asymmetric algorithms are RSA and elliptic curves (ECC). RSA is based on the fact that integer factorisation is difficult and expensive computation-wise. Basically you build the product of two very large prime numbers: the product is easy to calculate (and published) but without knowing the factors it is difficult to compute them (the private key) from the product. ECC computes the discrete logarithm of a random elliptic curve element. The elliptic curve is built over a Galois field (not the real numbers) and the discrete logarithm is computed in respect to a point at infinity.

As asymmetric encryption only works one-way, how is it used for information exchange, say, between a web server and the browser? The idea is to use a handshake-procedure to establish a session:

1) Server sends his public key to client.
2) Client creates a symmetric session key, encrypts it with the public key of the server and sends it back
3) Server decrypts the session key and
4) both client and server use this symmetric key for the duration of the session

All these algorithms do NOT compress anything at all. In fact they are neutral to the amount of data being transferred.

I hope this helps.

bakunin

This User Gave Thanks to bakunin For This Post:

bakunin

View Public Profile for bakunin

Find all posts by bakunin

5 More Discussions You Might Find Interesting

1. Programming

Problem with implementing the times() function in C (struct tms times return zero/negative values)

Hello, i'm trying to implement the times() function and i'm programming in C. I'm using the "struct tms" structure which consists of the fields: The tms_utime structure member is the CPU time charged for the execution of user instructions of the calling process. The tms_stime structure...

2. Shell Programming and Scripting

feasibility of opening a website link from unix and get a response in the form of xml or html

i just wanted to know whether is it possible to open a website link and get a response in the form of xml or html format... the website is of local network... for example something like this wget http://blahblah.samplesite.com/blachblahcblach/User/jsp/ShowPerson.jsp?empid=123456 ...

3. Red Hat

Response Times

Hello all. Let me qualify my question by saying that I am struggling with how to ask the question I am semi green but have no issue reading up if pointed in the right direction. Please be gentle! A RHEL server 6.2. Hosts a statistical application that has some web apps and batch programming...

4. What is on Your Mind?

Changing Times at UNIX.COM

Over the past year, I have written so much code at UNIX.COM, I've gained 4 KGs just sitting at my desk and not exercising! However, it seems that "no good deed goes unpunished" and not only have I sacrificed my health (gaining weight, not exercising as much), but there is also my family who is...

5. Shell Programming and Scripting

Choosing VPN server based on server response times

Hello all, I am using the VPN provider Private Internet Access. I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great. Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service I wonder if I can create a...

LEARN ABOUT DEBIAN

evp_sealfinal

EVP_SealInit(3SSL)						      OpenSSL							EVP_SealInit(3SSL)

NAME

       EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption

SYNOPSIS

	#include <openssl/evp.h>

	int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
			 unsigned char **ek, int *ekl, unsigned char *iv,
			 EVP_PKEY **pubk, int npubk);
	int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
		int *outl, unsigned char *in, int inl);
	int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
		int *outl);

DESCRIPTION

       The EVP envelope routines are a high level interface to envelope encryption. They generate a random key and IV (if required) then
       "envelope" it by using public key encryption. Data can then be encrypted using this key.

       EVP_SealInit() initializes a cipher context ctx for encryption with cipher type using a random secret key and IV. type is normally supplied
       by a function such as EVP_des_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be
       decrypted using any of the corresponding private keys. ek is an array of buffers where the public key encrypted secret key will be written,
       each buffer must contain enough room for the corresponding encrypted key: that is ek[i] must have room for EVP_PKEY_size(pubk[i]) bytes.
       The actual size of each encrypted secret key is written to the array ekl. pubk is an array of npubk public keys.

       The iv parameter is a buffer where the generated IV is written to. It must contain enough room for the corresponding cipher's IV, as
       determined by (for example) EVP_CIPHER_iv_length(type).

       If the cipher does not require an IV then the iv parameter is ignored and can be NULL.

       EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
       documented on the EVP_EncryptInit(3) manual page.

RETURN VALUES

       EVP_SealInit() returns 0 on error or npubk if successful.

       EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for failure.

NOTES

       Because a random secret key is generated the random number generator must be seeded before calling EVP_SealInit().

       The public key must be RSA because it is the only OpenSSL public key algorithm that supports key transport.

       Envelope encryption is the usual method of using public key encryption on large amounts of data, this is because public key encryption is
       slow but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is
       transferred using public key encryption.

       It is possible to call EVP_SealInit() twice in the same way as EVP_EncryptInit(). The first call should have npubk set to 0 and (after
       setting any cipher parameters) it should be called again with type set to NULL.

SEE ALSO

       evp(3), rand(3), EVP_EncryptInit(3), EVP_OpenInit(3)

HISTORY

       EVP_SealFinal() did not return a value before OpenSSL 0.9.7.

1.0.1e								    2013-02-11							EVP_SealInit(3SSL)