About the UI displaying the HTTPS cryptographic algorithm

Whether a website is secure or not, there are at least three basic elements, one is https encryption, the other is WAF protection, and the third is trusted identity validation, all three are indispensable. That's why the ZT Browser innovatively displays three security-related icons:    , not only has the security padlock, but also has the WAF protection icon and the website trusted identity validation level icon. ZT Browser has also innovatively added an icon that displays the HTTPS cryptographic algorithm to help users understand the cryptographic algorithms used in HTTPS encryption, including the RSA algorithm, ECC algorithm, SM2 algorithm and PQC algorithm. Please refer to the innovation UI Icon Summary of ZT Browser for details.

The authentication algorithm used by HTTPS encryption depends on the cryptographic algorithm used to issue the SSL certificate deployed by the website, while the actual encryption algorithm is negotiated and determined by the browser and the web server. ZT Browser supports four cryptographic algorithms: RSA, ECC, SM2, and PQC. Different algorithms display different icons, allowing users to identify whether website data is quantum-safe and supports China commercial cryptographic algorithms. This also allows government regulators and cryptographic audit agencies to intuitively understand whether the SSL certificate deployed by the website complies with China Cryptography Law. If a website deploys a dual-algorithm SSL certificate, such as RSA+SM2, ZT Browser will prioritize the SM2 algorithm for HTTPS encryption to meet the user's commercial cryptography compliance requirements. If a website deploys an RSA/ECC/SM2 algorithm SSL certificate but supports the post-quantum cryptographic key encapsulation protocol, the post-quantum cryptographic protocol will be prioritized for HTTPS encryption. If a website deploys SSL certificates with RSA/ECC/SM2/PQC algorithms simultaneously, ZT Browser will prioritize the PQC algorithm for HTTPS encryption.

The specific UI display rules are as follows:

1. If the website deploys an RSA/ECC/SM2 algorithm SSL certificate and supports PQC key encapsulation to implement PQC HTTPS encryption, or the website deploys a PQC algorithm SSL certificate, icon will be displayed after the padlock icon in the address bar. When the user clicks the icon, the prompts "PQC algorithm, Quantum-Safe" and "Connection uses PQC algorithm" will be displayed.

2. When a user visits a website that has deployed an RSA algorithm SSL certificate, an icon will be displayed after the padlock. Clicking the icon will display “RSA Algorithm, Publicly Trusted”.

3. When a user visits a website that has deployed an ECC algorithm SSL certificate, an icon will be displayed after the padlock. Clicking the icon will display “ECC Algorithm, Publicly Trusted”.

4. When a user visits a website that has deployed an SM2 algorithm SSL certificate, an icon will be displayed after the padlock. Clicking the icon will display “SM2 Algorithm, Cryptography Compliance”.

5. When a user visits a website that has deployed an intranet SSL certificate trusted by ZT Browser, the cryptography algorithm RSA/ECC/SM2 will be displayed, and displays “Intranet SSL Certificate” to let visitors know it.

It is recommended to choose the ZoTrus HTTPS automation management solution, which does not need to apply for an SSL certificate from a CA, install an SSL certificate on the web server, or install ACME client software on the web server, and fully automatically implement https encryption and WAF protection, seamless and automatic migration to post-quantum cryptography HTTPS encryption. Since the validity period of SSL certificates will be shortened to 47 days, the traditional solution of manually applying for and deploying SSL certificates cannot meet the application requirements of many website systems that need to deploy SSL certificates, and the automatic management of SSL certificates must be realized. In particular, the critical information infrastructure system that needs to realize the SM2 algorithm HTTPS encryption, the solution that does not affect the normal operation of the existing business system with zero transformation of the original web server is required, ZoTrus solution not only automatically deploys the RSA/ECC SSL certificate, but also automatically deploys the SM2 SSL certificate to realize the automatic management of the dual-algorithm SSL certificate. ZT Browser preferentially uses PQC algorithm, SM2 algorithm, ECC algorithm, RSA algorithm to achieve HTTPS encryption, and other browsers that do not support the SM2 algorithm use the ECC algorithm to achieve HTTPS encryption.