Preface
Hello everyone, I’m Lin Sanxin, most difficult knowledge points in the most easy-to-understand terms. is my motto, and based on the premise of advanced is my original intention.
I believe that everyone usually HTTPS with 061c1271f5c583 often, such as request interface, visit website and so on. . Then we will often think about:
HTTPSis 061c1271f5c5ba?- What is the relationship between
HTTPS - Why are the current websites
HTTPSinstead ofHTTP?
What is HTTPS?
HTTPS is actually HTTP + SSL/TLS . As for what is HTTP , this is not in the scope of our discussion today, and what is SSL/TLS ? In fact, it is SSL or TLS, both of which are encrypted security protocols, and SSL is TLS , now most browsers do not support SSL , so now TLS is more famous SSL is more widely used. So it is still collectively referred to as SSL/TLS . So why use HTTPS , because HTTP is plaintext transmission, which is not secure, and HTTP + SSL/TLS is safer, that is, HTTPS is safer
Symmetric encryption
What is it?
What is symmetric encryption? Let me give you an example. You chat with your girlfriend and don’t want others to know what you’re talking about, so you make an agreement with your girlfriend: The messages sent by both parties are in reverse order. After receiving each other’s messages, you need to reverse the order. See the real message:
This so-called agreement is actually equivalent to the same key of both parties. Only this key can know what the message is sent between the two parties. Since the keys of both parties are the same, it is also called symmetric encryption:
shortcoming?
At the beginning, both parties must negotiate what the key (secret key) should be, and this process may be monitored by hackers. Once a third person knows the key, then the information of the two of you is very easy. It was cracked by a hacker halfway and the information was forged. In this case, the other party may not receive your information, but the information received is forged by the hacker. For example, in the example below, you sent hahahahahaha, the other party received it. It's :
Asymmetric encryption
Public key and private key
Now, on the server side, two keys key A and key B are generated, and there is a connection between the two keys: key A can only key B, and then the server will take this key A is sent to the client. Every time the client sends a message, it needs to key A, and then sent to the server, and the server key B to decrypt it to get the information sent by the client:
In fact, here, the key A is the public key, because the client and the server know it, and the key B is the private key, because from the beginning to the end, the key B is at the server, which is very secure
Asymmetric encryption
asymmetric encryption is based on public key, private key encryption way, asymmetric encryption compared to symmetric encryption security is strong, because hackers may only know public, and can not know private key, The data encrypted by the public key of can only be decrypted with the private key of , so hackers cannot decrypt the information sent by the client to the client after stealing the public key
shortcoming
We just said that asymmetric encryption is more symmetric encryption, but asymmetric encryption also has disadvantages. As we said, at the beginning, the server generated the public key and secret key, and then sent the public key to the client, and the private key was always stored on the server. Then in public key to the client, the hacker may intercept the public key, and the hacker forges the hacker version public key and the hacker version private key, and sends the hacker version public key to the client , The client is not aware of it. When transmitting the data, use the hacker version public key to encrypt the data and send it. At this time, the hacker only needs to use the hacker version private key to decrypt the information sent by the client, and forge his own hacker information, and Use the original public key to encrypt, and then send it to the server, and then the server uses the original private key for decryption to get hacker information
What kind of encryption is HTTPS?
In fact, HTTPS uses symmetric encryption + asymmetric encryption, let's continue to look down!
Certificate
We just said that asymmetric encryption also has shortcomings, so how to prevent this shortcoming? At this time we need to apply for the certificate certificate authority (CA)
The composition of the certificate
step
1. The server sends the public key to the certification authority, and applies for a certificate certification authority
2, Certificate Authorities themselves have one pair public key, secret key, use public key to encrypt the key1 , according to the server at the same time generate a URL certificate signing, and also use secret key to encrypt the signed certificate. And make a certificate, certificate to the server
3. When the client communicates with the server, the server no longer directly transmits the server public key to the client, but transmits the just certificate to the client
4. When the client receives the certificate, it will distinguish the authenticity of the certificate. Explain in advance: Today's browsers store the names of major certification authorities and the corresponding public keys of the institutions. Therefore, after the client receives the certificate, it only needs to find the corresponding public key from the browser, decrypt the certificate signature, and then the client generates a certificate signature signature rule. If the two signatures of consistent, then pass. After passing, the client uses the organization public key again to decrypt the server public key key1
5. The client itself generates a symmetric key key2, and then uses the existing server public key key1 to key2 and sends it to the server. After the server receives it, it uses the server secret key. Decryption. At this time, both the client and the server have the symmetric key key2 of
6. From then on, the client and the server use the symmetric key key2 for symmetrically encrypted communication, that is, back to the first scene before, you and your girlfriend use the reverse algorithm for encrypted calls, but This reverse order algorithm certificate, and will not be known by third-party hackers, as long as you, your girlfriend, and the certification authority know:
Will the certificate be intercepted?
In fact, even if the certificate is intercepted, it is useless, because signature in the certificate is generated based on the server URL and encrypted with the secret key of the certificate authority, which cannot be tampered with. Or hackers can directly create a fake certificate and send it to the client, but this is also useless. After all, the browser has long maintained a certification authorities. Hackers are not in this collection. ~
SSL/TLS
I HTTPS = HTTP + SSL/TLS before, and the series of operations mentioned above happen at the SSL layer.
Note: The latest TLS protocol is an upgraded version of the SSL 3.0 protocol, and the general principles of the SSL protocol are the same.
refer to
- What is the HTTPS protocol?
- What is
Concluding remarks
I am Lin Sanxin, an enthusiastic front-end rookie programmer. If you are motivated, like the front-end, and want to learn the front-end, then we can make friends and fish together haha, fish school
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。