HTTPS
HTTPS is actually composed of two parts: HTTP + SSL / TLS, that is, a layer of modules for processing encrypted information is added to HTTP. The transmission of information on both the server and the client is encrypted by TLS, so the transmitted data is encrypted data.
-
The client initiates an HTTPS request. The
user enters an https URL in the browser and connects to the server port -
Server configuration
The server using the HTTPS protocol must have a set of digital certificates. This set of certificates is a pair of public and private keys -
Transfer certificate
This certificate is actually the public key, but it contains a lot of information, such as the certificate authority, expiration time, etc. -
Client parsing the certificate
This part of the work is done by the client's TLS. First, it will verify whether the public key is valid, such as the issuer, expiration time, etc. If an exception is found, a warning box will pop up to indicate that the certificate has a problem. If there is no problem with the certificate, then generate a random value, and then use the certificate to encrypt the random value -
Transmit encrypted information
This part transmits the random value encrypted by the certificate, the purpose is to let the server get the random value, and the communication between the client and the server can be encrypted and decrypted by this random value in the future -
The server decrypts the information.
After decrypting with the private key, the server obtains the random value (private key) passed from the client, and then encrypts the content symmetrically through the value. The so-called symmetric encryption is to mix the information and the private key through an algorithm, so that unless the private key is known, the content cannot be obtained, and the client and the server know the private key -
Transmit encrypted information
This part of the information is the information encrypted by the private key of the service segment, which can be restored on the client -
The client decrypts the information. The
client uses the previously generated private key to decrypt the information passed by the server, so the decrypted content is obtained.
Encryption Algorithm
The encryption and HASH algorithms commonly used by HTTPS are as follows:
非对称加密算法:RSA,DSA/DSS
对称加密算法:AES,RC4,3DES
HASH算法:MD5,SHA1,SHA256
Symmetric encryption (Symmetric Cryptography)
Symmetric encryption is the fastest and easiest encryption method. The same key is used for encryption and decryption. There are many algorithms for symmetric encryption. Because of its high efficiency, it is widely used in the core of many encryption protocols.
Symmetric encryption usually uses a relatively small key, generally less than 256 bits. Because the larger the key, the stronger the encryption, but the slower the encryption and decryption process. The size of the key must take care of both security and efficiency.
A major disadvantage of symmetric encryption is the management and distribution of keys. In other words, how to send keys to the hands of people who need to decrypt your messages is a problem. In the process of sending the key, the key has a great risk of being intercepted by hackers. The usual practice in reality is to asymmetrically encrypt the symmetrically encrypted key and then send it to the person who needs it.
Asymmetric Cryptography
Asymmetric encryption provides a very secure method for data encryption and decryption. It uses a pair of keys, a public key and a private key. The private key can only be safely kept by one party and cannot be leaked, while the public key can be issued to anyone who requests it. Asymmetric encryption uses one of the keys to encrypt, while decryption requires another key. For example, if you request a public key from a bank, the bank sends you the public key, and you use the public key to encrypt the message, then only the holder of the private key, the bank, can decrypt your message. Unlike symmetric encryption, banks do not need to send private keys over the network, so security is greatly improved.
Although asymmetric encryption is very secure, it is very slow compared to symmetric encryption, so symmetric encryption is still used to transmit messages, but the key used by symmetric encryption can be sent out by asymmetric encryption. Examples:
(1) To make a transaction on the bank ’s website, the browser first generates a random number as a symmetric key
(2) The browser requests the public key from the bank ’s website
(3) The bank sends the public key to the browser
(4) The browser uses the bank's public key to encrypt its own symmetric key
(5) The browser sends the encrypted symmetric key to the bank
(6) The bank uses the private key to decrypt to obtain the browser's symmetric key
(7) Browsers and banks can use symmetric keys to encrypt and decrypt the content of communication
- Symmetric encryption uses the same key for encryption and decryption, so it is fast, but because the key needs to be transmitted over the network, the security is not high
- Asymmetric encryption uses a pair of keys, public and private keys, so the security is high, but the encryption and decryption speed is slow
- The solution is to encrypt the symmetric encryption key using the asymmetric encryption public key, and then send it out. The receiver uses the private key to decrypt to obtain the symmetric encryption key, and then the two parties can use symmetric encryption to communicate
