Analysis of the basic principle of HTTPS encrypted transmission protocol

Others 2020-04-22 13:26:04 views: null

Insert picture description here

Abstract: Baidu Encyclopedia:
  HTTPS (Hyper Text Transfer Protocol over SecureSocket Layer) is an HTTP channel with security as its goal. On the basis of HTTP, transmission encryption and identity authentication ensure the security of the transmission process. HTTPS joins the SSL layer under the foundation of HTTP. The security foundation of HTTPS is SSL, so the detailed encrypted content requires SSL. HTTPS has a different default port than HTTP and an encryption / authentication layer (between HTTP and TCP). This system provides authentication and encrypted communication methods. It is widely used in security-sensitive communications on the World Wide Web, such as transaction payments.

PS: HTTP three-way handshake is relatively simple, only confirm the network connection, you can carry out data transmission through the normal process, the specific details are not repeated.

1. HTTPS & HTTP

  1. HTTPS is a secure SSL encrypted transmission protocol, HTTP is a hypertext transmission protocol, and information is transmitted in clear text
  2. HTTPS browser displays a green security lock, HTTP is not displayed or is not secure
  3. HTTPS standard port 443, HTTP standard port 80
  4. HTTPS is based on the transport layer, HTTP is based on the application layer
  5. HTTPS is more secure than HTTP and search engines are more friendly

2. HTTPS的握手过程相对比较复杂

Reason: He needs to have a process of encrypted transmission, and to determine the real key to be used when we finally transmit data

3. 公钥 & 私钥

  1. Private key: decryption tool stored on the server
  2. Public key: an encrypted string that can be obtained
  3. Principle: The public key and private key are mainly used for transmission during handshake, that is, the data to be transmitted is first encrypted by the public key, and then decrypted by the private key after being transmitted to the server. Therefore, even if there is packet capture and interception, there is no private key for decryption.

4. HTTPS的握手详解:

Process:

  1. In this transmission process, the client will first generate a random number and then transmit it to the server. At the same time, it will also bring an encryption suite (there are many different encryption suites) supported by the client.
  2. Then the server will store the random number first, and the server will also generate a random number. This random number will be transmitted to the client along with the server's certificate, that is, the public key.
  3. After the client gets the random number of the server, it also stores it first, and then the public key passed to him through the server will generate a pre-master key.
  4. In the process of generating the pre-master key, a random number is also generated (so a total of three random numbers are generated). After generating this random number, it is encrypted with the public key and transmitted to the server.
  5. After this data is transmitted to the server, the server obtains the pre-master key through the private key decryption, which is a random string, and then the client and the server simultaneously perform an algorithm operation on these three random numbers to generate a master key.
  6. After you have the master key, all the later data transmission is encrypted through the master key.

Key points:

  1. This process is a process that cannot be explained by a middleman. Because he uses the public key to encrypt the data, only the server side has the private key to decrypt it.
  2. Because it will involve a cipher suite, because the final server will choose a cipher suite, which needs to be supported by the client side, and then both sides determine to use the same cipher suite at the same time, and perform an algorithm operation on these three random numbers to generate A master key.
  3. Because the last random number is only known by the client and the server. The middleman can't get it at all, so the master key they produce is also incapable of being cracked by the middleman.
  4. Because the master key is the same on both sides, both sides can decrypt the data after encryption, then the middleman has no way to know the master key, that is, there is no way to decrypt the data.

At this point, a data transmission in the middle has become a safe transmission!

5. 图解

Insert picture description here

6. HTTPS的应用面

In the era of the extremely open Internet, HTTPS is extremely important to ensure data transmission and prevent hijacking.

  1. User-led websites such as e-commerce systems and mailboxes
  2. Highly private websites such as payment systems and finance
  3. Websites that use search engines as the main source of traffic
  4. A website focused on user experience

HTTPS security is greatly improved compared to HTTP, but the security of the Internet is always relative, and absolute security does not exist.

codingScript
Published 40 original articles · won 31 · views 2769
Private letter concerns

Guess you like

Origin blog.csdn.net/CodingmanNAN/article/details/104367061
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com