Why is HTTPS secure? Detailed graphic explanation!

Java technology stack

www.javastack.cn

Follow to read more quality articles

Author: standing on top of the spine

Source: juejin.im/post/5ebe6870f265da7bce2696b9

"1. Why is there HTTPS"

Before the advent of HTTPS , all requests were sent in plaintext, so if someone overhears or captures packets during transmission, all your communication content will be leaked.

A more secure method is to encrypt the content of the communication before sending it to the other party. There are two encryption methods, symmetric encryption and asymmetric encryption.

"Second, symmetric encryption"

Symmetric encryption refers to the use of the same key for encryption and decryption. But before communication, the client and server will not have such the same key. One of the parties needs to send the key to the other party.

During the entire transmission process, there is no verification operation, so hackers can also intercept this key to decipher the encrypted content. So pure symmetric encryption is not secure.

"Three, asymmetric encryption"

Asymmetric encryption refers to the use of different keys for encryption and decryption. It can be encrypted with a private key and decrypted with a public key, or it can be encrypted with a public key and decrypted with a private key. But there will be this situation. The server has the private key and the public key, and sends the public key to the client. Since the client can obtain the public key, the hacker can also obtain the public key.

Then all the content sent by the server to the client can be interpreted by hackers. The client encrypts the server with the public key and sends it to the server without being affected, because the hacker does not have the server's private key. So pure asymmetric encryption is also insecure.

"The process of transferring the key"

"Four. Graphical transmission of the key process"

HTTPS uses symmetric encryption to encrypt communication content, and the key used is called A. Use asymmetric encryption to encrypt the key A and then send it to the other party (a bit convoluted). As long as the key A does not fall into the hands of others, the transmitted data will not be decoded by others.

So the question is, how to safely send this key to the other party?

Let's look at the key transmission process:

"Five. Why is HTTPS reliable?"

HTTPS is reliable because it solves three problems. Spring Boot supports HTTPS . For this recommendation, please follow the official account Java technology stack and reply to boot for more tutorials.

Encrypted communication, even if others obtain the information, it cannot be restored to the original information.

Prevent man-in-the-middle attacks. Hackers cannot pretend to be the server. Because in step 2, the server gave the client a CA certificate.

If the client verifies the certificate, it means that the certificate and public key are sent by the server and are authentic and reliable.

If the client cannot verify the certificate, it means that the certificate is not reliable and may be fake.

The credibility of the CA certificate. The CA certificate needs to be applied for by the company or individual, and then the domain name is verified by methods such as email verification. Avoid the possibility of hackers posing as websites to obtain certificates.

At the technical level, the public key of the CA is written in the operating system or browser. Only the content encrypted with the private key of the CA organization can be decrypted. Ensure that the certificate is indeed issued by the CA.

"Six, the role of the key"

Finally, let us review the role of each key: