The front end is about http and https (basic concepts, differences, advantages and disadvantages, encryption, digital signature, digital certificate, working principle)

Others 2021-03-07 05:45:44 views: null

The front end is http and https

Basic concepts of http and https

http:

  1. Hypertext Transfer Protocol is the most widely used network protocol on the Internet
  2. It is a standard for client and server request and response (TCP)
  3. A transfer protocol used to transfer hypertext from WWW server to local browser
  4. Make the browser more efficient

https:

  1. The secure version of HTTP, the HTTP channel with security as the goal
  2. Add an SSL layer under HTTP, which is the basis of HTTPS security
  3. Establish information security channels to ensure transmission security and website authenticity

The difference between http and https

  1. The https protocol requires a CA certificate, which is expensive.
  2. The connection method is different, the port is different: http protocol port is 80, https port is 443.
  3. HTTP Hypertext Transfer Protocol is a clear text transmission, the data is not encrypted; htps is a secure SSL encrypted transmission protocol, which is more secure.
  4. The http connection is simple and a stateless connection; https is a network protocol constructed by the SSL+HTTP protocol, which can perform encrypted transmission, integrity verification and identity authentication .

The three major risks of http and the three advantages of https

Because http is transmitted in plain text and the information is not encrypted, there are three major risks:

  1. Risk of eavesdropping: third parties can intercept and view your content
  2. Risk of tampering: third parties can intercept and modify your content
  3. Risk of being impersonated: a third party can pretend to be a correspondent to communicate with you;

It is precisely because http has three major risks that https is needed.

And https can achieve encrypted transmission, integrity verification, identity authentication , three advantages:

  1. Establish a secure information channel for encrypted transmission to ensure data privacy and security;
  2. The content transmission undergoes integrity verification to ensure data integrity;
  3. Authenticate the real identity of the website server;

https solves the three major risks of http

Before understanding the working principle of https, first understand a few important things: encryption, digital signatures, and digital certificates. In order to understand how https solves the three major risks of http: eavesdropping, tampering and impersonation ; and understand the three advantages of https, encrypted transmission, integrity verification, and identity authentication.
In fact, these are one-to-one correspondence:

  1. Encryption-encrypted transmission-solve the risk of eavesdropping
  2. Digital signature-integrity check-to solve the risk of tampering
  3. Digital certificates-identity authentication-solve the risk of being impersonated.

Regarding Encryption-Addressing Risk One "Eavesdropping"

There are three ways to encrypt, introduce them one by one

Method one, symmetric encryption

The so-called symmetric encryption means that the encryption and decryption of information need to use a key, and it is the same key. That is, it cannot be decrypted without a key, but it can be decrypted as long as there is a key.
In this way of symmetric encryption, the key must also be passed to the receiver. But how to ensure the security of the key during the transfer process ? It is possible that the key will be stolen, and the thief can decrypt the information with the key in hand.

Method two, asymmetric encryption

The asymmetric encryption method uses a pair of asymmetric keys. One of them is a "public key" and the other is a "private key". The public key can be released at will, and the private key cannot be known to others.

  1. There is only one private key, and the server "holds" it.
  2. There can be many public keys, which are "held" by the client.

First, client A wants to communicate with server B: A can encrypt its content (plain text) once with the public key sent by B, and then send the encrypted content to B. At this time, B can use his unique private key to decrypt, thereby reading the encrypted content.
simply put:

  1. There are multiple public keys, which are used by multiple clients; while there is only one private key, which is used by the server itself;
  2. A client uses the public key to encrypt the content, and the server uses the unique private key to decrypt the content.

If the server communicates with the client, asymmetric encryption also has disadvantages:

  1. The public key is public, and the information encrypted by the private key can be decrypted by the bad guys by intercepting the public key;
  2. The public key does not contain the information of the server, and the legitimacy of the server's identity cannot be guaranteed;
  3. At the same time, the asymmetric encryption algorithm takes a long time in the encryption and decryption process, which reduces efficiency.

Method three: symmetric encryption + asymmetric encryption (used by https)

Through the above explanation, we can find that symmetric encryption has the advantage of high decryption efficiency, but it is insecure; the advantage of asymmetric encryption is security, but the encryption and decryption process is complicated, which reduces efficiency.

Why is symmetric encryption insecure

It is also mentioned in Method 1: Symmetric encryption uses the same key for both encryption and decryption of information, and the key needs to be transferred to the other party . The key may be stolen during the transfer. However, anyone who gets the key can decrypt the content ! So it is not safe.
In contrast, asymmetric encryption is much safer. In the process of exchanging information, don't be afraid of information being stolen and tampered with.

New idea: symmetric encryption + asymmetric encryption

Since symmetric encryption is insecure when transferring keys, use asymmetric encryption to ensure security; since asymmetric encryption takes a long time in the decryption and encryption process, use symmetric encryption to simplify this process and improve efficiency. Complementary advantages!

The realization of symmetric encryption + asymmetric encryption

The client and the server first transmit a pair of "symmetric keys". This pair of symmetric keys uses a symmetric encryption method and is used for subsequent message exchange. The process of transmitting this pair of "symmetric keys" uses a pair of asymmetric keys for encryption and decryption, and uses asymmetric encryption.
By transmitting the "symmetric key" through asymmetric encryption, the transmitted "symmetric key" can be guaranteed to be safe ! After the transmission is completed, in the process of encrypting and decrypting the exchange of information, this pair of "symmetric keys" is used to encrypt and decrypt, and the symmetric encryption method is used to improve efficiency!
It is summarized as follows:

  1. The process of transmitting "symmetric keys" uses asymmetric encryption (to ensure security)
  2. The process of exchanging message information uses symmetric encryption (to ensure efficiency)

Specific method: The client takes the public key given by the server, encrypts the "symmetric key", and transmits it to the server. The server uses its own private key to decrypt the transmitted "symmetric key". This ensures that the exchange key is safe, and then uses the symmetric key to communicate with the symmetric encryption method.

Regarding digital signatures-addressing the second risk of "tampering"

Even through encrypted transmission, it is ensured that the data cannot be eavesdropped and the data cannot be decrypted by bad people, but it may be tampered by bad people during transmission. Therefore, it is necessary to use the "digital signature" signature to solve the risk of tampering.

The role of digital signatures

  1. Can confirm that the message is signed and sent by the sender, because the signature cannot be impersonated
  2. Perform an integrity check to prove whether the data has been tampered with.

Server sender-generation and transmission of digital signature

1. Process a piece of content with the Hash algorithm to obtain a Hash value;
2. The sender encrypts the Hash value with the private key to obtain the digital signature signature.
3. The sender original clear text signature and digital signature sent together.

Client receiver-verification of digital signature

1. The receiver uses the public key provided by the sender to decrypt the received digital signature signature to obtain a hash value A;
2. Then use the same Hash algorithm to process the received plaintext to obtain a hash value B
3 . Compare whether the hash values ​​A and B are the same. If they are the same, it can ensure that the data has not been tampered with.

But the receiver must ensure that the public key it gets is provided by the sender's server.

Regarding digital certificates-solving the third risk of "being impersonated"

The digital certificate certification authority is a third-party organization that can be trusted by both the client and the server.
Digital certificate authentication process:

  1. The server submits the public key, organization information, personal information, etc. to the third-party agency CA and applies for certification;
  2. CA uses various methods to verify the authenticity of the information provided by the server applicant, such as whether the organization exists, whether it is legal, etc.
  3. If approved, the CA will issue a digital certificate to the applicant. The digital certificate contains: the applicant's public key, the applicant's organization and personal information, valid time, and so on.
  4. The client sends a request to the server, and the server returns the certificate file;
  5. The client reads the relevant plaintext information in the certificate, uses the same hash function to obtain the message digest, and decrypts the signature with the public key provided by the CA. If the comparison is consistent, the certificate can be determined to be legal and the server's public key is reliable.

How https works

https can be encrypted transmission (symmetric encryption + asymmetric encryption), integrity verification (digital signature), identity authentication (digital visa), respectively, to solve the three major risks of http's eavesdropping, tampering, and impersonation.
The client is called Client, and the server is called Server. The
process is as follows:

  1. Clinet initiates an https request, the interface is 443
  2. The server returns the public key certificate to the client
  3. Client verifies the returned public key certificate in many ways
  4. If the client is authenticated by the public key certificate, it will get the public key provided by the server .
  5. The client generates a pair of " symmetric keys " through a pseudo-random number generator as the "session key". The "session key" is encrypted with the public key provided by the server and sent to the server.
  6. The server decrypts the session key with its private key to obtain the session key. So far, the two parties have obtained a pair of "symmetric keys", that is, "session keys" through the public key and the private key.
  7. Both parties can use this pair of "symmetric keys" or "session keys" to communicate. The server encrypts the plaintext information A through the symmetric key and sends it to the client
  8. The client decrypts with the symmetric key and obtains the plaintext information A.

Disadvantages of https

  1. The https handshake phase is time-consuming, the page loading time is extended by 50%, and the power consumption is increased by 10-20%
  2. The cache of https is not as efficient as http, which will increase data overhead
  3. https requires an SSL certificate, which requires a certain fee

Guess you like

Origin blog.csdn.net/qq_43263320/article/details/113728915
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com