https and certificate

Others 2022-04-20 01:09:14 views: 0

This article attempts to introduce the working principle of Https in an easy-to-understand way, without entangled in specific terms and without verifying the strict process. I believe that after understanding the principle, when it comes to specific operation and implementation, the direction will not be wrong, and then all roads lead to Rome. Reading the text requires a general understanding of cryptography such as symmetric encryption, asymmetric encryption, and information authentication in advance. If you don't know much, you can read the recent Cryptography Tutorial by Erlang inventor Joe Armstrong . Daniel produced, easy to understand, strongly recommended.

The main body involved in Https

  1. client. It is usually a browser (Chrome, IE, FireFox, etc.), or client programs in various languages ​​that can be written by yourself.
  2. Server. Generally refers to websites that support HTTPS, such as github and Alipay.
  3. CA (Certificate Authorities) organization. HTTPS certificate issuing and management agencies, such as Symantec, Comodo, GoDaddy, GlobalSign.

I drew these characters in the picture below:
Https Role

The motivation behind the invention of HTTPS

  1. Authenticate the website being visited. What is a certified website? For example, if you are visiting Alipay, how can you be sure that you are visiting Alipay provided by Alibaba instead of a fake and shoddy phishing website?
  2. The privacy and integrity of the transmitted data is guaranteed. As we all know, Http is transmitted in clear text, so other users in the same network can steal and tamper with the contents of the data packets through network packet capture, and even operators or wifi providers may tamper with HTTP packets, add advertisements, etc. information for profit.

Https workflow

This section explains how Https achieves its two purposes by introducing the workflow of the Https protocol. In the figure below, I have drawn the workflow of Https. Note that this is just a schematic diagram, not a detailed protocol analysis.

Https Flow

You can see the workflow, which is basically divided into three stages:

  1. Authentication server. The browser has a built-in list of trusted CAs and stores the certificates of these CAs. In the first stage, the server will provide a server certificate issued by the CA authority. If the CA authority that authenticates the server certificate exists in the browser's trusted CA authority list, and the information in the server certificate is the same as the website (domain name) currently being visited. etc.), then the browser considers the server to be trusted, and obtains the server public key from the server certificate for subsequent processes. Otherwise, the browser will prompt the user, based on the user's choice, to decide whether to continue. Of course, we can manage this list of trusted CAs, adding CAs we want to trust, or removing CAs we don't trust.

  2. Negotiate session key. After the client authenticates the server and obtains the public key of the server, it uses the public key to encrypt communication with the server, and negotiates two session keys, which are the client session keys used to encrypt the data sent by the client to the server. , the server session key used to encrypt data sent from the server to the client. The reason why two symmetric keys need to be negotiated on the premise that the public key of the server can be encrypted is because asymmetric encryption is relatively complex. In the process of data transmission, using symmetric encryption can save computing resources. . In addition, the session key is randomly generated, and each negotiation will have a different result, so the security is relatively high.

  3. Encrypted communications. At this point, both the client and the server have the session key for this communication, and all Http data transmitted after that is encrypted by the session key. In this way, it will be difficult for other users on the network to steal and tamper with the data transmitted between the client and the server, thereby ensuring the privacy and integrity of the data.

Process using Https

If you are a server developer and want to use Https to protect your service and user data security, you can follow the steps below.

CA Flow

Summarize

    1. It is said that Https is discussed. In fact, Https is Http running on SSL or TLS, so the principle and process discussed in this article are actually the process of SSL and TLS. For other application layer protocols that use SSL or TLS, the content of this article is equally valid.
    2. This article only discusses the client authentication server, the server can also issue a certificate to the client and verify the client, to do two-way authentication, but the application is not so extensive, the principle is similar.
    3. Due to the use of encrypted communication, Https undoubtedly consumes more server resources than Http, which is why many companies clearly support Https but provide Http by default.
    4. Reprinted from https://www.cnblogs.com/xinzhao/p/4949344.html

Reprinted in: https://www.cnblogs.com/liuyy/p/9295486.html

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324085503&siteId=291194637
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com