HTTPS hypertext transfer protocol, it is transmitted in clear text, and it is very insecure to transmit private information such as account numbers and passwords.
HTTPS hypertext transmission security protocol, which encrypts and encapsulates data transmission, encrypts data packet transmission through symmetric encryption and asymmetric encryption principles, and verifies the authenticity of server responses with digital certificates. This method is also called SSL/TLS.
Symmetric encryption
The same key can be used for both encryption and decryption of information.
Example: 1. When encrypting, a fixed offset is subtracted from the data at the same time, and when decrypted, the data is added back to the fixed offset at the same time
2. The same key is required for both locking and unlocking
Asymmetric encryption:
There are two corresponding keys, a public key and a private key.
Encryption with the public key can only be decrypted with the private key, and encryption with the private key can only be decrypted with the public key.
Digital certificate:
The certificate authority - issued by the CA, is equivalent to a public identity certificate, including the certificate holder's information and public key information.
Xiaoming goes to the CA organization to apply for a certificate, generates a certificate with Xiaoming's personal information and public key, and then sends the certificate to Jack, and Jack takes the certificate to the certificate authority to query. If it can match Xiaoming's information, it means that the certificate is Xiao Ming's, you can use the public key in the certificate to decrypt Xiao Ming's message.
Practical application of the above encryption
HTTPS transmission process:
The client holds a symmetric key A, and the server holds an asymmetric public key B and private key C;
The client makes a request first, and the server returns the public key B,
The client gets the public key B (the digital certificate verifies the identity is reliable), encrypts the public key A, and transmits it to the server.
The server uses private key C to decrypt private key A;
Finally, the client encrypts the data packet through the private key A, and the server decrypts the data through the key A, and communicates normally.
(In this process, the client mainly wants to get the symmetric key A)
During this period, the hacker can obtain the public key B, but can't do anything; the data encrypted with the public key B cannot be parsed without the private key C without the symmetric key A.
Hacker breaks the game
However, the hacker can intercept the transmission of the public key B, and then generate a pair of public key and private key, send his public key to the client, and then intercept the key A encrypted by the client’s own public key, thus obtaining the secret key . Key A. Then encrypt key A with public key B and pass it to the server.
The role of digital certificates
Among them, the public key generated by the hacker himself, but if there is a digital certificate, it is not qualified.
A digital certificate is issued by a third-party official organization, which is equivalent to a server's ID card. The digital certificate contains the certificate holder's information and public key information.
If the client verifies the digital certificate of the server, there is no problem of fraudulent use of the service public key.