[HTTP of computer network] The difference between HTTPS and HTTP

Language 2023-06-18 20:06:04 views: null

Table of contents

The reason for HTTPS

How HTTPS Works

Symmetric encryption

asymmetric encryption

Introducing digital certificates

HTTPS Complete Workflow

 High-frequency interview questions: the difference between HTTPS and HTTP

The reason for HTTPS

  The HTTP protocol transmits data in plaintext in the form of text, so the data is easily hijacked by hackers and leaks may occur. The HTTPS protocol can solve the defect of HTTP insecurity. HTTPS is also an application layer protocol . It introduces an encryption layer SSL on the basis of the HTTP protocol. (It can be understood as HTTPS=HTTP+SSL)

How HTTPS Works

        In order to ensure the secure transmission of data, HTTPS needs to encrypt the data, so that the plaintext is not directly transmitted on the network but the encrypted ciphertext. Encryption methods can be generally divided into two types: symmetric encryption and asymmetric encryption

Symmetric encryption

        Symmetric encryption uses a key to encrypt data, so that a ciphertext can be obtained, so the client can transmit the ciphertext to the server, and the server uses the key to decrypt the ciphertext, so that the data can be prevented from being intercepted . Note: the client and server use the same key for encryption and decryption. 

        After the introduction of symmetric encryption, even if the data is intercepted , because the hacker does not know what the key is , he cannot decrypt it , and he does not know what the real content of the request is.
        Since both the client and the server use the same key for encryption and decryption in the process of symmetric encryption, the client needs to transmit a key to the server before transferring data, and agree to use the same key for encryption and decryption .
        The transmission of the key must also be encrypted. If the key is transmitted directly in plain text , the hacker will be able to obtain the key ~~ At this time, the subsequent encryption operation will be useless.
        At this time, if you use symmetric encryption to transmit the key, you need to determine the key to transmit the key, which has evolved into a mutual "doll", so asymmetric encryption is introduced to transmit the key .

asymmetric encryption

        Asymmetric encryption requires the use of two keys: a public key and a private key. The public key and the private key are paired, and a public key can only be paired with one private key. The server generates a pair of public and private keys. Asymmetric encryption is to solve the problem of secure transmission of symmetric encryption keys without being intercepted by hackers.

        The biggest disadvantage of asymmetric encryption is that the operation speed is very slow , which is much slower than symmetric encryption.

Public and private keys can be used in reverse:

  1. Public key encryption, private key decryption
  2. Private key encryption, public key decryption

Asymmetric encryption process:

  • The client initiates a connection establishment request to the server, and the server transmits the public key to the client
  • The client uses the public key to encrypt the key to obtain the ciphertext , and transmits the ciphertext to the server
  • The server uses the private key to decrypt the ciphertext to obtain the key , and the server can perform symmetric encrypted transmission with the client after obtaining the key.
  • Since the efficiency of symmetric encryption is much higher than that of asymmetric encryption, asymmetric encryption is only used when negotiating keys in the initial stage, and symmetric encryption is still used for subsequent transmissions.

 

        The purpose of asymmetric encryption is to use the public key sent by the server to encrypt the key for symmetric encryption transmission and transmit it to the server, so as to ensure that the key for symmetric encryption between the client and the server will not be intercepted.

        Then, when the client uses the public key to encrypt the key, how can it be judged that the public key used by the client is sent by the server and not forged by hackers? How did the client get this public key?

So a digital certificate is introduced to verify the legitimacy of the public key

Introducing digital certificates

        1. Before using the HTTPS protocol, the server will first apply for a digital certificate from the authority. The digital certificate contains the digital signature encrypted by the authority's own unique private key 1 (system checksum: verify whether it has been tampered with) and a pair of new Public key 2 and private key 2 of .

        2. When the client sends a request for a digital certificate to the server, the server will put the new public key 2 into the digital certificate and transmit it to the client together

        3. After the client gets the digital certificate, it will use the public key 1 of the authority ( the public key 1 of the authority will be built into the operating system of the client ) to decrypt the digital signature to obtain a checksum num1, and use the same for the certificate Algorithm to calculate a new checksum num2, compare whether num1 and  num2 are equal, if they are equal, it means that the certificate has not been tampered with .

HTTPS Complete Workflow

Summary: The introduction of digital certificates and asymmetric encryption both work around this symmetric encryption key .

  • The introduction of digital certificates is to allow the client to ensure that the server's asymmetrically encrypted public key is obtained to prevent the public key from being tampered with
  • The client obtains the public key of asymmetric encryption to ensure that the key of symmetric encryption is transmitted to the server and will not be obtained by hackers

 

 High-frequency interview questions: the difference between HTTPS and HTTP

1. The HTTP protocol is a hypertext transfer protocol, and the data is transmitted in plain text, which has security risks. HTTPS is a secure SSL encrypted transfer protocol, which encrypts the data for transmission

2. The HTTPS protocol needs to apply for a digital certificate from an authority to ensure that the identity of the server is trusted

3. The HTTP connection is relatively simple, and only needs to go through the three-way handshake of TCP for data transmission, while the HTTPS connection needs to go through the three-way handshake of TCP, and then the handshake of SSL to carry out encrypted data transmission

4. The default ports of the two are different, the default port of HTTP is 80, and the default port of HTTPS is 443

Guess you like

Origin blog.csdn.net/qq_73471456/article/details/130049441
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com