Table of contents
Introducing digital certificates
High-frequency interview questions: the difference between HTTPS and HTTP
The reason for HTTPS
The HTTP protocol transmits data in plaintext in the form of text, so the data is easily hijacked by hackers and leaks may occur. The HTTPS protocol can solve the defect of HTTP insecurity. HTTPS is also an application layer protocol . It introduces an encryption layer SSL on the basis of the HTTP protocol. (It can be understood as HTTPS=HTTP+SSL)
How HTTPS Works
In order to ensure the secure transmission of data, HTTPS needs to encrypt the data, so that the plaintext is not directly transmitted on the network but the encrypted ciphertext. Encryption methods can be generally divided into two types: symmetric encryption and asymmetric encryption
Symmetric encryption
Symmetric encryption uses a key to encrypt data, so that a ciphertext can be obtained, so the client can transmit the ciphertext to the server, and the server uses the key to decrypt the ciphertext, so that the data can be prevented from being intercepted . Note: the client and server use the same key for encryption and decryption.
asymmetric encryption
Asymmetric encryption requires the use of two keys: a public key and a private key. The public key and the private key are paired, and a public key can only be paired with one private key. The server generates a pair of public and private keys. Asymmetric encryption is to solve the problem of secure transmission of symmetric encryption keys without being intercepted by hackers.
Public and private keys can be used in reverse:
- Public key encryption, private key decryption
- Private key encryption, public key decryption
Asymmetric encryption process:
- The client initiates a connection establishment request to the server, and the server transmits the public key to the client
- The client uses the public key to encrypt the key to obtain the ciphertext , and transmits the ciphertext to the server
- The server uses the private key to decrypt the ciphertext to obtain the key , and the server can perform symmetric encrypted transmission with the client after obtaining the key.
-
Since the efficiency of symmetric encryption is much higher than that of asymmetric encryption, asymmetric encryption is only used when negotiating keys in the initial stage, and symmetric encryption is still used for subsequent transmissions.
The purpose of asymmetric encryption is to use the public key sent by the server to encrypt the key for symmetric encryption transmission and transmit it to the server, so as to ensure that the key for symmetric encryption between the client and the server will not be intercepted.
Then, when the client uses the public key to encrypt the key, how can it be judged that the public key used by the client is sent by the server and not forged by hackers? How did the client get this public key?
So a digital certificate is introduced to verify the legitimacy of the public key
Introducing digital certificates
1. Before using the HTTPS protocol, the server will first apply for a digital certificate from the authority. The digital certificate contains the digital signature encrypted by the authority's own unique private key 1 (system checksum: verify whether it has been tampered with) and a pair of new Public key 2 and private key 2 of .
2. When the client sends a request for a digital certificate to the server, the server will put the new public key 2 into the digital certificate and transmit it to the client together
3. After the client gets the digital certificate, it will use the public key 1 of the authority ( the public key 1 of the authority will be built into the operating system of the client ) to decrypt the digital signature to obtain a checksum num1, and use the same for the certificate Algorithm to calculate a new checksum num2, compare whether num1 and num2 are equal, if they are equal, it means that the certificate has not been tampered with .
HTTPS Complete Workflow
Summary: The introduction of digital certificates and asymmetric encryption both work around this symmetric encryption key .
- The introduction of digital certificates is to allow the client to ensure that the server's asymmetrically encrypted public key is obtained to prevent the public key from being tampered with
- The client obtains the public key of asymmetric encryption to ensure that the key of symmetric encryption is transmitted to the server and will not be obtained by hackers
High-frequency interview questions: the difference between HTTPS and HTTP
1. The HTTP protocol is a hypertext transfer protocol, and the data is transmitted in plain text, which has security risks. HTTPS is a secure SSL encrypted transfer protocol, which encrypts the data for transmission
2. The HTTPS protocol needs to apply for a digital certificate from an authority to ensure that the identity of the server is trusted
3. The HTTP connection is relatively simple, and only needs to go through the three-way handshake of TCP for data transmission, while the HTTPS connection needs to go through the three-way handshake of TCP, and then the handshake of SSL to carry out encrypted data transmission
4. The default ports of the two are different, the default port of HTTP is 80, and the default port of HTTPS is 443