[Linux][Network] Application layer protocol: HTTPS

Mobile 2023-12-17 04:26:54 views: null

Article directory

HTTP

HTTPS

HTTP(HyperText Transfer Protocol):

  • It is an application layer communication protocol between a client browser or other program and a web server.

HTTPS(HyperText Transfer Protocol over Secure Socket Layer)

  • can be understood asHTTP + SSL/TLS, that is, the SSL layer is added to HTTP. The security foundation of HTTPS is SSL, so the details of encryption are The content requires SSL for secure HTTP data transmission.

SSL (Secure Socket Layer, Secure Socket Layer):

  • Developed by Netscape in 1994, the SSL protocol is located between the TCP/IP protocol and various application layer protocols, providing security support for data communication.

TLS (Transport Layer Security, Transport Layer Security):

  • Its predecessor was SSL. Its first several versions (SSL 1.0, SSL 2.0, SSL 3.0) were developed by Netscape. In 1999, it was standardized and renamed by the IETF starting from 3.1. It has developed to include TLS 1.0, TLS 1.1, and TLS 1.2. Three versions. SSL3.0 and TLS1.0 are rarely used due to security vulnerabilities. TLS 1.3 will have major changes and is still in the draft stage. The most widely used ones are TLS 1.1 and TLS 1.2.

1. Encryption method

Symmetric encryption:

  • There are two types: streaming and grouping. The same key is used for encryption and decryption.
    For example: DES, AES-GCM, ChaCha20-Poly1305, etc.

  • Features: The algorithm is public, the amount of calculation is small, the encryption speed is fast, and the encryption efficiency is high

Asymmetric encryption: public key (public to the entire network), private key (private only to yourself)

  • Use the public key to encrypt, and you can only use the private key to decrypt.
    Use the private key to encrypt, and you can only use the public key to decrypt.
    For example: RSA, DSA , ECDSA, DH, ECDHE

  • Features: The performance of the asymmetric encryption algorithm is low, but the security is super strong. Due to its encryption characteristics, the length of data that the asymmetric encryption algorithm can encrypt is also limited.

2. Data summary\data fingerprint

  • Digital fingerprint (data summary), its basic principle is to use one-way hash function (Hash function) to operate on information and generate A digest of a stringof fixed length. Digital fingerprinting is not an encryption mechanism, but it can be used to determine whether data has been tampered with. 

    摘要常见算法:MD5、SHA1、SHA256、SHA512等

    The algorithm maps infinite to finite, so there may be a collision (two different information, the calculated summary is the same, but the probability is very low)

  • Digest characteristics: The difference from the encryption algorithm is that the digest is not encryption in the strict sense, because there is no decryption, but it is difficult to infer the original information from the digest.It is usually used for data processing Contrast.

3. Digital signature

After the digest is encrypted, a digital signature is obtained, which can prove that the information has not been modified. The digest is generally encrypted before being sent with the message to ensure that the digest is not modified.

【信息】 --hash--> 【摘要】 -- 加密--> 【签名】

HTTPS working process

Insert image description here

Keys in the working process of HTTPS

There are three sets of keys involved in the working process of HTTPS.

The first group (asymmetric encryption): used to verify whether the certificate has been tampered with.

  • The server holds the private key (the private key is obtained when forming the CSR file and applying for the certificate)
  • The client holds the public key (the operating system contains the trusted CA certification authorities and holds the corresponding public key)
  • When the client requests it, the server returns a signed certificate. The client uses this public key to verify the certificate to ensure the validity of the certificate and further ensure the authority of the server's public key carried in the certificate.

Second group (asymmetric encryption): Used to negotiate keys to generate symmetric encryption.

  • The client uses the public key in the received CA certificate (which is trustworthy) to encrypt the randomly generated symmetric encryption key and transmits it to the server. The server obtains the symmetric encryption key through decryption of the private key.

The third group (symmetric encryption): All subsequent data transmitted by the client and server are encrypted and decrypted through this symmetric key.

Guess you like

Origin blog.csdn.net/m0_67470729/article/details/133033708
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com