14.1. Symmetric encryption
Security risks: a key addition to me, there are more than one person owns. Greater risk of leakage, key transfer process at higher risk
14.2. Asymmetric encryption
Advantages and disadvantages: the private key is safe. But spending big asymmetric algorithms, used in high-volume business, it will lead to high cost performance (too Prodigal).
14.3. HTTPS encryption scheme
The above program strengths and weaknesses, their respective merits, to get their own programs
1 , the service data encrypted using symmetric encryption, reducing performance overhead
2 , the symmetric key, an asymmetric encryption escort
14.4. Nginx configuration https
premise
View nginx has been installed https module ( openresty is enabled by default https modules):
Nginx configuration https only two stuff. A browser certificate (containing the public key encryption for browser use), a private key (decryption for their own use)
server.crt and server.key can go buy a business. You can also use the program to generate your own copy (former 12306 on the use of self-signed certificate )
Self-signed certificate
Self-signed certificate generation process as follows (provided that the machine installed the openssl program, copy can be ordered):
Nginx configuration
Nginx内的配置如下:
校验
输入网址:https://enjoy.com/a.html
https方式显示页面如下:
查看证书
可看到证书只包含公钥字符串内容