HTTP and HTTPS of the essential Interview

Others 2019-08-18 02:43:03 views: null

This article explains the difference Http and https, and how https encryption to ensure security.

 

First tell the difference between maybe has a simple protocol:

 

HTTP: Hypertext Transfer Protocol.

HTTPS: Hypertext Transfer Protocol Secure Socket Layer HTTP + SSL

 

HTTP: client and server-side delivery of the message is plain text.

HTTPS: encrypt the plaintext and then passed before the client and the server.

 

HTTP port 80, the port 443 using HTTPS.

 

HTTPS requests the certificate.

 

HTTPS using symmetric encryption and asymmetric encryption two encryption to protect the security of transmitted information:

Asymmetric encryption: using public and private keys to encrypt and decrypt (some students here do not understand, then you can look at the information).

Symmetric encryption: encryption and decryption keys are set with the same.

Note: Asymmetric encryption is more secure, faster symmetric encryption.

 

https request process:

  1. The client (browser) requests https connection to the server.

  2. The server returned certificate (public key) to the client.

  3. Client random secret key A (for symmetric encryption).

  4. A client to be encrypted with the public key.

  5. The client A sends the encrypted cipher text to the server.

  6. Server secret key decrypted symmetric encryption by a private key of the ciphertext.

  7. Client and server secret symmetric key ciphertext encrypted communication.

     

In the second step the above-described procedure is risky, because the public key is exposed, when the public key is illegally intercepted by an intermediary, while the public key intermediary replace its public key to the client, to thereby obtain a symmetric encryption secret key, and thus communicate with the client camouflage.

 

To solve this problem, on the introduction of digital certificates and digital signatures

So in the second step, the server sends an SSL certificate to the client, SSL certificate contains the specific contents of the certificate authority, validity period, a public key, certificate holders, the signature verification by a third party guarantee legal status.

A first client reads the certificate owner, expiration date information for verification.

Second, the client (browser) Find the operating system has built-in certificate issuing authority trusted CA, issued the server certificate sent me CA comparison is used to verify whether the certificate issued by a legitimate institution.

Third, if not, the browser will give an error.

Fourth, if found, will be taken out of the public which, in the signature certificate to decrypt it.

Fifth, use the same Hash algorithm to the signature digest and summary sent to the server for comparison.

Six, if you compare the same, the legal, so you get a public key

 

A large number of books interview experience and learning materials please pay attention to micro-channel public number: AVAJ

Reply to "offer" be acquired

365 java giant plane by what you want me there

Guess you like

Origin www.cnblogs.com/DoubleP/p/11369896.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com