1.SSL (Secure Socket Layer, Secure Sockets Layer)
Action 1) SSL is
- Communication Encryption
- Determining communication party
- SSL provides authentication and encryption process and digest function
HTTP protocol without encryption, but by and SSL (Secure Socket Layer, Secure Sockets Layer) or a
combination of TLS (Transport Layer Security, Security Layer Transfer Protocol) is used, the content of the HTTP encryption communication.
After establishing a secure communication link with SSL, HTTP traffic can be carried out in this route. SSL is used in combination with HTTP called HTTPS (HTTPSecure, https) or HTTP over SSL.
While using the HTTP protocol communication party can not be determined, but if you can use SSL. SSL provides encryption processing only, but also a means used is called a certificate, may be used to determine the direction.
Certificate is issued by a trusted third party to prove the server and client are real. In addition, the certificate is a forgery extremely difficult thing from a technical point of view. So long as the communication party confirmation certificate (server or client) holds, it can determine the true intentions of the communicating parties.
Note: The trusted third party is generally refers to has been recognized by society of business or organization.
2) SSL uses a cryptographic processing method is called public key encryption (Public-key cryptography) is.
2.HTTPS
We add encryption and authentication mechanism of HTTP called HTTPS (HTTP Secure).
3. Encryption
1) Shared Key
Encryption and decryption key the same manner is referred to as a shared key encryption (Common keycrypto system), also known as symmetric key encryption.
2) public key encryption
Public key encryption using an asymmetric key couple. One called the private key (private key), the other is called the public key (public key). As the name suggests, the private key can not let anyone else know that, while the public key can be freely released, anyone can get.
Hybrid encryption HTTPS
HTTPS mixed both encryption and shared key encryption and public key encryption use. If the key to achieve secure exchange, then you might consider using only public key encryption for communication. However, public key encryption and shared key encryption compared to its processing speed is slower.
Public key encryption processing than more complex to share the encryption mode, so when using the public key encryption in communication, the efficiency is very low