Transmission details and process [computer network] HTTPS protocol analysis

Others 2019-12-01 17:20:29 views: null

1. introduce the HTTPS protocol?

1.1 Basic Concepts

http defaults as a communications port 80, for transmission using without encryption, https defaults 443, encrypted transmission of data for transmission.

1.2 Foundations of Cryptography

Plaintext : plain text refers to the original data is not encrypted.

Ciphertext : plaintext is then encrypted, it will become some sort of cipher encryption algorithm to ensure the safety of the original data. The ciphertext can be decrypted to obtain the original plaintext.

Key : a key parameter, which is in plaintext into ciphertext, or ciphertext is converted to plaintext algorithm parameters entered. Symmetric key into the key asymmetric key, are used in symmetric encryption and asymmetric encryption.

1.3 symmetric encryption

[! NOTE]
Symmetric encryption is also called private key, i.e., the sender and recipient information using the same key to encrypt and decrypt data. Symmetric encryption algorithm is disclosed features, fast speed encryption and decryption, suitable for encrypting large amounts of data, a common symmetric encryption algorithms are DES, 3DES, TDEA, Blowfish, RC5 and IDEA.

其加密过程如下:明文 + 加密算法 + 私钥 => 密文
解密过程如下:密文 + 解密算法 + 私钥 => 明文

Symmetric encryption keys used in private is called, represents the private individual private keys, that is, the key can not be compromised.

Its private key encryption and decryption process used in the process is the same private key, which is citing encryption is called a "symmetry". Since symmetric encryption algorithm is public, so once the private key is compromised, then the ciphertext is easy to be cracked, the symmetric encryption key security management drawback is difficult.

1.4 Asymmetric encryption

[! NOTE]
Asymmetric encryption is also called public key encryption. Asymmetric encryption compared with symmetric encryption, security better. Symmetric encryption communicating parties use the same key, if the key party was leaked, the entire communication will be cracked. Instead of using a pair of symmetric encryption key, i.e., public and private, and the two in pairs. The private key is saved himself, not leaked outside. Key is a public key, anyone can get the key. Private key encrypted with a public key or any, to be decrypted by the other.

  • Encrypted through public key ciphertext can only be decrypted private key , as follows:
明文 + 加密算法 + 公钥 => 密文, 密文 + 解密算法 + 私钥 => 明文
  • The private key is encrypted ciphertext can only be decrypted public key , as follows:
明文 + 加密算法 + 私钥 => 密文, 密文 + 解密算法 + 公钥 => 明文

Since encryption and decryption using two different keys, encrypt the reason "asymmetric" of which asymmetric.
Asymmetric encryption to encrypt and decrypt the disadvantage that it takes a long time, slow, suitable only for small amounts of data to be encrypted.
The main algorithm used in asymmetric encryption has: RSA, Elgamal, Rabin, DH , ECC ( elliptic curve cryptography) and the like.

2. HTTPS communication process (the focus of the interview)

2.1 Basic Concepts

= HTTP protocol HTTPS protocol + SSL / TLS protocol / TLS encryption and decryption of data, the data transmission process HTTPS, the SSL needed, the need for transmission of the encrypted data using HTTP, HTTPS can be seen by collaboration with HTTP and SSL / TLS.

SSL stands for Secure Sockets Layer, i.e. Secure Sockets Layer protocol, to provide security and data integrity of a secure communications protocol for the network. Netscape SSL protocol was the invention in 1994, and later various browsers support SSL, its latest version is 3.0.

TLS full name is Transport Layer Security, namely Transport Layer Security, the latest version of the TLS (Transport Layer Security, Transport Layer Security) is a new protocol IETF (Internet Engineering Task Force, Internet Engineering Task Force) to develop, it based on SSL 3.0 protocol specification, follow-up version of SSL 3.0. There are significant differences between TLS and SSL3.0, mainly different encryption algorithms are supported, so SSL3.0 not interoperate with TLS. Although the TLS encryption algorithm on SSL3.0 different, but in our understanding of the process of HTTPS, SSL and TLS we can be seen as the same protocol.

HTTPS For both safety and efficiency, while using a symmetric encryption and asymmetric encryption . Data is transmitted symmetric encryption, symmetric key encryption process requires a client, in order to ensure that the key can be transmitted to the security server using an asymmetric encryption key to encrypt the transmission, in general, the data symmetric encryption, symmetric encryption key to be used in asymmetric encryption transmission .

encryption

2.2 transport keys

HTTPS transport procedure will involve three key:

  • Server public and private keys, asymmetric encryption is used for
  • Client-generated random key used for symmetric encryption

2.3 Transmission details (important to understand)

A HTTPS request actually contains two HTTP transport, it can be subdivided into 8 steps.

  1. Client sends an HTTPS request to the server, the server is connected to the port 443
  2. The server has a key pair, namely a public key and a private key, is used to use asymmetric encryption, the server holds the private key, it can not be compromised, the public key may be transmitted to anyone.
  3. The server sends its public key to the client.
  4. After the client receives the server's public key, the public key will be checked to verify its legitimacy, if we find a problem with the public key found, then HTTPS transport can not continue. Strictly speaking, there should be verification of the legitimacy of the digital certificate sent by the server. If the key is qualified, then the client generates a random value, the random value is used for symmetric encryption key, the key we call client key, i.e., client key, so that the concept and the server end of the key is easy to distinguish. Then the client server's public asymmetric encryption key, and client key becomes a ciphertext, so far, the first HTTP request in HTTPS end.
  5. The client initiates a second HTTP request to the HTTPS, the client after the encryption key to the server.
  6. After the server receives the client to ciphertext, will use its own private key to decrypt asymmetric, that is, the plaintext after decryption client key, and the data encrypted with the symmetric key client, so that data into ciphertext.
  7. The server then transmits to client ciphertext encrypted.
  8. The client receives the ciphertext sent by the server, the client using the decrypted symmetric key them to obtain data sent by the server. The second end of the HTTPS HTTP requests, HTTPS entire transfer is complete.

Reference blog: https://www.jianshu.com/p/14cd2c9d2cd2

Guess you like

Origin www.cnblogs.com/fecommunity/p/11965870.html
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com