Chapter VII ensure a secure HTTPS Web

Others 2019-12-21 10:34:46 views: null

Chapter VII ensure a secure HTTPS Web

Use HTTPS communication mechanism can effectively prevent eavesdropping or identity information security issues such as camouflage.

1.HTTP shortcomings

  [ Communications using plaintext (not encrypted) ]: likely by eavesdropping .

    Encrypted to prevent eavesdropping. The encrypted object into:

    ① encrypted communications: combining (secure transport protocol) to be used by SSL (Secure Sockets Layer) or TLS, encrypted communication content over HTTP. After using SSL to establish a secure communication line, the HTTP communication can be carried out on this line. SSL used in combination with HTTP called HTTPS (https) .

 

    ② encrypted content: the content of the HTTP packets contained inside encrypted.

 

  [ Does not verify the identity of the communicating parties ]: likely to encounter camouflage .

    While using the HTTP protocol communication party can not be determined, but if you can use SSL. SSL provides encryption processing only, but also referred to the use of a certificate means may be used to determine the direction. Certificate is issued by a trusted third party, the client is used to prove real.

  [ Unable to prove the integrity of the message ]: it may be tampered with .

    An attacker request or response in transit, was intercepted and tampered with the contents of the attacker is called middle attacks. There PGP and MD5 HTTP methods to determine the integrity of the message, but not a hundred percent correct. It is necessary to use HTTPS, SSL provides authentication and encryption processing and summary capabilities.

 

2. HTTP + + encrypted authentication integrity protection + = HTTPS

 

 

   经常会在Web登陆界面和购物结算界面等使用HTTPS通信。使用HTTPS通信时,不再用http://,而是改用https://。另外当浏览器访问HTTPS通信有效的Web网站时,浏览器的地址栏会出现一个带锁的标记。

 

  

  【HTTP是身披SSL外壳的HTTP】HTTPS只是HTTP通信接口部分使用SSL和TLS协议代替而已。通常HTTP直接和TCP通信,当使用SSL时,演变成HTTP先和SSL通信,再由SSL和TCP通信。在采用SSL之后,HTTP就拥有了加密、证书和完整性保护功能。

  【HTTPS加密技术

 

   ①共享密钥方式(对称密钥方式):加密和解密使用同一种密钥。缺点:以共享密钥方式加密时必须将密钥也发送给对方。但是如何安全转交密钥成问题。

  ②公开密钥方式:使用一对非对称密钥,一把叫做私有密钥(只有自己知道),一把叫做公开密钥(大家都知道)。发送密文的一方使用对方的公开密钥进行加密处理,接受方收到加密信息后,在用自己的密钥进行解密。缺点:恢复信息原文十分困难。

  ③HTTPS使用混合加密机制:使用公开密钥方式传输在共享密钥加密中要使用的密钥,然后再使用共享密钥加密进行通信。

 

    ④证明公开密钥正确性的证书:公开密钥加密方式存在一些问题,那就是无法证明公开密钥本身就是真正的公开密钥。为了解决该问题,可以使用相关机构颁发的公开密钥证书。

  HTTPS的安全通信机制】在HTTPS通信过程中应用层发送数据时会附加一种叫做MAC(Message Authentication Code)的报文摘要。MAC能够查知报文是否遭到篡改,从而保证报文的完整性。

  【SSL缺点】:慢!通信慢、消耗大量CPU和内存资源,处理速度慢。

Guess you like

Origin www.cnblogs.com/qmillet/p/12075995.html
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com