Article Directory
Simple to understand HTTPS
Writing this article is for your own reference = W =
1 Introduction
- HTTP is usually transmitted over the Internet, the general in order to ensure transport safety, we will encrypt the data, but there are some problems:
- Symmetric encryption problems: If a symmetric encryption method, then both sides need to pass each other a public key and uses that key to encrypt and decrypt. If the key is first to be intercepted by others, then the entire transmission encryption would be meaningless.
- Asymmetric encryption problem: the asymmetric encryption key will split into public and private keys, symmetric encryption can be a good solution to the problem, but the encryption, decryption fast enough to affect the transmission performance.
- HTTPS
- To add based on HTTP transmission encryption and authentication means, a combination of symmetric encryption and asymmetric encryption advantages.
- Safer, lower performance loss
- Generally use SSL / TLS protocol
2. HTTPS transmission mode
- To discuss the agreement with the encryption algorithm stage
- Client sends a request, including "supported protocols, for example SSL 1.0", "encryption support", "random number A"
- The server returns the data, including the "protocol selection", "selected encryption algorithm", "random number B", "server certificate (including public key)"
- Asymmetric encryption and authentication phase CA
- The client receives the data, the credibility of the verification server certificate (ie CA certificate), and alerts you if an untrusted (eg early 12306 certificate). After confirming trusted, generates a random number C, and C of the random number encrypted with the public key of the server certificate, is sent to the server.
- Server receives data, using the private key to decrypt the random number C, by a known random number A, B, C, and prior to the negotiated encryption algorithm to generate a key X (for symmetric encryption)
- The client also known to use a random number A, B, C, and prior to the negotiated encryption algorithm to generate a key X (for symmetric encryption)
- Symmetric encryption stage
- Client X using a key encrypted transmission data, transmitting data to the server
- X server using the key to decrypt the received data, then use the key to encrypt data X, the data transmission to the client
- The subsequent transmission mode using the key X is encryption, decryption
3. Summary of key points
- Symmetric encryption key to protect public to be transmitted using asymmetric encryption method, you only need to do once in front, to ensure the security of the transmission.
- Asymmetric encryption is likely to be fake public key, private key, so they need a third-party certification body. We use the CA certificate for the public key really does this site.
- Because the public key assured, all subsequent transmission operation using symmetric encryption, to ensure that the transmission performance.
4. A small problem
- So HTTPS-SSL / TLS encryption protocol is located in a layer of the OSI model that it?
- Located presentation layer, session layer.
The fifth layer: the session layer
for authentication, session management, and communication is determined by drawing upon the main content of the session layer. Once the connection is established, the task of the session layer is to manage the session.
Sixth layer: Presentation Layer
The presentation layer is mainly explained the meaning of the data communications, such as code conversion, format conversion, so that different terminal can be expressed. Further comprising encryption and decryption, compression and decompression and the like.
