Front-end network request process

HTTPS encryption

The security of HTTP communication is not guaranteed. In the process of data transmission, the packet may be captured by the middleman, so the data may be stolen by the middleman, or the data may be modified or replaced. The server cannot determine whether the data really comes from the client.

  1. The accuracy and completeness of the message cannot be guaranteed
  2. Confidentiality of messages cannot be guaranteed
  3. The reliability of the source cannot be guaranteed

HTTPS was created to solve these problems

The basic concept

The use of encrypted digital certificate array signature technology

Symmetric and asymmetric encryption

Symmetric encryption (shared key encryption)

The client and server share a key for encryption. The client and server agree on an encryption key. The client uses the key to encrypt the message before sending it, and the server uses the key to decrypt the message after sending it to the server

  1. Advantages of symmetric encryption

Symmetric encryption solves the problem of confidentiality of HTTP messages. 2. Disadvantages of symmetric encryption + Sharing a key leads to the easy leakage of the key, high risk of leakage, and the server is difficult to defect the accuracy of the message

Asymmetric encryption (common key encryption)

The client and the server has a public key and a private key, public key can be exposed, and the private key can only be yourself Use of public key encryption information can only be decrypted with the corresponding private key, in turn, the information is encrypted with the private key, only the public key can unlock, so before the client sends a message to the server, The public key of the server is used for encryption, and the server uses its own private key for decryption

  1. Advantages of asymmetric encryption
  • The encryption method of public key and private key is used to solve the problem of confidentiality of HTTP messages
  • Because the public key can only be used by the corresponding
  1. Disadvantages of asymmetric encryption

    • Asymmetric encryption requires the recipient’s public key to encrypt the message, but the public key is not secret and can be accessed by anyone, including middlemen. So the middleman can do two things. First, the middleman can replace the client’s public key with his own when the client and server exchange the public key. The server will get the public key from the server instead of the client. The server cannot determine whether the public key is from a correct source. The second is that the middleman does not have to replace the public key, but he can intercept the message sent by the client, tamper with it, encrypt it with the server’s public key and send it back to the server, which will receive the wrong message. non

    • Symmetric encryption performance compared to symmetric encryption will be several times or even hundreds of times slower, more consumption of system resources. Because of this, HTTPS combines both types of encryption.

Digital certificates and signatures

In order to solve the unsecurity of public key source in asymmetric encryption, we can use digital source and digital signature to solve the problem

HTTPS Encryption Process

Continuously updated…