As we all know, in the process of data transmission between the client and server, HTTP protocol transmission is not secure, that is, HTTP is generally transmitted in plain text. However, HTTPS data transmission is secure, that is, HTTPS data transmission is encrypted.

How does HTTPS guarantee the security of data transfer between the client and server, who have never met each other?

Here, I’ll walk you through how HTTPS encrypts data to ensure security. Let’s call the client a small guest and the server a small server. Then step by step, explore how HTTPS can ensure that a customer’s communication with a server is not eavesdropped on by a middleman.

1. Symmetric encryption

If now small guest and small clothes want to have a private conversation, they do not want this conversation content to be known by other outsiders. However, our usual data transmission process is clear text transmission, in case of a hacker to steal their dialogue content, that would be uncomfortable.

To solve this problem, this guy came up with a way to encrypt data so hackers can’t see what it’s about. The method looks like this:

Before each data transfer, the server sends a key to the client, which is then used to encrypt messages to the client. After receiving these messages, the small guest will decrypt these messages with the key given by the small server, so that the small guest can get the real data in the ciphertext. If the guest wants to send a message to the server, it encrypts the message with the same key, and the server decrypts the message with the same key. In this way, security of data transmission is ensured. As shown in the figure:

At this moment, small clothes think of his policy cough up, or very proud of.

But here comes the problem. The security of this policy is based on the premise that the guest has the server’s key. But the problem is, the small server is in the clear text of the key to the small guest, at this time, if the hacker intercepted the key, it would be sad. Small service and small guest even encrypted the content, in the eyes of the hacker who intercepted the key, this and plaintext have no difference.

2. Asymmetric encryption

Small clothes or very smart, satisfied for a while, small clothes realized that the key will be intercepted this problem. The stubborn Suit thought of another method: using asymmetric encryption to encrypt data. The method looks like this:

Both the server and the guest have two keys, one of which is public (it doesn’t matter if the whole world knows it), called the public key; The other key is secret (that is, only you know) and is called a private key. In addition, only the corresponding private key can decrypt the data encrypted with the public key. Data encrypted with the private key can be decrypted only by the corresponding public key.

Therefore, in the process of data transmission, the SERVER encrypts data with the public key given by the customer. After receiving the data, the customer decrypts it with its own private key. When a guest sends a message to a server, he encrypts it with the server’s public key, and the server decrypts it with his private key. In this way, the data can reach both sides safely. As shown in figure:

Think of so complex strategy can think out, small clothes but satisfied can not be satisfied…..

Looking at so proud of the small clothes, small guests at this time the mood is not good. Before the small clothing satisfied how long, the small guest to it poured a wave of cold water.

Small guest seriously say: in fact, your this kind of method is not so safe. There’s still a risk of hacking. Such as:

In the process of transmitting your public key to me, if the hacker intercepts your public key, and sends me your public key with his own public key. After I receive the public key, I use the public key to encrypt the transmission (in this case, the public key is actually the hacker’s public key). After intercepting the encrypted message, the hacker can decrypt it using his own private key to retrieve the message’s contents. Then use your public key to encrypt the message before sending it to you. In this case, our conversation was still intercepted by hackers. (On the other hand, the same is true when a guest transfers a public key to a server.)

I depend, such exquisite idea incredibly also not line, small suit this wave, a face without spirit.

Insert talk a

In fact, in the process of data transmission, symmetric encryption method will be much faster than asymmetric encryption method. Therefore, when transmitting data, asymmetric encryption is generally not used only (let’s assume that asymmetric encryption is secure), but a combination of asymmetric encryption and symmetric encryption. You see, symmetric encryption, for example, is insecure because the key is known to someone else during transmission. Based on this, we can use asymmetric encryption to secure the transmission key, and then use symmetric encryption to transmit the message content (of course, I’m assuming asymmetric encryption is secure, here’s how to make it secure).

The digital certificate

What makes asymmetric encryption insecure? It is not as insecure as symmetric encryption. Asymmetric encryption is not secure because the guest cannot be sure whether the public key is really a server after receiving it.

In other words, we need to find a strategy to prove that the public key is the server’s and not someone else’s.

To solve this problem, Fu and Xiao Ke came up with the ultimate strategy: digital certificates:

We need to find a certification authority (CA) that has credibility and is recognized by everyone.

When the SERVER sends the public key to the customer, the public key and the server’s personal information are used to generate a message digest using the Hash algorithm. As shown in figure:

To prevent the digest from being swapped, the server also encrypts the message digest with the CA’s private key to form a digital signature. As shown in figure:

In addition, information before the Hash algorithm is merged with the digital signature to form a digital certificate. As shown in figure:

When the guest get the digital certificate, can use the CA provides the public key to decrypt digital certificate inside of a digital signature to get the message digest, then the digital certificate in public and personal information of the small suit for Hash to get another copy of the message digest, and then compared two copies of the message digest, if, as is proved that these things are indeed little clothing, Otherwise it’s not. As shown in figure:

At this time, some people may have a question, how does the CA public key to the small customer? How does the server have a CA private key? In fact, the server requests these certificates from the CA in the beginning, and the client will also have these certificates built in. Figure (this figure is from yuan Ruan Yifeng’s network log)

When the client receives the data from the server, it checks the built-in certificate list to see if there is a public key to unlock the digital certificate. If so,….. Otherwise…

And that’s pretty much the end of it. I hope it was helpful. If there is anything wrong, please point it out.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

HTTPS how to ensure the security of data transmission

1. Symmetric encryption

2. Asymmetric encryption

Insert talk a

The digital certificate

HTTPS how to ensure the security of data transmission

1. Symmetric encryption

2. Asymmetric encryption

Insert talk a

The digital certificate

Related Posts

A powerful formula editor is recommended: AxMath

MyBatis source code parsing a

01 python based