The basic concept
Symmetric encryption
Both parties use the same key for encryption and decryption. Example: the AES.
Asymmetric encryption
The server uses the private key to encrypt and the client uses the public key to decrypt. Data encrypted with a public key can only be decrypted with a private key, and data encrypted with a private key can only be decrypted with a public key. Example: the RSA.
Abstract
The abstract algorithm is used to generate a fixed length abstract for the original text, and the abstract cannot be reversed to get the original text. Different maximum probabilities of the content (the vast majority is close to 100%, depending on the collision degree of the abstract algorithm) will generate different abstracts. Example: MD5 summary algorithm, for 1M data and 1 byte of data will generate 128 digits.
The signature
The original text is generated into an abstract, and then the abstract is encrypted with its own private key to get a ciphertext string, which is the DIgital Sign of the original text. Public key decryption (digital signature) == original text at contract signing == abstract algorithm (current text) == current abstract
certificate
Prove the correctness of the public key to prevent someone impersonating the server to give their public key to the client, and the client communication.
CA
Proving the credibility of the certificate is equivalent to the server saying this is my certificate, but the client saying why do I trust you? A third-party organization is required to prove the credibility of the certificate. Tips: CA and certificates avoid man-in-the-middle attacks.
The chain of trust
When we open a website, certificate issued by the X authorities over HTTPS handshake, downloaded to a local browser will find operations in the system, the agency’s certificate is installed, if installed, then will pass the certificate’s public key to decrypt the signature of the certificate, get the site, and then through the algorithm to get the, Compare the calculated summary with the received summary. If so, the certificate can be trusted. If no operating system is not installed, it checks to see if the issuing party’s certificate is installed on the operating system until the root certificate is found. The characteristic of a root certificate is that it has no organization to sign it, and as long as the operating system has a root certificate, the certificate issued by the root certificate is trusted. Tips: So do not install pirated operating system, may have malicious root certificate.
HTTPS
HTTPS adds SSL/TLS encryption on the basis of HTTP, and uses asymmetric encryption to exchange symmetric keys through the public key of the CA certificate, and then uses the exchanged symmetric keys to encrypt the data symmetrically (because asymmetric encryption is more expensive than symmetric encryption).