This article is participating in the “Network protocol must know must know” essay contest

preface

When we log in to some websites, Http may be used, but in the payment scenario, Http may have security risks. Because it’s easy to intercept.

For example, when sending an Http request, a hacker intercepts the request network packet, masquerades as a website you are requesting, and sends you a reply. Suppose he or she sends you a reply: enter your bank card number and password, and you send it to the browser without realizing it, so you are fooled.

To solve this problem, use encryption.

encryption

Symmetric encryption

  • Encryption and decryption use the same key. The key must be kept and not made public. If the key is known, it is easy to be decrypted.

So if a hacker intercepts your request, they can’t crack it without the key. But what is the agreement between you and the requested party about this key? If the key is also transmitted over the network, it can still be intercepted by hackers. So there’s still security.

There is another type of encryption: asymmetric encryption

Asymmetric encryption

  • Encryption and decryption use different keys.
  • Use a public key for encryption and a private key for decryption. The private key must be saved and not made public.

When the client sends a request to the payment website, it uses the public key of the payment website to encrypt it. After receiving the request, the payment website decrypts it with its own private key, and then sends the result to the client through the public key of the client, and the client decrypts the result with its own private key. Even if the process is intercepted by a hacker, it cannot be decrypted because it has no private key.

The digital certificate

Like some online banking, sometimes we need to install a certificate. When a request is sent, the certificate adds a signature to the request, which is irreversible and therefore cannot be decrypted if intercepted.

HTTPS

  • Hypertext Transfer Protocol Secure (Hypertext Transfer Protocol Secure) is a transport Protocol for Secure communication over computer networks.
  • HTTPS uses HTTP to communicate. However, IT uses SSL/TLS to encrypt data packets, making the transmission process more secure and ensuring transmission efficiency.
  • Asymmetric encryption is not as good as symmetric encryption. So THE HTTPS protocol combines them. The public and private keys are used to transmit symmetric encryption keys, while the real data traffic is mainly carried out through symmetric encryption

Working Mode:

Client server | - encryption routines and a random -- -- -- -- -- - > | | < -- -- -- -- -- - encryption routines and a random number -- -- -- -- - | | < -- -- -- -- -- -- -- my certificate, Under review -- -- -- -- -- -- -- -- - | | < -- -- -- -- -- -- -- my information transmission done -- -- -- -- -- -- -- -- - | certificate check | -- -- -- -- -- random public key encryption transmission -- -- -- -- -- -- -- -- - > | calculate the symmetric key calculating symmetric key | -- -- -- -- -- -- -- -- using symmetric key transmission -- -- -- -- -- -- -- - > | | -- -- -- -- -- - analog symmetric key transmission -- -- -- -- -- -- -- -- -- - > | | < - good use of symmetric key transmission -- -- -- -- -- -- -- -- - | | < simulation symmetric key transmission -- -- -- -- -- -- -- -- -- -- -- - > | | < -- -- -- -- -- -- -- -- -- -- encrypted communication -- -- -- -- -- -- -- -- -- -- - > |Copy the code