Why HTTPS
Before HTTPS, all requests were sent in clear text, so if someone eavesdropped or grabbed a packet in transit, all of your communications would be exposed. A more secure method is to encrypt the content of the communication before sending it to the other party. There are two encryption methods, symmetric encryption and asymmetric encryption.
Two, symmetric encryption
Symmetric encryption means that encryption and decryption use the same key. But the client and server do not have the same key until they communicate. Either party is required to send the key to the other. There is no authentication during the transmission, so a hacker could intercept the key and decrypt the encrypted content. So pure symmetric encryption is not secure.
Asymmetric encryption
Asymmetric encryption refers to encryption and decryption with different keys. It can be encrypted with the private key and decrypted with the public key, or encrypted with the public key and decrypted with the private key. But that’s what happens. The server has a private key and a public key and sends the public key to the client. Since a client can obtain a public key, a hacker can also obtain a public key. Everything the server sends to the client is readable by the hacker. The client sends the encrypted public key to the server without being affected, because the hacker does not have the server’s private key. So pure asymmetric encryption is also insecure.
The process of transferring a key
Diagram the process of transferring the key
HTTPS uses symmetric encryption to encrypt communication. The key used is called A. Use asymmetric encryption to encrypt key A and send it to the other party. As long as key A does not fall into the wrong hands, the transmitted data cannot be deciphered.
So the question is, how do you get the key safely to the other party?
Let’s look at the transmission process of the key:
Why is HTTPS reliable?
HTTPS is reliable because it solves three problems.
Encrypted communication, even if someone else has access to the message can not be restored to the original message.
Prevent man-in-the-middle attacks. A hacker cannot impersonate a server. Because in step 2, the server gives the client a CA certificate.
If the client authenticates the certificate, the certificate and public key are authentic and sent by the server.
If the client cannot verify the certificate, it is not reliable and may be a fake.
Credibility of the CA certificate. A company or an individual needs to apply for a CA certificate and verify the existence of the domain name through email authentication. It avoids the possibility of hackers impersonating websites to obtain certificates.
Technically, the CA’s public key is written in the operating system or browser. Only content encrypted with the CA’s private key can be decrypted. This ensures that the certificate is indeed issued by the CA.
Six, the role of the key
Finally, let’s review what each key does:
Source: juejin. Im/post / 5 ebe6870f265da7bce2696b9