1. What is HTTP protocol?
HTTP is Hyper Text Transfer Protocol, located at the application layer of the TCP/IP model. The HTTP protocol communicates between the client and server in the form of request or response. HTTP information is transmitted in plaintext without any encryption, which is equivalent to “running naked” on the network. Therefore, it is vulnerable to malicious interception or even tampering by middlemen (man-in-the middle attack).
2. What is HTTPS?
HTTPS(Hyper Text Transfer Protocol over Secure Socket Layer) is an HTTP channel for security purposes. It is the Secure version of HTTP. That is, add SSL layer to HTTP, and SECURE Sockets Layer (SSL) is the basis of HTTPS security. Therefore, SSL is required for details of encryption.
3. Symmetric encryption and asymmetric encryption
Symmetric encryption
Symmetric encryption adopts symmetric cryptography technology, which is characterized by the same key used for file encryption and decryption.
This method in cryptography is called symmetric encryption algorithms, symmetric encryption algorithm is simple and easy to use, the key is shorter, and the crack is difficult, in addition to the data encryption standard (DES), a symmetric key cryptosystem is the international data encryption algorithm (IDEA), it is better than DES encryption of sex, but also for computer functions but also less demanding.
Asymmetric encryption
Different from symmetric encryption algorithms, asymmetric encryption algorithms require two keys: a publickey and a privatekey.
The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt data. If data is encrypted with a private key, it can only be decrypted with the corresponding public key.
Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption.
4. HTTPS process
1. The server sends its public key (Key1) to the CA to apply for a certificate.
2. The CA also has a pair of public and private keys. The organization uses its own private key to encrypt Key1 and generates a certificate signature from information such as the server url, which is also encrypted by the organization’s private key. After the certificate is created, the organization sends the certificate to the server.
3. When the client requests for communication with the server, the server does not directly return its public key (Key1), but returns its certificate to the client.
4. The first thing the client needs to do after receiving the certificate is to verify the authenticity of the certificate. It is important to note that browsers and operating systems already maintain the names and public keys of all authority certificates. Therefore, the client only needs to know which institution issues the certificate, and can find the corresponding public key locally and decrypt the certificate signature.
After the certificate is verified successfully, the client can safely use the public key of the organization again to decrypt the public key Key1 of the server.
How does the client validate the certificate locally?
The certificate itself tells the client how to verify the authenticity of the certificate, that is, how to generate a certificate number according to the method on the certificate. If the generated certificate number is the same as the certificate number on the certificate, the certificate is proved to be real. At the same time, the private key of the third-party organization is used to encrypt the certificate to prevent the certificate number from being switched.
The certificate is the digital certificate in HTTPS, the certificate number is the digital signature, and the third party is the exponential certificate Issuing Authority (CA).
5. The client generates its own symmetric encryption key Key2, encrypts Key2 with the server public key Key1, and sends the key to the server.
6. The server uses its own private key to unlock the encryption and obtain the symmetric encryption key Key2. The client and server then begin symmetrically encrypted communication using Key2.
