HTTP transfers are as follows:

At this time, the information is transmitted in plaintext. If the information is intercepted, the contents can be seen, which is extremely insecure

Then you need to encrypt the content, and the process is as follows:

  1. The browser generates a secret key
  2. The browser requests the public key from the server
  3. The server sends its public key to the browser
  4. The browser receives the public key sent by the server, encrypts the randomly generated symmetric key with the public key, and sends the public key to the server
  5. The server receives the data sent by the browser, uses its own private key, and obtains a symmetric encryption key
  6. Finally, the browser and server can communicate using symmetric keys to encrypt content

However, this scheme still has security risks. Between the third and fourth steps, if a middleman obtains its public key, the browser encrypts the symmetric key using the public key of the middleman and sends it to the server, where the middleman again intercepts the data and obtains the symmetric key. Data content is snooped on by the browser and server without the knowledge of both parties.

The point of the problem is that the third step is that the browser can’t get a valid source of the public key, which requires a digital certificate. This is the HTTPS solution where the server sends only the public key, but the digital certificate containing the public key. Digital certificates are issued by third parties and browsers have maintained all well-known third parties.

How does the browser determine the validity of the public key?

  1. View the validity period of a digital certificate when receiving it
  2. According to the third-party organization name of the digital certificate, find the corresponding public key, decrypt the digital signature, and obtain hash1
  3. Hash2 is generated using a signature algorithm based on the server url and other information
  4. If hash1 is equal to hash2, the public key is valid

Public key and private key A public key and private key are a key pair that can be decrypted from each other. Use public key encryption, private key decryption. It can effectively ensure data security. However, if the private key is used for encryption and the public key is decrypted, the source’s legitimacy can be determined. Since we can’t encrypt until we know the private key, if we can decrypt the normal content using the public key (the correct content is compared to hash1 and hash2), then the host must have the private key, and the private key is issued to the server by a third party. This is the digital signature.

OSI Layer 7 Physical layer -> Data link layer -> Network layer -> Transport layer -> Session layer -> Presentation layer -> Application Layer HTTPS SSL is located between the transport layer and application layer