Preface:

In Web applications, we often need to ensure the security of data transmission. Imagine if we fill in the form information on the page and submit it to the server, the form information is intercepted by another malicious user, that would be very insecure? That’s why we moved from the original HTTP protocol to the current HTTPs protocol. This article will start from the origin of cryptography, gradually introduce the development of cryptography, and HTTPs connection process.

The development of cryptography

The word cryptography, originally derived from the Greek phrase “secret writing,” has had a glorious history for thousands of years.

Who uses cryptography? By whom was cryptography developed?

Historically, four groups of people have used cryptography and made important contributions to it. They are: military personnel, diplomatic personnel, daily reporters, lovers. Military journalists have played the most important role in this field and continue to improve it.

A few basic concepts

The plaintext is the message we are about to send, which is transformed by a function with the secret key as a parameter. The result of the transformation is the encrypted ciphertext.



The technique of cracking passwords is called cryptanalysis, and cryptanalysis and cryptography together make up cryptography.

The plaintext is the secret key obtained through the function transformation of the secret key, so it is not difficult to see that the development of cryptography and mathematics are closely related.

Historically, encryption methods have been divided into two broad categories: substitution ciphers and substitution ciphers.

Replacement password

In a substitution cipher, each letter or group of letters is replaced by another letter or group of letters, thus masking the original letter.

Let’s say we replace a with 1, b with 2, and C with 3………

Then ACBDADCCA can be translated as 132414331

Replace the password

The substitution cipher preserves the order of plaintext symbols, but disguises the plaintext. Alternative ciphers, by contrast, reorder letters but do not disguise plaintext.

Now we are going to transfer data is: kanwowenzhangdianzandedoushidashuaibi

Here is an alternative password for column transposition.

  1. Select a word or phrase that does not contain repeated letters as your secret key. Here the selectionMEGABUCK
  2. Rank different letters 1, 2, and 3 according to the secret key.
  3. Sort the plaintext in rows.
  4. Read the data in columns in order.

So we went through the secret key cipher text is translated: wnhiogibeeaahuunasandskzoh

But computers run so fast, it’s not a piece of cake, right? Therefore, these coding methods are very easy to crack, not detailed here.

Symmetric secret key algorithm and asymmetric secret key algorithm

Modern cryptography uses the same ideas as traditional cryptography (substitution and displacement), but with a different emphasis. Cryptographers have traditionally used very simple algorithms. Now the reverse is true. The goal of cryptography is to make the encryption algorithm as intricate as possible, so that even if a cryptanalyst has access to a large selection of ciphertext, it is impossible to deduce our plaintext without the secret key.

Symmetric secret key algorithm

The first is the symmetric secret key algorithm: use the same secret key to encrypt and decrypt the algorithm.

In January 1977, the U.S. government adopted the first product cipher developed by IBM as the official Standard for unclassified information, the DATA Encryption Standard (DES). The key length of the data is 56 bits.

In early 1979, IBM used triple encryption to effectively increase the length of DES when the keys lost to DES were too short.

As DES came to the end of its life, advanced Encryption Standard (AES) emerged. One of the most useful is Rijindael, which has a 128-bit secret key. The 128-bit key space contains 3×10 to the power of 38 keys, which is impossible for a computer to compute for decades.

Asymmetric key algorithm RSA

Historically, handing out keys has been the weakest link in most cryptographic systems. No matter how strong a cryptographic system is, if an intruder can steal a key, the whole system becomes worthless.

In 1976, two Stanford university researchers proposed asymmetric encryption algorithm. There are two secret keys, called public key and private key. The secret keys used for encryption and decryption are different. Data encrypted with a public key can be unlocked using a private key, and data encrypted with a private key can be unlocked using a public key.

How does this approach work? First of all, we create a pair of secret keys and make the public key public. The data sent to me by others can be encrypted with my public key. Since only I know the private key, it is impossible for others to decrypt the message.

The researchers think it’s so good that they’re working hard on it. Rivest,Shamir and Adleman created THE RSA algorithm in 1978, and were jointly awarded the ACM Turing Award in 2002 because of the high security of the algorithm.

The essence of RSA is an algorithm based on mathematical problems such as the difficulty of factoring large numbers and the difficulty of computing discrete logarithms modulo large prime numbers. Cryptography has a lot to do with mathematics, and it’s not easy for people who aren’t good at math to learn it.

Common concepts

A digital signature

Just like our signatures in real life, digital signatures can prove our uniqueness on the Internet.

A digital signature must meet the following conditions:

  1. The receiver can verify the identity claimed by the sender.

  2. The sender cannot later deny the content of the message.

  3. Recipients cannot make up such information themselves.

The message digest

The most famous message digest Algorithm is Secure Hash Algorithm 1 (SHA-1).

The sender performs a sha-1 operation on the plaintext message to obtain a message digest, which the sender then signs with its own secret key. Along with plaintext data sent to the receiver. After receiving it, the receiver needs to do two things. 1. Use the SHA-1 algorithm to obtain a hash value for plaintext data. 2. Decrypt the signature using the sender’s public key to obtain the digest and compare the digest with the hash value obtained by yourself to check whether the data is correct.

The digital certificate

The basic task of digital certificates is to bind a public key to the name of a secure entity (such as an individual or a company), and the authority responsible for issuing digital certificates is called a CA. In this way, we can be sure that the public key is authentic.

HTTPS connection process (using both symmetric and asymmetric encryption)

  1. The browser initiates a connection request to the server.
  2. The server returns its certificate to the browser.
  3. The browser verifies that the certificate is valid. If it is not, the connection is disconnected. If it is, a string of random number secret keys are generated on the local machine, and then the server’s public key in the certificate is asymmetrically encrypted for this string of random numbers, and then returned to the server.
  4. The server performs asymmetric decryption with its own private key to obtain this secret key.
  5. After that, symmetric encryption is used for data transmission.