HTTPS = Symmetric encryption + Asymmetric encryption + Authentication + Integrity protection.
On the basis of understanding HTTPS, you need to know the following points:
Disadvantages of HTTP:
- Communications use clear text and can be eavesdropped
- The identity of the correspondent is not verified, so it is possible to encounter camouflage
- The integrity of the message could not be proved, so it may have been tampered with
Therefore, HTTP is difficult to ensure security when it is needed for secure transmission.
Symmetric encryption
Symmetric encryption of Baidu Encyclopedia
To simplify, the client can generate ciphertext X by mixing the data data with key through encryption algorithm F, and the service provider can decrypt the data data through decryption algorithm F ‘by mixing key with ciphertext X.
The server can use encryption algorithm F to ‘mix the key and generate ciphertext X’, and the client can use decryption algorithm F’ to ‘mix the key and decrypt the data data’.
The client
Encryption => f(key, data) => X Decryption => F'(key, X') => data'
Copy the code
The service side
Decryption = > f'(key, X) => data encryption => f(key, data')) => X'
Copy the code
So what is the security of symmetric encryption?
Client->Server: request key Server->Client: key Client->Client: f(key, data) => X Client->Server: X Server->Server: f'(key, X) => data Server->Server: f(key, data) => X' Server->Client: X' Client->Client: f'(key, X') => data'Copy the code
Title: Hacked communication Participant Client as C Participant Hacker as H Participant Server as S C->H: Request key H->S: Request key S->H: The key H - > C: key C - > C: f (key, data) = > X C - > H: X H - > H: f '(key, X) = > data H - > H: alteration data = > other H - > H: f(key, other) => XX H->S: XX S->S: f'(key, XX) => other S->H: f(key, other') => YY H->H: f'(key, YY) => other' H->H: Other '=> another H->H: f(key, another) => YY' H->C: YY'Copy the code
The drawback of symmetric encryption algorithms is that before data can be transmitted, the sender and receiver must agree on the secret key, and then enable both parties to keep the secret key. Secondly, if one party’s secret key is leaked, the encrypted information is not secure. ** In addition, each pair of users needs to use a unique secret key unknown to others every time they use a symmetric encryption algorithm, which makes the number of keys owned by the receiver and sender huge, and key management becomes a burden for both parties.
Asymmetric encryption
Asymmetric encryption of Baidu Encyclopedia
To simplify this, the client uses algorithm f and the publickey publickey to encrypt data and obtain ciphertext X. The server uses algorithm f and the privatekey privatekey to decrypt ciphertext X and obtain data.
The server uses algorithm f and the privatekey privatekey to encrypt data’ and obtain the ciphertext X. The client uses algorithm f and the publickey publickey to decrypt the ciphertext X’ and obtain the data’.
The client
Send encryption => publicKey (data) => X Receive decryption => publickey (X)') => data
Copy the code
The service side
Send encryption => f(privateKey, data)') => X'Receive decryption => publickey (X) => dataCopy the code
So what is the insecurity of asymmetric encryption?
Title: Normal communication Participant Client as C Participant Server as S C->S: Request PublicKey S->C: Publickey C->C: f(publickey, data) => X C->S: X S->S: f(privatekey, X) => data S->S: f(privatekey, data') => X' S->C: X'Copy the code
Title: Hacked communication Participant Client as C Participant Hacker as H Participant Server as S C->H: request publicKey H->S: Request publicKey S->H: publickey H->C: publickey C->H: f(publickey, data) => X H->S: X S->S: f(privateKey, X) => data S->H: f(privatekey, data') => X' H->H: f(publickey, X') => data' H->C: X' C->C: f(publickey, X') => data'Copy the code