background

We know that HTTPS, in network transmission, encrypts. Specifically, data encryption. // Both client and server encrypt data when writing. Namely 1. Client — “server 2. Server –” client.

How to encrypt and decrypt?

Encryption to decrypt

To encrypt and decrypt, an encryption and decryption algorithm must be used. Specifically, symmetric encryption algorithms.


Why must symmetric encryption be used?

1. First, the encryption and decryption algorithm must be the first. 2. Second, the secret key must be securely transmitted. That is, the secret-generating side (client) should give the secret key to the server.


How to transfer the secret key safely? Asymmetric encryption.

Asymmetric encryption

1. First, the problem to be solved is the transmission of the secret key.

2. The secret key also needs to be transmitted safely, so how to transmit the secret key safely? Asymmetric encryption. Public and private keys.


The process is as follows

1. The client uses a public key to encrypt the secret key // The secret key is the key for encrypting data 2. 3. The server uses the private key to decrypt and get the private key. // Now, both the client and the server have the private key

4. Client — Server // Encrypts data through the secret key. Both parties can encrypt data and decrypt data


How does the client get the public key? 1. The server generates public and private keys. 2

The flow chart

The following different flow charts, basically the same meaning


The digital certificate

Why must HTTPS have a digital certificate?

1. The server verifies the client certificate. 2

Both certificates are verified by the CA Center. If the center says it’s legal, it’s legal.


How to configure the server certificate? Tomcat, for example, can be configured in the Connector TAB.

What exactly does a digital certificate contain?

Save various secret keys. Symmetric key for encrypting data 2. Asymmetric key pair for encrypting secret keys, that is, public key and private key.

What security algorithms does HTTPS use?

The core has two 1. Encryption data algorithm // symmetric encryption algorithm 2. Encryption key algorithm // 1. Secret key refers to the secret key for encrypting data. 2. Encryption secret key is asymmetric encryption algorithm

One to secure the data, and one to secure the secret key that encrypts it.

reference

The art of Java encryption and decryption