❝

I’m going to use an easy to understand text to illustrate HTTPS, a small white one may be a little bit lacking in some places please understand >x<

❞

Why you need HTTPS

HTTP packets are sent in plaintext (unencrypted packets)
The defects of HTTP plaintext protocol are important reasons for data leakage, data tampering, traffic hijacking, phishing attacks and other security problems
In particular, every link of plaintext transmission, data are likely to be a third party to steal or tamper with, specifically, the HTTP data through TCP layer, and then through the WIFI router, operators, and the target server, can be an intermediary in the link to get the data and tampered with, namely we often say the middle attack.

❝

HTTPS is not a new protocol, but an enhanced version of HTTP. The principle is to establish an intermediate layer between HTTP and TCP, when HTTP and TCP communication is not as direct as before, directly through an intermediate layer for encryption, the encrypted packets to TCP, response, TCP must decrypt the packets, to the above HTTP. This middle layer is also called the security layer. The core of the security layer is data encryption and decryption.

❞

This security layer is SSL/TLS

Symmetric and asymmetric encryption

“You need to understand the concepts of symmetric and asymmetric encryption first, and then when you extend it to the entire encryption process“

Symmetric encryption

“Encryption and decryption using the same key encryption technology“

The process of encryption and decryption

Symmetric encryption problem

The hacker intercepts, encrypts one and sends it back to you without you knowing

Asymmetric encryption

“Asymmetric encryption is also known as public-key encryption, which uses different keys to communicate“

If both A and B keys are used, only B can be used to decrypt the packets encrypted with A, and otherwise, only A can be used to decrypt the packets encrypted with B.

The process of encryption and decryption

Security issues resolved the visual client cannot be decrypted without a private key

Symmetric + asymmetric encryption

The client requests the server
Server to KEY1 to client The client uses symmetric encryption to place key2 in key1
Key1 requires the key to be unlocked if no one else can open it and sent to the server
The server uses the private key to unlock access to key2. Key2 is symmetrically encrypted to decrypt key2
Because the first time key2 is encrypted by KEY1, it is not visible, both sides have the key, others can not obtain, the subsequent transmission of direct transmission of the public key KEY2, the client and server can use the same session secret key for encryption and decryption, thus their communication and security are guaranteed “Hacker: You think you’re the only ones making progress?“

Mixed encryption issues

The hacker intercepts and generates asymmetric encryption on his own

❝

In order to solve this problem, there is a body, the CA certificate Authority

❞

CA Certificate authority

“To solve the main problem, the client cannot confirm that the received public key is really from the server“

A certificate issued by a CA (an authoritative certification body) that contains information that identifies you, similar to our id card.
“The server must proactively provide its information and public key to the CA for issuing a digital certificate“

“Certificates are used for data encryption and identity authentication, which refers to the Web browser and Web server“

Digital certificate + hybrid encryption process

❝

Client requests –> server receives –> server returns a digital certificate to client –> client authenticates the certificate –> client generates a symmetrically encrypted random Key and encrypts it with the public Key –> To server –> server decrypts the random Key with its private Key –> The Key is used to encrypt subsequent transmission

❞

The last step symmetric encryption know whether there is no wrong understanding, if there is a problem please god guidance

Addendum: How do I verify a digital certificate?

The client hashes the plaintext information of the digital certificate to obtain the digest
The CA public key is then used to decrypt the digital signature and retrieve the hash encrypted digest inside
- The CA public key is public and anyone can get it to compare whether the two abstracts are the same and verify the validity
Verify the validity period of the digital certificate
- Is it in the CRL
- Whether its superior certificate is valid or not is a recursive process until it is validated to the root certificate

❝

I hope I can help you out here

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

HTTPS encryption process parsing

Why you need HTTPS

Symmetric and asymmetric encryption

Symmetric encryption

The process of encryption and decryption

Symmetric encryption problem

Asymmetric encryption

The process of encryption and decryption

Symmetric + asymmetric encryption

Mixed encryption issues

CA Certificate authority

Digital certificate + hybrid encryption process

Addendum: How do I verify a digital certificate?

HTTPS encryption process parsing

Why you need HTTPS

Symmetric and asymmetric encryption

Symmetric encryption

The process of encryption and decryption

Symmetric encryption problem

Asymmetric encryption

The process of encryption and decryption

Symmetric + asymmetric encryption

Mixed encryption issues

CA Certificate authority

Digital certificate + hybrid encryption process

Addendum: How do I verify a digital certificate?

Related Posts

Why don’t you want to do Java? Why is it so hard to interview Java after 6 years of experience and 10 minutes

Write the application scenario of CSS “Content” to yourself

Vite + typesctipt+ MockJS build mock environments