The article directories

  • preface
  • What is Https?
    • What is the SSL
  • Important related concepts
    • 1. Symmetric encryption
    • 2. Asymmetric encryption
    • 3. Message summary
    • 4. Digital signature
    • Digital certificates
  • HTTPS Request Process
  • Difference between HTTP and HTTPS
  • conclusion
  • Write in the last

preface

The idea of “HTTPS = security” is so ingrained in most people’s minds at work and in their daily lives that many don’t even think they will be attacked. So is that true or not? So please take a look at this question below to get you wondering what problems Https solves and how it differs from HTTP

What is Https?

HTTPS (Hyper Text Transfer Protocol over SecureSocket Layer) is an HTTP channel aiming at security. Based on HTTP, HTTPS ensures transmission security through transmission encryption and identity authentication. HTTPS adds SSL layer to HTTP. The SECURITY of HTTPS is based on SSL. Therefore, SSL is required for encrypting details. HTTPS has a different default port from HTTP and an encryption/authentication layer.

What is the SSL

SSL encrypts the transmitted data so that a third party cannot “eavesdrop” the transmission and view the data being transferred. Only the user’s computer and server can identify the data.

SSL stores your name, address, and credit card information between you and the merchant that provides it. Without such encryption, personal information could be stolen by third parties when shopping online. When you visit a Web address that begins with “HTTPS,” the “s” after “HTTP” indicates that the site is secure, and these sites often use SSL certificates to verify their authenticity.

Important related concepts

1. Symmetric encryption

In the encryption method of single-key cryptosystem, the same key can be used to encrypt and decrypt information at the same time. This encryption method is called symmetric encryption, also called single-key encryption. In simple terms, plaintext encryption is solved by the same key (insecure, but more efficient than asymmetric encryption).

2. Asymmetric encryption

Asymmetric encryption algorithms require two keys: a publickey and a privatekey. The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt data. Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption. The basic process of asymmetric encryption algorithm to realize confidential information exchange is as follows: Party A generates a pair of keys and discloses the public key, and other roles (Party B) that need to send information to Party A use the key (Party A’s public key) to encrypt the confidential information and then send it to Party A. Party A then decrypts the encrypted information with its own private key. When Party A wants to reply to Party B, it does the opposite, using Party B’s public key to encrypt the data, and similarly, Party B uses its own private key to decrypt the data. On the other hand, Party A may use its private key to sign the confidential information and then send it to Party B. Party B then uses party A’s public key to check the data sent back by Party A. Party A can only use its private key to decrypt any information encrypted by its public key. Asymmetric encryption algorithms have better confidentiality, which eliminates the need for end users to exchange keys. The characteristics of asymmetric cryptography: the algorithm strength is complex, the security depends on the algorithm and the key, but because of the complexity of the algorithm, the encryption and decryption speed is not as fast as that of symmetric encryption and decryption. In symmetric cryptography, there is only one key, and it is not public. To decrypt it, the other party must know the key. Therefore, to ensure its security is to ensure the security of the key, and asymmetric key system has two kinds of key, one of which is public, so that there is no need to transmit the other party’s key like symmetric cipher. That’s a lot safer.

3. Message summary

A message digest is called a ciphertext message (irreversible) generated from a plaintext message by hashing algorithm

4. Digital signature

The CA secret key is used to encrypt the message digest information, and the generated content is called a digital signature

Digital certificates

The digital certificate is a combination of the digital signature, the public key of the server, and some other information (the expiration date of the current certificate, method authority, etc.) sent to the client

HTTPS Request Process

Difference between HTTP and HTTPS

By now, we know the difference between HTTPS and HTTP. The standard answer is the following. The differences between HTTPS and HTTP are as follows: 1. HTTPS requires a CA to apply for a certificate. 2. HTTP is a hypertext transmission protocol, and information is transmitted in plain text. HTTPS is a secure SSL encryption transmission protocol. 3. HTTP and HTTPS use completely different connections and use different ports, the former 80 and the latter 443. 4. HTTP connections are simple and stateless; HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. It is more secure than HTTP.

HTTPS improves security, but is inferior to HTTP in other aspects. 1. HTTPS handshake takes time to ensure security and consumes more CPU. 2. SSL certificates cost money, and more powerful certificates cost more. 4. SSL certificates usually need to be bound to IP addresses. Multiple domain names cannot be bound to the same IP address, because IPv4 resources cannot support such consumption. 5, HTTPS protocol encryption scope is relatively limited, in hacker attacks, denial of service attacks, server hijacking and other aspects of almost no role.

conclusion

HTTPS: an HTTP channel that aims at security. In short, it is the secure version of HTTP, that is, ADDING SSL layer under HTTP. The SECURITY foundation of HTTPS is SSL, so SSL is required for encrypting details. The HTTPS protocol has two main functions. One is to establish an information security channel to ensure the security of data transmission. Another is to verify the authenticity of the site.

Write in the last

Welcome to follow my wechat public account [Village of apes] to talk about Java interview and my wechat for further communication and learning, wechat mobile search [codeyuanzhicunup] to add if there are related technical questions, welcome to leave a message to discuss, the public account is mainly used for technology sharing, Including often meet test analysis, as well as source code interpretation, micro service framework, technology hot spots.