Small knowledge, big challenge! This article is participating in the creation of essential knowledge for programmers.

preface

Recently, I was reading the book “Diagrams OF HTTP” and liked the cartoonish interpretation of the book very much. I also wondered if I could translate some obscure and abstract knowledge into some simple and intuitive examples to help newcomers quickly understand some knowledge points, so I came up with this article.

This article aims to help newcomers quickly understand the functions and functions of HTTPS. You can search for more detailed knowledge points by yourself.

The disadvantage of HTTP

First, let’s talk about the shortcomings of HTTP. HTTPS is used because HTTP communication is in plain text and can easily be eavesdropped on. And the communication will not verify the identity of the other party, with anyone can talk to belong to ~

What’s more, there are even tampering with the content. For example, if you post white information to others, it will be changed to “go to bed early and have a good night” for someone with different intentions.

These are the shortcomings of HTTP, so to address these shortcomings, people have come up with a lot of encryption authentication and integrity protection measures, HTTP upgrade to HTTPS (not only iPhone, protocol upgrade also add s).

Symmetric encryption

Introduction to the

Symmetric encryption, symmetric encryption is the use of a public encryption algorithm, and then decrypted by the key. The key is confidential. Because we use this key to encrypt and decrypt it is called symmetric encryption also known as shared key encryption

For example,

For example, the data in HTTP is a pile of gold. For example, you and I are a small bank and a big bank. The small bank and the big bank need to carry out a mutual flow of gold. I want the gold to be transported without someone snatching it.

Symmetric encryption is putting my gold in the safe and setting a password that can be used to lock and unlock the safe. The safe was transferred along with a coded piece of paper as banks and banks sent gold to each other

But then the question arises: what if someone steals my note? I’m just pulling my pants off and farting. If I can safely transmit the coded note, why don’t you keep the gold in a safe deposit box? Just ship the gold safely! That’s the downside of symmetric encryption.

Asymmetric encryption

Introduction to the

Asymmetric encryption is also known as a public key, which uses an asymmetric pair of keys, called a private key and a public key. The public key is used for encryption and the private key for decryption.

For example,

The specific application is, our gold safe changed a mechanism, we can use a string of passwords to lock, and then we each according to the password with a key, a string of passwords corresponding to a key, the key can only be used to unlock our agreed password of the safe.

When banks of all sizes need to carry out gold transportation, I will first ask one of my boys to bring back your password slip. When I give you the safe, I will lock it according to your password and then give you the slip with my password.

When you get the safe, use your key to unlock it and take out the gold. If you need to send the gold to me, encrypt it with the code on the slip I gave you, so that I can unlock it with my key when I get the gold. And we wouldn’t be afraid to let someone know the safe code, because if we did, we wouldn’t have the key to unlock it.

HTTPS uses a hybrid encryption mechanism

Introduction to the

HTTPS uses both shared key encryption and public key encryption, that is, symmetric and asymmetric. Why do you do that? Because public key encryption is relatively secure, but the processing speed is slow. The shared key processing speed is relatively fast.

For example,

Or safe, although we can set a password and match a corresponding key, but our key is a little rusty, it is slow to open the safe and take out the gold, if we have to turn the key to open the lock every time we transport the gold, it will affect the efficiency.

Well, when I first shipped you gold, I encrypted the safe with a code, and then I put the code slip in, and you got the safe and you unlocked it with the key, and you took out the gold and the code slip. That’s when we can be sure no one else knows the code, because it was in the safe the whole time.

So let’s change the mechanism of the safe, so that it can not only be locked with the password, but also unlock with the password, so that we only need to use the key to unlock the first time to ensure the security of the transport of the password paper, and then use the password to unlock, then our gold flow efficiency will be high, but also can ensure security.

A certificate certifying the correctness of a public key

Public-key encryption, there are still some problems continue to use the above example, if I want gold for big Banks, big Banks have to tell me what’s his password, otherwise I can’t locked, so I sent a little brother asked in the past, but in the way of asking for robbers kidnapped, he gave a fake password note to the younger brother, tell him to bring back the password note. After the boy brought the note back to me, I used a fake code to lock it, so the robber just needed to take my safe when I was transporting the gold and could open the lock with his key and take the gold.

So we had to find a way to determine whether the note my younger brother brought back belonged to a big bank. At this time, our digital certificate Certification Authority (CA) emerged. Ca is a third-party certification organization in our setting, and we recognize the integrity of this organization.

How can this organization help us? First, the big bank submits a set of passwords and a key to the certification body. Once the certification body determines that you are a big bank, it gives you a locked safe (a public key certificate). This small safe also has a key and a set of passwords. Slip the big bank code slip into the small safe.

When my little brother first went to get a pin slip from a big bank, if he came back with a small safe and a pin slip. Then use the password on the small piece of paper to open the small safe, if the password is correct can be opened to show that the small safe is a small safe of the certification organization, we can put inside the password of the big bank small paper out, used to encrypt their own safe. The process continues!

Built-in browser public key

Then we have another problem. What if the password of the certification body is robbed? The robber could have made his own little safe. Don’t worry, our browsers already have public keys for common authentication authorities built in. That is, everyone who opens a small bank has several password slips corresponding to the small safe deposit box of several authentication organizations in advance, so that when obtaining the small safe deposit box for the first time, there is no need to transport the small paper with the password. Just use what we have!

conclusion

The above content is my own imagination in the learning process of the example, at the beginning of my own very difficult, I hope that after reading the above content in more in-depth learning can reduce the difficulty. If there is any misunderstanding, please point it out in the comments section.

Here is front-end newcomer Oil Oyo, recently holding a summary of a super article related to UNIAPP, welcome to pay attention to me, we grow together!