1. from HTTP Speaking of
Speaking of HTTP request , We make these requests almost every day , For example, we type in http://www.baidu.com when , Is to send a message to Baidu's server http request , And Baidu's server will also give us a response to the request . Another example is , We're in a login scenario , enter one user name ="123", password ="666666", Then press the login button , here http The request will be submitted to the server with the user name and password , Then the server starts from the http The user name, password and other information are extracted from the request message .
Obviously ,http There is a serious problem with requests ,http The protocol transmits plaintext , If there's one in the middle *** The request was intercepted , We intercepted our data , Can see our user name and password clearly , In this way, private data is very easy to leak out .
therefore , It's easy for us to think , We can solve this problem by encrypting the data ！ That leads to our theme today ：HTTPS, therefore , With the scene below .
It can be seen that ,*** Even if we intercept the data we requested , What he saw was just a bunch of random code , I don't know what it is , therefore ,HTTPS It's a protocol that encrypts data and then transmits it .
2.HTTP and HTTPS Comparison of
You can see from the above picture that ,HTTP and HTTPS The bottom layer of the protocol is based on TCP The agreement , It's just HTTPS There's an extra layer in the middle of the agreement SSL perhaps TLS, therefore , It's simple ,HTTPS Namely HTTP The agreement adds SSL/TLS.TLS yes SSL Upgraded version , They are all used for encrypted connections .
3. Symmetric encryption
characteristic ： Encrypt data with a key , Use the same key to decrypt the data . First of all, users need to give their own key to the server , Users use this key to encrypt data , Then the server will take the same key to decrypt the data sent by the user later .
that , What's wrong with such an encryption algorithm ？ First , If the user has the same key , My key can decode your data , Your key can decrypt my data , such , Users with ulterior motives can intercept and crack your data , therefore , Each user must have his own key , Then each user's key should be sent to the server first , It has a 5000 Ten thousand user servers have 5000 Ten thousand keys , This obviously adds too much load to the server , This is obviously not in line with our needs ; secondly , If the client sends the key to the server for the first time , This transmission is in clear text ,*** Now our key is intercepted in the middle , The next data *** You can crack it, too , This is obviously not in line with our needs . however , This encryption method needs less computation , The speed of encryption and decryption is relatively fast , Suitable for encrypting large data . Okay , Finish with symmetric encryption , We know that symmetric encryption has some disadvantages , This leads to a second way of encryption , It's asymmetric encryption .
4. Asymmetric encryption
characteristic ： There is a public key and a private key , Public key encryption can only decrypt private key , Private key encryption can only be decrypted by public key . Because decryption and encryption use different keys , So it's called asymmetric encryption . The public key and private key are on the server , The public key can be transmitted freely , The private key will never be exposed , Data transmission is secure .
Said so many abstract things , Let's take a concrete example .
First, the server sends the public key to the client , After getting the public key, the client encrypts the data , Then the client sends the encrypted data to the server , After receiving the encrypted data, the server uses the private key to decrypt the data .
At the moment ,*** Even if you get the public key and the encrypted data , There's no way to decrypt it , Because the data encrypted by public key cannot be solved by public key , Only the private key can solve .
Although the data transmission in this encryption mode is safe , But it's a lot of calculation , Encryption and decryption are slow .
that , Is there a way to encrypt and decrypt fast , And the data transmission is secure ？ According to the advantages of symmetric encryption and asymmetric encryption , So it was born HTTPS Encryption method of , Let's take a look HTTPS encryption 、 Decryption and verification process .
5.HTTPS encryption 、 Decryption and verification process
Suppose the server has a public key 777 And a private key 888, First , The browser sends out a https request , Such as https://www.baidu.com, The server responds to the request , Return to one SSL Digital certificate to client ,SSL The digital certificate includes the public key and the identity information of the server , Client received SSL After the digital certificate , Verify that the digital certificate is valid , If it doesn't work , The browser will issue an unsafe warning , If it works , It will be a random code, such as 6666, Then use the public key 777 Encrypt this random code , Then transmit the encrypted random code to the server , The server uses the private key 888 To decrypt , Get the client's random code as 6666, The above process is what we call asymmetric encryption . here , Both the client and the server have the random code 6666, then , Put this random code 6666 Used as a key for symmetric encryption , Use the key 6666 Yes userName and passWord The information is encrypted , Send to server side , The server side also uses the same key 6666 Decrypt data , Finally get userName and passWord Information about . The above is the whole HTTPS encryption 、 Decryption and verification process .
This paper starts from HTTP Insecurity leads to HTTPS,HTTPS Is in the HTTP A layer has been added on the basis of SSL Encryption protocol for , And then it goes on to talk about two different encryption methods , They are symmetric encryption and asymmetric encryption , Then it tells the difference between the two and their respective advantages and disadvantages ,HTTPS It combines two encryption methods , Last , Gives the complete HTTPS encryption 、 Decryption and verification process .