HTTPS communication principle
Https is an Http channel based on security purposes, and its security foundation is guaranteed by the SSL layer. Originally developed by netscape, it mainly provides identity authentication and encrypted communication methods for both communication parties. It is now widely used in security-sensitive communications on the Internet.
We all know that HTTPS can encrypt information to prevent sensitive information from being obtained by third parties. Therefore, many services with high security levels such as banking websites or e-mails will use the HTTPS protocol.
Introduction to HTTPS
HTTPS actually consists of two parts: HTTP + SSL / TLS, that is, a module for processing encrypted information is added on top of HTTP. The information transmission of the server and the client will be encrypted by TLS, so the transmitted data is all encrypted data. Specifically, how to encrypt, decrypt, and verify, and see the figure below.
1. The client initiates an HTTPS request
There is nothing to say about this, that is, the user enters an https URL in the browser, and then connects to port 443 of the server.
2. Server configuration
A server using the HTTPS protocol must have a set of digital certificates, which can be made by oneself or applied to the organization. The difference is that the certificate issued by itself needs to be verified by the client before you can continue to visit, while the certificate applied by a trusted company will not pop up a prompt page (startssl is a good choice, with 1 year of free service). This set of certificates is actually a pair of public and private keys. If you don’t understand the public key and private key, you can imagine it as a key and a lock, but you are the only one in the world who has this key, you can give the lock to others, and others can use this lock to lock important things Lock it and send it to you, because only you have this key, so only you can see what is locked by this lock.
3. Transmission certificate
This certificate is actually a public key, but it contains a lot of information, such as the issuing authority of the certificate, expiration time, and so on.
4. The client parses the certificate
This part of the work is done by the client's TLS. First, it will verify whether the public key is valid, such as the issuing authority, expiration time, etc. If an exception is found, a warning box will pop up, indicating that there is a problem with the certificate. If there is no problem with the certificate, then a random value is generated. This random value is then encrypted with the certificate. As mentioned above, lock the random value with a lock, so that unless you have a key, you cannot see the locked content.
5. Send encrypted information
This part transmits the random value encrypted with the certificate. The purpose is to let the server get this random value. In the future, the communication between the client and the server can be encrypted and decrypted through this random value.
6. Service segment decryption information
After decrypting with the private key, the server obtains the random value (private key) sent by the client, and then encrypts the content symmetrically with this value. The so-called symmetric encryption is to mix the information and the private key together through a certain algorithm, so that unless the private key is known, the content cannot be obtained, and both the client and the server know the private key, so as long as the encryption algorithm is strong enough, The private key is complex enough, and the data is safe enough.
7. Transmission of encrypted information
This part of information is the information encrypted by the private key of the service segment, which can be restored on the client side
8. The client decrypts the information
The client uses the previously generated private key to decrypt the information sent by the service segment, and then obtains the decrypted content. Even if a third party monitors the data during the whole process, there is nothing they can do.
Thanks for reading, I hope it can help everyone, thank you for your support to this site!