Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you about why https can ensure security. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

The http transmission is as follows:

At this time, the information is transmitted in clear text, and if the information is intercepted, the contents can be seen, which is extremely unsafe.

Then you need to encrypt the content, as follows:

The browser generates a secret key

The browser requests a public key from the server

The server sends its public key to the browser

The browser receives the public key sent by the server and uses the public key to encrypt the randomly generated symmetric key and send it to the server.

The server receives the data sent by the browser and uses its own private key to get the symmetric encryption key.

Finally, browsers and servers can use symmetric keys to encrypt content for communication

However, this scheme will still have security risks. Between the third step and the fourth step, if its public key is obtained by a middleman, the browser uses the public key of the middleman to encrypt the symmetric key and sends it to the server, and the middleman intercepts the data again. Get the symmetric key. The content of the data is snooped without the knowledge of both the browser and the server.

The crux of the problem is that the third-step browser cannot get the legitimacy of the source of the public key, which requires a digital certificate. This is https's solution.

The server sends only the public key, but sends a digital certificate containing the public key.

Digital certificates are issued by third-party institutions, and browsers have maintained all well-known third-party institutions.

How does the browser determine the legitimacy of the public key?

When receiving a digital certificate, check the validity period of the certificate

According to the name of the third party of the digital certificate, find the corresponding public key, decrypt the digital signature, and get the hash2.

According to the server URL and other information, use the signature algorithm to generate hash3

If hash2 is equal to hash3, then the public key is legal

Knowledge of public and private keys

The public key and private key are a pair of keys that can be decrypted from each other. Use public key encryption and private key decryption. Can effectively ensure the security of the data. However, if you use private key encryption and public key decryption, you can determine the legitimacy of the source. Because only knowing the private key can we encrypt, if we can use the public key to decrypt the normal content (whether the content is correct is to compare hash2 and hash3), then the other party must be the host with the private key, and the private key is issued to the server by a third party, this is the digital signature.

OSI seventh floor

Physical layer-> data Link layer-> Network layer-> Transport layer-> session layer-> presentation layer-> Application layer

The ssl of https is between the transport layer and the application layer.

The above is why the https shared by the editor can ensure security. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.