Shulou(Shulou.com)06/02 Report--

This article mainly explains the principle and process of Https. The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn the principle and process of Https.

Two interactions, three keys.

First interaction: the real secret key used for communication with asymmetrically encrypted public and private keys

Second interaction: encrypted communication with real secret key

Details are as follows:

Three keys are involved in the transmission of HTTPS:

Server-side public and private keys for asymmetric encryption

A random key generated by the client for symmetric encryption

An HTTPS request actually contains two HTTP transmissions, which can be subdivided into eight steps.

1. The client initiates a HTTPS request to the server and connects to port 443 of the server

two。 The server side has a key pair, namely the public key and the private key, which are used for asymmetric encryption. The server side keeps the private key, which cannot be disclosed, and the public key can be sent to anyone.

3. The server sends its own public key to the client.

4. After receiving the public key of the server, the client will check the public key to verify its validity. If it is found that there is something wrong with the public key, then the HTTPS transmission cannot continue. Strictly speaking, this should be to verify the legitimacy of the digital certificate sent by the server. The following will explain how the client verifies the legitimacy of the digital certificate. If the public key is qualified, the client generates a random value, which is the key used for symmetric encryption. We call this key client key, that is, the client key, which is conceptually easy to distinguish from the server-side key. The client key is then asymmetrically encrypted with the server's public key, so that the client key becomes ciphertext, and the first HTTP request in HTTPS ends.

5. The client initiates a second HTTP request in HTTPS and sends the encrypted client key to the server.

6. After receiving the ciphertext from the client, the server will asymmetrically decrypt it with its own private key, and the plaintext after decryption is the client key, and then use the client key to symmetrically encrypt the data, so that the data becomes the ciphertext.

7. The server then sends the encrypted ciphertext to the client.

8. The client receives the ciphertext sent by the server and decrypts it symmetrically with the client key to get the data sent by the server. Thus the second HTTP request in the HTTPS ends and the entire HTTPS transfer is complete.

Thank you for your reading, the above is the content of "the principle and process of Https". After the study of this article, I believe you have a deeper understanding of the principle and process of Https, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.