Shulou(Shulou.com)06/02 Report--

HTTPS is a security mechanism adopted to ensure the security of server and client communication on the network, so what are the insecure factors in the Internet communication scenarios with high security requirements?

Whether the server requested by the client is trustworthy, such as landing on Alipay or other bank pages for payment operations, we must make sure that the site is official and secure. This piece is authenticated by digital certificates with asymmetric encryption, as detailed below.

Whether the communication process is secure, rather than camouflage the server side. At this point, a key and a symmetric encryption algorithm are needed to guarantee it.

How to confirm that the server is indeed the one mentioned in the certificate when the client authenticates the server for the first time. Asymmetric encryption algorithms such as RCA are used here, which are described in detail below.

All right, after understanding this, let's get to the point. First of all, let's give the composition of a digital certificate as follows:

HTTPS implementation process (C on the client and S on the server):

S initiates a request to C

S sends the certificate to C after receiving it.

C will look for whether the certificate authority is trusted on the local computer according to the certificate authority mentioned in the certificate, and if so, decrypt the fingerprint and fingerprint algorithm in the certificate according to the public key of the certificate authority recorded on the local computer, and calculate the plaintext in the certificate according to the fingerprint algorithm, and finally compare the fingerprint with the fingerprint in the certificate Consistency proves that the company is certified by a certification authority to be secure.

Then C randomly generates a string and calculates its hash value, and then sends only the plaintext of the string to S

When S receives it, it calculates the string hash value and encrypts it with its own private key, then sends it back to C

C receives it and decrypts it with the public key to get a hash value. Compared with the hash value obtained in step 4, the same indicates that the company is indeed the company mentioned in the certificate.

After confirmation, C will generate a key and a symmetric encryption algorithm, encrypt it with the public key in the certificate and send it to S

After receiving it, S decrypts the encryption algorithm and key with its own private key, and then the communication between S and C is completed by this key and encryption algorithm. The HTTPS communication process is complete at this point.

Note: there are two asymmetric encryption and one symmetric encryption mentioned in the above process, pay attention to the distinction. For more information, please see http://www.cnblogs.com/JeffreySun/archive/2010/06/24/1627247.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.