I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Time:2022-5-5

preface

Hello, I’m Lin Sanxin,Speak the most difficult knowledge points in the most easy to understand wordsIt’s my motto,Foundation is the premise of advancedIs my first heart.

I’m sure you always talk to me HTTPS Dealing with, for exampleRequest interface, visit websitewait.. Then we will often think:

  • HTTPS What is it?
  • HTTPS What is the relationship with HTTP?
  • Why are all websites now HTTPS instead of HTTP And?

What is HTTPS?

HTTPS Actually HTTP + SSL/TLS , as for what is HTTP , this is not in the scope of our discussion today. What is it SSL/TLS And? ActuallySSL or TLS, bothEncryption security protocol, and SSL yes TLS The predecessor of, now most browsers do not support SSL It’s too late, so now TLS It is widely used, but because SSL It’s famous, so it’s a general term SSL/TLS 。 Then why use it HTTPS Ah, because HTTP It is plaintext transmission, unsafe, and HTTP + SSL/TLS Relatively safe, that is HTTPS Relatively safe

Symmetric encryption

What is it?

What is?Symmetric encryptionAnd? Let me give you an example. You chat with your girlfriend and don’t want others to know what you’re talking about, so you make an agreement with your girlfriend that the messages sent by both parties are in reverse order. After receiving each other’s messages, you need to reverse order to see the real messages:

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!
This so-calledappointmentIn fact, it is equivalent to the same weapon of both sideskey, only this onekeyIn order to know what the message sent between the two sides is, due to the differences between the two sideskeyIt’s the same, so it’s also calledSymmetric encryption

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Disadvantages?

At the beginning, the two sides must negotiate thisKey (secret key)What should it be like, and this process may be monitored by hackers. Once a third person knows thiskey, then your information can easily be cracked and forged by hackers. In this case, the other party may not receive your information and receive the information forged by hackers. For example, in the following example, what you send isHa ha ha ha ha haYes, they didHee hee

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Asymmetric encryption

Public and private keys

Now, on the server side, generate two keysKey a, key BAnd there is a connection between the two keys:Key aEncrypted things can only be usedKey BTo decrypt, and then the server sends thisKey aSend it to the client. Each time the client sends a message, it needs to be usedKey aEncrypt it and send it to the server for reuseKey BDecrypt and get the information sent by the client:

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Actually, here,Key anamelyPublic keyBecause both the client and the server know thatKey BnamelyPrivate key, because from beginning to end,Key BAll at the server, very safe

Asymmetric encryption

Asymmetric encryptionIs based onPublic key, private keyAn encryption method of,Asymmetric encryptionCompared toSymmetric encryptionStrong security, because hackers can only knowPublic keyAnd it’s impossible to knowPrivate key, andPublic keyEncrypted data can only be usedPrivate keyDecryption, so hackers stealPublic keyThe information sent by the client to the client cannot be decrypted

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

shortcoming

We just saidAsymmetric encryptionCompared toSymmetric encryptionStrong security, butAsymmetric encryptionThere are also shortcomings. As we said, the server was generated at the beginningPublic key, secret key, and thenPublic keyTo the client, andPrivate keyAlways on the server. So what are you doingPublic keyThe process passed to the client may be intercepted by hackers to obtain this informationPublic keyAnd the hacker faked itHacker version public key, hacker version private key, and putHacker version public keySend it to the client. The client is unaware of it. It is used when transmitting dataHacker version public keyEncrypt the data and send it. At this time, the hacker only needs to useHacker private keyDecrypt the information sent by the client and forge your ownHacker informationAnd use the originalPublic keyEncrypt and send it to the server, which will use the originalPrivate keyDecrypt and getHacker information

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

What kind of encryption is HTTPS?

actually HTTPS Is to useSymmetric encryption + asymmetric encryption, let’s keep looking down!

certificate

We just saidAsymmetric encryptionThere are also shortcomings. How to prevent this shortcoming? At this time, we need toCertification authority (CA)applycertificateYes

Composition of certificate

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

step

1. The server willPublic keyissueCertification authority, toCertification authorityApply for certificate

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

2、Certification authorityI have a couple myselfPublic key, secret key, usePublic keyEncrypted key1 At the same time, a web address is generated according to the server URLCertificate signature, and also useSecret keyEncrypt thisCertificate signature。 And made intocertificate, put thiscertificateSend to server

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

3. When the client communicates with the server, the server no longer directlyServer public keyTo the client, but justcertificatePass to client

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

4. When the client receivescertificateAfter that, we willcertificateIdentify the authenticity. Note in advance: today’s browsers store the names of major certification authorities and their corresponding public keys. So the client receivedcertificateAfter, you only need to find the corresponding from the browserInstitutional public key, yesCertificate signatureDecrypt, and then the client according to the decrypted dataSignature rules, generate one yourselfCertificate signature, if twoautographIf it is consistent, it shall be adopted. After passing, the client uses it againInstitutional public keyDecryptServer public key key1

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

5. The client generates one by itselfSymmetric key key2, and then use what you already haveServer public key key1yes key2 Encrypt and send it to the server. After receiving it, the server can use itServer secret keyDecrypt. At this time, both the client and the server haveSymmetric key key2

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

6. After that, the client and server pass throughSymmetric key key2To carry out symmetric encrypted communication, that is, back to the first scene before, you use it with your girlfriendReverse order algorithmMake encrypted calls, that’s allReverse order algorithmstaycertificateUnder the guarantee, it will not be known by third-party hackers, as long as you and your girlfriend, andCertification authorityKnow:

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Will the certificate be blocked?

In fact, even ifcertificateIt’s no use being intercepted becausecertificateMediumautographIt is generated according to the server URL and usesCertification authorityofSecret keyThe encryption cannot be tampered with. Or hackers directly create a fake certificate to send to the client, but it’s useless. After all, the browser has long maintained the legal certificateCertification authorityHackers are not in this collection~

SSL/TLS

I said before HTTPS = HTTP + SSL/TLS , and the above-mentioned series of operations take place inSSL layer

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Note: the newly launched TLS protocol is an upgraded version of SSL 3.0 protocol, and the general principle of SSL protocol is the same.

reference resources

epilogue

I’m Lin Sanxin, an enthusiastic front-end rookie programmer. If you are self-motivated, like the front end and want to learn from the front end, we can make friends and fish together. Ha ha, fish herd

I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!