I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!

Sunshine_ Lin 2022-01-27 06:06:32 阅读数:326

drew pictures spoke https easy


Hello everyone , I'm Lin Sanxin , Speak the most difficult knowledge points in the most easy to understand words It's my motto , Foundation is the premise of advanced It's my first heart .

I believe you must often talk to HTTPS Dealing with , such as Request interface 、 Visit website wait .. Then we will often think :

  • HTTPS What is it ?
  • HTTPS Follow HTTP What is the relationship ?
  • Why are all websites now HTTPS instead of HTTP Well ?

HTTPS What is it ?

HTTPS In fact, that is HTTP + SSL/TLS , As for what is HTTP , This is beyond the scope of our discussion today , And what is SSL/TLS Well ? In fact, that is SSL or TLS , These are both Encryption security protocol , and SSL yes TLS The forerunner of , Now most browsers don't support SSL 了 , So now TLS It is widely used , But because SSL Well known , So it's still a general term SSL/TLS . Then why use it HTTPS ah , because HTTP It's plaintext transmission , unsafe , and HTTP + SSL/TLS To compare safety , That is to say HTTPS To compare safety

Symmetric encryption

What is it? ?

What is? Symmetric encryption Well ? Let me give you an example , You talk to your girlfriend , Don't want others to know what you're talking about , So you made an appointment with your girlfriend : The messages sent by both parties are in reverse order , After receiving the other party's message , You need to reverse the order to see the real news :

 screenshots 2021-12-15 Afternoon 9.34.27.png
This so-called Appointment , In fact, it is equivalent to the same... Of both sides The key , Only this one The key To know what the message sent between the two sides is , Because of the cooperation of both sides The key It's the same , So it's also called Symmetric encryption

 screenshots 2021-12-15 Afternoon 9.41.55.png

shortcoming ?

In limine , The two sides must negotiate this The key ( Secret key ) What should it look like , And this process may be monitored by hackers , Once a third person knows this The key , So your information , It's easy to be hacked halfway , And falsify information , In this case , Then the other party may not receive your information , Received information forged by hackers , For example, the following example , What did you send Ha ha ha ha ha ha , The other party did receive Xi xi xi

 screenshots 2021-12-15 Afternoon 9.53.02.png

Asymmetric encryption

Public and private keys

Now? , On the server , Generate two keys The key A、 The key B , And there is a connection between the two keys : The key A Encrypted things can only be used The key B To decrypt , Then the server puts this The key A Send to client , Every time the client sends a message, it needs to use The key A To encrypt , Then send it to the server , The server uses The key B To decrypt , Get the information sent by the client :

 screenshots 2021-12-15 Afternoon 9.53.02.png

Actually here , The key A Namely Public key , Because the client 、 The server knows , and The key B Namely Private key , Because from beginning to end , The key B All at the server , Very safe

Asymmetric encryption

Asymmetric encryption Is based on Public key 、 Private key An encryption method of , Asymmetric encryption Compared with Symmetric encryption Strong security , Because hackers can only know Public key , And it's impossible to know Private key , and Public key Encrypted data can only be used Private key Decrypt , So hackers steal Public key The information sent by the client to the client cannot be decrypted after

 screenshots 2021-12-15 Afternoon 10.46.41.png


We just said Asymmetric encryption Compared with Symmetric encryption Strong security , but Asymmetric encryption There are also shortcomings . We said , At the beginning, the server generated Public key 、 Secret key , And then put Public key Send to client , and Private key Always on the server side . So I'm putting Public key The process of transmitting to the client , May be intercepted by hackers to get this Public key , And the hacker forged Hacker version of public key 、 Hacker private key , And the Hacker version of public key Send to client , The client is unaware , When transmitting data Hacker version of public key Encrypt data and send , At this point, the hacker only needs to use Hacker private key Decrypt the information sent by the client , And forge your own Hacker information , And use the original Public key encryption , Then send it to the server , The server can reuse the original Private key To decrypt , obtain Hacker information


HTTPS What kind of encryption ?

Actually HTTPS It's using Symmetric encryption + Asymmetric encryption , Let's keep looking down !


We just said Asymmetric encryption There are also shortcomings , So how to prevent this shortcoming ? At this time, we need to Certification authority (CA) apply certificate

Composition of certificate



1、 The server will Public key issue Certification authority , towards Certification authority Apply for a certificate


2、 Certification authority I also have a pair of Public key 、 Secret key , Use Public key Encrypted key1 , At the same time, according to the server URL, a Certificate signature , And also use Secret key Encrypt this Certificate signature . And make it into certificate , Put this certificate Send it to the server


3、 When the client communicates with the server , The server is no longer directly Server public key Pass it to the client , But just certificate Pass it to the client


4、 When the client receives certificate after , It will certificate Identify the true and false . Explain it in advance : Today's browsers store the names of major certification authorities and their corresponding public keys . So the client received certificate after , Just find the corresponding... From the browser Institutional public key , Yes Certificate signature To decrypt , Then the client will decrypt the data according to this Signature rules , Generate one yourself Certificate signature , If two Signature Agreement , Through . After passing , The client uses again Institutional public key Decrypt out Server public key key1


5、 The client generates a Symmetric key key2 , Then use what you already have Server public key key1 Yes key2 To encrypt , And send it to the server , After the server receives it , Use Server secret key To decrypt , This is the time , Both client and server have Symmetric key key2


6、 From then on , The client and server pass Symmetric key key2 For symmetric encrypted communication , That is to return to the first scene before , You use... With your girlfriend Reverse order algorithm Make encrypted calls , It's just this Reverse order algorithm stay certificate Under the guarantee of , Will not be known by third-party hackers , As long as you and your girlfriend , as well as Certification authority know :

 screenshots 2021-12-15 Afternoon 9.41.55.png

Will the certificate be blocked ?

Actually even if certificate It's no use being intercepted , because certificate Medium Signature It is generated according to the server URL , And the use of Certification authority Of Secret key Encrypted , It can't be tampered with . Or the hacker directly creates a fake certificate and sends it to the client , But it's useless , After all, browsers have long maintained legal Certification authority A collection of , Hackers are not in this collection ~


Said before the HTTPS = HTTP + SSL/TLS , And the series of operations mentioned above , It happened in SSL layer


notes : The latest TLS agreement , yes SSL 3.0 An upgraded version of the agreement , and SSL The general principle of the protocol is the same .

Reference resources


I'm Lin Sanxin , An enthusiastic front-end rookie programmer . If you make progress , Like the front , Want to learn the front end , Then we can make friends , Fish together, ha ha , Fish schools


copyright:author[Sunshine_ Lin],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/01/202201270606240889.html