HTTPS provides secure web traffic

HTTPS provides secure web traffic
1. Principle part:
1) Understand the encryption algorithm:
Classification of cryptographic algorithms: symmetric and Asymmetric encryption
A. Symmetric encryption: Encryption and decryption using the same key, the advantage is fast, the disadvantage is that the key sharing difficulties. The typical symmetric encryption algorithm has
Des/aes/rc5/3des and so on.
B. Asymmetric encryption: Generate a secret pair (public and private), the encryption process can be private key encryption public key decryption, or it can be public key encryption private key decryption;
In case the private key is saved by the server, the public key is shared with the client, in the way of public and private solution. It is characterized by the inability to get a public key or a private key
The other half of the key pair, which guarantees the security of the key. The disadvantage is that encryption is extremely slow and is not suitable for encrypting traffic with large amounts of data. The typical asymmetric encryption algorithm has
Rsa/dsa.
How do I choose an encryption algorithm?
If symmetric encryption is selected, the password sharing (transfer) process is unsafe, and if asymmetric encryption is selected, the encryption is slow.
A perfect solution:
The symmetric encryption key is used to encrypt the data, the user asymmetric encryption to protect the symmetric encryption key, to achieve fast and secure data encryption. Ensures the privacy of the data
Of

2) Certificate Server: CA
In the above scenario, there is a problem: how to confirm that the public key is shared (transmitted) by the owner of the real key. The solution to this problem is the certificate recognition
The CA server provides certificate authentication services.
The process of certificate authentication:
A. The server generates a key pair (public and private) and authentication requests,
The b.ca server issues a root certificate for the server based on the authentication request.
C. The server obtains the root certificate and shares it to the client, and the client imports the root certificate.
D. During communication, the client confirms the legitimacy of the public key based on the root certificate.
The Certificate Server is divided into: Public certificate servers (such as Microsoft, Google, etc.) and the enterprise self-built private Certificate Server (OpenSSL implementation). Certificate authentication Server
Data are not denied.

3) Digital Signature: HASH
In the above scenario, there is still a problem: there is no way to judge the integrity of the data in transit (whether it has been tampered with).
Typical hash algorithm: md5,sha1,sha256,sha512 and so on.

The server uses a hash algorithm to hash out the data to be transferred, and the number is published, the data is transferred from the server to the client,
The client calculates the hash value using the same hash algorithm, and if it is consistent with the digital signature published by the server, the data is not tampered with and vice versa. This will guarantee the
The integrity of the data.

4) Understand how HTTPS works:
HTTPS (hypertext Transfer Protocol over Secure Socket Layer), SSL is added under HTTP, and the port defaults to 443.
SSL: Secure Sockets Layer, which is designed primarily for secure transmission by Netscape company.
HTTPS Communication process:
A. The client requests an HTTPS link (implemented via https://), and the server returns the certificate (carrying the public key, the issuing authority of the certificate, selecting a set of cryptographic algorithms and the hash algorithm, and so on) to the client.
B. After the client receives the certificate: verifies the validity of the certificate, generates a random password (using a negotiated symmetric encryption algorithm) and uses public key cryptography, uses the contract hash to calculate the handshake message and encrypts the message using a random password.
C. The client sends a random password encrypted by the public key and a hash digital signature encrypted by a random password to the server.
D. Server (website) after receiving a random password and digital signature: decryption with the private key to obtain a random password, with a random password decryption to obtain a digital signature, with a digital signature to verify the integrity of the handshake message. And encrypt a handshake message to the client (browser) using a random password.
E. The browser decrypts the handshake and calculates the handshake hash to ensure the integrity of the data. The subsequent communication data is encrypted using a random password (symmetric algorithm).

2.

This article is from the "Concealing delicated" blog, be sure to keep this source http://stlong.blog.51cto.com/5144113/1730771

HTTPS provides secure web traffic