Although many websites now use HTTP and HTTPS, everyone strongly advocates the use of the more secure HTTPS. Today we will learn how HTTPS ensures the security of data transmission.Why is HTTP insecure?HTTP is essentially a TCP connection, but the protocol stipulates the use of port 80 and the format of sending commands or data, and TCP itself has no encryption function. What is fatal is that during HTTP data transmission, the data is transmitted in clear text. Since the data is not encrypted, it is easy to have unsafe behaviors such as data eavesdropping, tampering, or identity forgery. Is there any way to optimize it? Модуль питанияSince it is not safe to use plaintext for data transmission, we can try to encrypt the data. For example, the two parties in communication can agree on an algorithm. First, the data to be sent is encrypted according to certain rules, and then the other party decrypts the message according to the same rules after receiving the message. This is the embodiment of symmetric encryption.The so-called symmetric encryption means that the original text and cipher text can be encrypted and decrypted with the same key, that is, the same key is used to encrypt the original text to obtain the cipher text or decrypt the cipher text to obtain the original text. The advantage is that the encryption and decryption efficiency is high.But there is a key point in using symmetric encryption, that is, the symmetric key, how should it be determined? In HTTP requests, encryption key negotiation is still a difficult problem.How does HTTPS ensure data security?Data is encrypted during HTTPS data transmission. HTTPS uses symmetric encryption and asymmetric encryption, signature algorithm (signature algorithm is not used for encryption) and certificate mechanism to process messages to achieve a safe and effective transmission.HTTPS is based on the upper layer of HTTP with a security layer called TLS added. Operations such as data encryption are processed in this security layer, and the bottom layer is still the application HTTP. HTTPS communication first uses asymmetric encryption for key negotiation, negotiates a symmetric encryption key, and then uses this symmetric key for symmetric encrypted ciphertext transmission. Because the algorithm of asymmetric encryption is extremely complex, the decryption efficiency is low, while the efficiency of symmetric encryption is obviously a hundred times higher.As we mentioned above, using the same key to encrypt and decrypt plaintext belongs to symmetric encryption. So what about asymmetric encryption?asymmetric encryptionAsymmetric encryption, that is, the original text encryption and the cipher text encryption use two different keys, one is called the public key, and the other is called the private key. The content encrypted with the public key can be decrypted by the private key. Likewise, content encrypted with the private key can be decrypted with the public key. The public key and the private key are relative terms. Generally speaking, the private key that is kept on one's own side and not disclosed to the outside world is called the private key, and the public key that can be released is called the public key.Asymmetric encryption uses different keys to encrypt and decrypt plaintext. However, we mentioned above that when using encryption, the difficulty lies in the key agreement process, so how does HTTPS handle this key agreement process.Here, we need to introduce a new term: digital certificate.digital certificateThe so-called digital certificate is a network communication certificate similar to an ID card to prove that the identity information of the requested object has not been tampered with and is true and valid. When we request a website, we first request the digital certificate of the website. Then check the authenticity and validity of the certificate to perform identity verification step by step. The specific process will be illustrated later.The so-called certificate is a thing like an ID card filed and applied by the server from the notary office of the website, which contains the start time, end time, certificate holder, signature, and the most critical public key information of the holder, etc. Normally, we will configure an SSL certificate for the server. An SSL certificate is a type of digital certificate issued by a trusted digital certificate authority (CA for short) and has the functions of server authentication and data transmission encryption.последовательный конвертер rs232 в wifi Just like when we visit the Ebyte website, how do we know whether the Ebyte website we visit is a fake one, so we usually first obtain the certificate information of the other party’s website when visiting, and then compare it with the local browser-loaded Certificates are compared to see if they are secure.In HTTPS communication, when the client requests the server, first obtain the certificate of the server, and then compare and verify the certificate locally (usually there are many certificates built into the browser, as shown in the figure above); when the verification passes, it means that it is a secure certificate, otherwise the status bar of the browser will prompt "not safe".
