I am happy to answer this question.
What is HTTPS used for? What is the difference with HTTP?
I have been doing security development recently, so I will answer it.
HTTPS is an HTTP protocol that uses security technology.
The full name of HTTP is HyperText Transfer Protocol (HyperTextTransferProtocol). HTTPS is an HTTP channel (HyperTextTransferProtocolOverSecureSocketLayer) targeting security. The difference between them is that one network transmission is unsecured and the other network transmission is secure.
Why use HTTPS?
Ordinary HTTP protocol uses clear text transmission, and the transmitted messages are easily leaked and tampered with, and the reliability and integrity of the messages cannot be verified. For example, the data transmitted to the server carries your bank account and password. If you use plain text, the account and plain text can be easily stolen by others as long as a third party intercepts the data packets during transmission. Or maybe the server sends you a command back, which is intercepted and tampered with as its own content. When your client receives it, it will execute it according to the tampered content, which is very unsafe. Then the server sends a message to the client. Due to network reasons, half of the data is lost. How does the client know this?
How HTTPS achieves secure transmission of data.
First briefly introduce a few concepts. Key
The key is the input parameter in the algorithm that converts plaintext into ciphertext or ciphertext into plaintext. It is divided into two parts, public key and private key. The public key can be derived from the private key, but not vice versa. It can be simply understood as the relationship between a key and a lock. That is, if you have a key, you can make a lock, but if you have a lock, it is difficult to make a key. Certificate
The certificate is the carrier of the public key. In addition to the public key, it also contains the certificate validity period, issuer information and other contents. Abstract
An abstract is literally what it means, a brief abstraction of a piece of content. Encryption and Decryption
Encryption is to use the public key to convert a piece of content into another unrecognizable content. Decryption is to use the private key to restore the encrypted content to the original content. Signature verification
Signature can be understood as another form of encryption. It uses the private key to convert the original content into unrecognizable content. The signature verification takes the original content and the signature content and uses the public key. Verify that they are consistent.
Let’s talk about the security process below. After generating a digest for the message, the digest is signed so that the client can verify the reliability and integrity of the message source.
Before sending the message to the client, the server will first generate a digest for the message, then use its own private key to sign the digest, and finally attach the signature and the certificate corresponding to the private key to the end of the message and send it. to the client. After receiving the message, the client first verifies the validity of the certificate. If the certificate is invalid, it passes directly to ensure the reliability of the message. Then make a digest of the message, and then use the public key in the certificate combined with the digest to verify whether the signature is valid. In this way, even if the message is tampered with or destroyed, because the generated digest is different, the signature will be different, which can ensure the integrity of the message and future been tampered with. By encrypting the message, the content of the message is prevented from being interpreted by others.
Before transmitting a message, the server and the client will exchange the keys of both parties. Then during the transmission process, one party will use the key to encrypt the message, and the other party will use the key to decrypt the message. Even if a third party intercepts the data packet, it will not be able to interpret the message because it does not have the key, preventing the specific content from being leaked.
In short, although the processing logic of HTTPS is much more complex than the HTTP protocol, it has become the most commonly used network transmission protocol today when Internet security is becoming increasingly important.