Current location - Quotes Website - Personality signature - What is HTTPS used for? What is the difference with HTTP?
What is HTTPS used for? What is the difference with HTTP?

I am happy to answer this question.

What is HTTPS used for? What is the difference with HTTP?

I have been doing security development recently, so I will answer it.

HTTPS is an HTTP protocol that uses security technology.

The full name of HTTP is HyperText Transfer Protocol (HyperTextTransferProtocol). HTTPS is an HTTP channel (HyperTextTransferProtocolOverSecureSocketLayer) targeting security. The difference between them is that one network transmission is unsecured and the other network transmission is secure.

Why use HTTPS?

Ordinary HTTP protocol uses clear text transmission, and the transmitted messages are easily leaked and tampered with, and the reliability and integrity of the messages cannot be verified. For example, the data transmitted to the server carries your bank account and password. If you use plain text, the account and plain text can be easily stolen by others as long as a third party intercepts the data packets during transmission. Or maybe the server sends you a command back, which is intercepted and tampered with as its own content. When your client receives it, it will execute it according to the tampered content, which is very unsafe. Then the server sends a message to the client. Due to network reasons, half of the data is lost. How does the client know this?

How HTTPS achieves secure transmission of data.

First briefly introduce a few concepts. Key

The key is the input parameter in the algorithm that converts plaintext into ciphertext or ciphertext into plaintext. It is divided into two parts, public key and private key. The public key can be derived from the private key, but not vice versa. It can be simply understood as the relationship between a key and a lock. That is, if you have a key, you can make a lock, but if you have a lock, it is difficult to make a key. Certificate

The certificate is the carrier of the public key. In addition to the public key, it also contains the certificate validity period, issuer information and other contents. Abstract

An abstract is literally what it means, a brief abstraction of a piece of content. Encryption and Decryption

Encryption is to use the public key to convert a piece of content into another unrecognizable content. Decryption is to use the private key to restore the encrypted content to the original content. Signature verification

Signature can be understood as another form of encryption. It uses the private key to convert the original content into unrecognizable content. The signature verification takes the original content and the signature content and uses the public key. Verify that they are consistent.

Let’s talk about the security process below. After generating a digest for the message, the digest is signed so that the client can verify the reliability and integrity of the message source.

Before sending the message to the client, the server will first generate a digest for the message, then use its own private key to sign the digest, and finally attach the signature and the certificate corresponding to the private key to the end of the message and send it. to the client. After receiving the message, the client first verifies the validity of the certificate. If the certificate is invalid, it passes directly to ensure the reliability of the message. Then make a digest of the message, and then use the public key in the certificate combined with the digest to verify whether the signature is valid. In this way, even if the message is tampered with or destroyed, because the generated digest is different, the signature will be different, which can ensure the integrity of the message and future been tampered with. By encrypting the message, the content of the message is prevented from being interpreted by others.

Before transmitting a message, the server and the client will exchange the keys of both parties. Then during the transmission process, one party will use the key to encrypt the message, and the other party will use the key to decrypt the message. Even if a third party intercepts the data packet, it will not be able to interpret the message because it does not have the key, preventing the specific content from being leaked.

In short, although the processing logic of HTTPS is much more complex than the HTTP protocol, it has become the most commonly used network transmission protocol today when Internet security is becoming increasingly important.

Related articles
  • Wechat signature short sentence Wechat signature daquan girls are cute.
  • What do you mean, everything is empty, and cause and effect are not empty?
  • The essence of parting phrases has been seen through the collection.
  • Signature synthesis
  • Why did Duan Jiabao, an angry girl, become the biggest dark horse in Twenty Don't Confuse?
  • The super cool signature of those born in the 90s
  • Be deeply affectionate but never lose yourself. Who are the zodiac signs who will join hands with true love in 2022 and have a sweet life?
  • How to delete the qq personalized signature record on the computer?
  • My name is Liu Wen. Please give me a nickname or an artistic name. Thank you.
  • A complete list of gay friends in the game

    • copyright 2024 Quotes Website All rights reserved