Original published in ：
We use it every day https, today , Let's talk about how it works .
We know ,http be based on TCP agreement , Plaintext transmission , unsafe .https It's encrypted transmission , Security .
Direct use RSA encryption , You can't . One is because RSA slow ; The second is because RSA The public key of is public , Bad guys may decrypt the encrypted information of the private key .
Consider using AES Symmetric encryption , Faster , And suitable for content encryption ：
But the problem is ：C and S How can both sides have the same secret key randomStr Well ？ It can be considered by C End generation randomStr, And send it to S End ：
It seems to have solved the problem , But if you send randomStr Was intercepted by the bad guys , Bad guys can decrypt C and S The content of the communication . therefore , The above methods need to be improved , such as C End use public key pubKey Yes randomStr To encrypt , This is the only way S The private key of the priKey To decrypt , The middleman has no choice ：
How to make C Public key at the end pubKey, and S There is a private key at the end priKey Well ？ You can consider S End generation , And pass it to C End , The logic is as follows ：
This scheme is feasible ,S Give to C The end returns the public key pubKey when , Not afraid to disclose public key . However , Bad people can still do evil from it . Bad guys can generate new public and private keys by themselves , cheating C and S. So ,C I thought I was following S signal communication , S I thought I was following C signal communication , Actually , The content of their correspondence , It's been hijacked by bad guys , The logic is as follows ：
The problem here is ：C Make sure that the received public key is indeed S The public key , Not someone else's public key , It's a problem .
Online buyers want sellers to ship first , The seller wants the buyer to pay first , No one trusts each other , Unable to trade . The solution to the trust problem still depends on a third party , For example, Taobao. .
Empathy , stay https Scene ,S You have to find a way to prove that you are yourself , You can find a third party CA Organizations do Certification , such C To make sure that the public key you get is S The public key , The logic diagram is as follows ：
In this way ,C The client can verify the acquired pubKey It does come from S End , Not the bad guys in the middle H. S Every year to CA The certification authority pays the certification fee , Renewal after expiration , otherwise , service S Not working properly , browser C Also can't visit the website .
http unsafe , Need to use https, Anything that doesn't use https All websites are rogue websites .https The essence of encrypted transmission , It needs to solve a series of key management problems .
https It's simple , The key is to understand the thinking behind it , These ideas can guide us to design more secure systems . in addition ,https It is also a common test point for written and interview .